Hacking: As Easy As 1…2…3…
It’s not hard to hack a computer, especially when security is not a priority for so many businesses out there. Look at any computer/network security focused website and pretty much every day you come across evidence of some hack being reported, most of the time well after the attackers have either stolen gigabytes of data, or in a lot of cases, encrypted it all and asked for a ransom. How does all of this happen with seemingly nothing done to deter criminals from continuing this lucrative business? Well, by being countries that have weak cybersecurity laws, for one. Another, criminals don’t have to be smart, they just have to be opportunistic… enter: Malware-as-a-Service (MaaS).
MaaS brings the masses together and provides a one-stop-shop for all things hacking: exploits, tools, loot, you name it. They don’t just offer up their services, they offer up a chance to buy stolen data after the fact. This treasure trove of all things cyber criminal has become an extremely lucrative business–in fact, it is the exact same business model DarkSide used when facilitating the attack against Colonial Pipeline. Funny thing is, DarkSide’s “customers” are now taking DarkSide to a dark-net court of sorts, demanding they get paid for their share of the $4.4 million dollar ransom, (Bracken, 2021). Looks like someone went and gave DarkSide a taste of their own medicine. So how easy is it to write an exploit? Well, just go to this link (https://www.exploit-db.com/exploits/49908) and you’ll see. What we have here is a fairly simple Python script that writes a file of your choosing to the webpage of a File Transfer Protocol (FTP) server, after which you can browse to it and viola, you have a webshell. What’s a webshell, you ask? It’s a simple program that allows illicit access to a web-server, and can perform various tasks such as stealing credentials, stealing data, provide a remote access capability, the sky is the limit really. This is just ONE exploit. MaaS providers have an entire arsenal to throw at companies and are constantly improving their skillset and toolset in order to stay ahead of the curve.
The point here is really this… organizations and network defenders have to get it right 100% of the time while hackers only need to get it right once. One opening in a company’s security framework and an attacker can gain a foothold, and from there potentially pivot deeper into the network where the good loot is, the loot that companies apparently shell out millions of dollars to not just decrypt and/or get back. So, if you are a cybersecurity practitioner, I challenge you to hone your skills and stay ahead of the curve, learn from the hacker mindset and use that ethos to develop your knowledge and skillset.
Bracken, B. (2021) https://threatpost.com/darkside-hackers-court-paying-affiliates/166393/