In this article for the knowledge sharing purpose, I will share thoughts about how hackers arguably launch successful attacks on world class companies and they end up paying millions in ransomware.
Let get us familiar with some terms used in this article,
What is DDoS attack?
a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network
What is PKI?
PKI is a private key, which is the part of the certificate that the principal using for keeping PKI private. Anyone in possession of a private key can impersonate its intended user, losing a private key is functionally equivalent to losing a password. A private key is harder to replace than a lost password, however, so losing a private key is harder to recover from, the private key plus the certificate are valid until the certificate expires. The certificate typically remains valid for one to three years. So until the certificate expires, the certificate will always be valid, and anyone in possession of the private key can impersonate its intended user for the lifetime of the certificate’s validity period.
How hackers launch DDoS attack ?
- To perform a DDOS attack, attackers use a zombie network(getting remote access of number of system by sending trojan to the respective system through mail)
- Whenever he wants to perform DDOS, he can use all the computers of ZOMBIE network to perform the attack.
How do hackers create the Zombie network?
To create a Zombie network, which is an army of servers which launch the attack from the compromised computers,
there are many script available in the dark web , which hacks use to create massive zombie network to launch DDoS attack,
Saphyra.py is one of the sophisticated tool which hackers arguably use to launch DDoS attack on the network.
What else hacker need for a successful PKI+DDoS ransomware attack?
To deploy a successful attack, hackers need the certificates to connect with servers, and that can be done easily by running some script on the device/computer, which is connected with server using virtual private network (VPN) or PKI certificates.
- run a script/virus to find / steal the certificates from virtual private network (VPN) client or application deployed on the compromised device
- Use the stolen PKI certificate and deploy on Zombie network servers to establish a “secure connection”.
- Push file encryption script via “secure connection”, which scan files on the server and double encrypt them.
Now hackers know the server address, which they are targeting to disrupt the critical network, convert the data to binaries, and only provide keys/script to revert once ransom money is paid.
This is incredibly scary to see that companies running industrial networks completely relying on static PKI Certificate, VPN connectivity, and hoping that somehow hacker won’t be able to access the network and disrupt the operation.
During the holidays season, cyber teams need to be vigilant about the system protection and use advance techniques to fight against the advance cyber attacks.
