Cyber Pandemic

RedFox

RedFox

The Living Force
FOTCM Member
Thought it might be worth getting ahead of this one. Given the 'covid pandemic' followed the World Economic Forums simulated "Event 201" The Event 201 scenario | A pandemic tabletop exercise - we have other table top simulations to look forward too.
The Cyber Polygon was first held in 2020, and the next event will be July 9th 2021.

www.weforum.org

Cyber Polygon

These days, as the digitalisation is gathering pace, ecosystems are more widespread than ever. The interconnectedness between industries and countries is growing, while companies are taking the expansion of their supply chains to a global scale. In this context, the vulnerability of one...
www.weforum.org www.weforum.org
Digitalisation is accelerating everywhere. New digital ecosystems are forming all around us, creating unnoticed linkages across services and supply chains.

As the world grows more interconnected, the speed of development makes it difficult to assess the impact of change.

A secure approach to digital development today will determine the shape of our future for decades to come. Having the right skills in place is key to protecting organisations from attack now.

What is Cyber Polygon?

Cyber Polygon is a unique cybersecurity event that combines the world's largest technical training exercise for corporate teams and an online conference featuring senior officials from international organisations and leading corporations.

The 2021 conference discusses the key risks of digitalisation and best practice for the secure development of digital ecosystems.

The 2021 technical exercise builds and tests the skills needed to protect our industries, centring on a targeted supply-chain attack.

Every year, the training brings together a global businesses and government agencies to collaborate on technical exercises. The live stream draws in millions of spectators from across the world.

2020 results

120 teams from 29 countries took part in the technical cybersecurity training in 2020. The live stream viewership reached 5 million from 57 nations.

A comprehensive report with detailed results of Cyber Polygon 2020 is available here.

Cyber Polygon in 2021

This year discussions during the live-streamed conference will centre on secure development of ecosystems. With global digitalisation further accelerating and people, companies, and countries becoming ever more interconnected, security of every single element of a supply-chain is key to ensuring the sustainability of the whole system.

During the technical exercise, participants will hone their practical skills in mitigating a targeted supply chain attack on a corporate ecosystem in real time.

The event will be held online on July 9th. Applications from organisations wishing to join the training are open. See further details on the official website.
Click to expand...


Averting a cyber pandemic: how businesses are building a global response to cybersecurity risks

Published
28 Jan 2021

The impact.​


The World Economic Forum’s Centre for Cybersecurity has created a community of security and technology leaders to identify future global risks from next-generation technology in order to avert a cyber pandemic.
What policies, practices and partnerships are needed to prevent such a cyber pandemic? This question was raised in sessions on Thursday 28 and Friday 29 January at the Davos Agenda 2021, featuring commentary from Check Point Software Technologies, Cloudflare, Fortinet, INTERPOL, Cyber Security Agency of Singapore and AustCyber.
The Forum has created Future Series: Cybercrime 2025, a joint program of work with the University of Oxford - Oxford Martin School, enabling organizations to share and develop research, insights and responses to future risks as a community.
The initiative convenes over 150 global experts from the world’s leading companies, research institutions and public-policy departments. Major collaborators include Palo Alto Networks, Mastercard and KPMG, and support from such institutions as Europol, ENISA and NIST.
The first findings and recommendations of the community’s work were recently published in the Cybersecurity emerging technology and systemic risk report.

"There must now be a different approach to cybersecurity. Our current approach is unsustainable."

Ken Xie, Founder, Chairman of the Board and Chief Executive Officer, Fortinet
Click to expand...

What's the challenge?​


The critical technology transformations on which future prosperity relies – ubiquitous connectivity, artificial intelligence, quantum computing and next-generation approaches to identity and access management – will not just be incremental challenges for the security community.
Unless action is taken now, by 2025 next-generation technology, on which the world will increasingly rely, has the potential to overwhelm the defences of the global security community.
Next-generation technologies have the potential to generate new risks for the world, and at this stage, their full impact is not well understood. There is an urgent need for collective action, policy intervention and improved accountability for government and business.
Without these interventions, it will be difficult to maintain integrity and trust in the emerging technology on which future global growth depends.


What would be the global impact of a digital virus compared to a biological one?


Our approach.​


The Future Series: Cybercrime 2025 initiative was launched by the World Economic Forum to identify what approaches are required to manage cyber risks in the face of the major technology trends taking place in the near future:
Skills gap.
There is already a global capacity shortage in cybersecurity (specialists and throughout the wider workforce) and as new technologies emerge, the skills gap in delivering cybersecurity will widen. [*note - The Great Reset mentions most people will need to retrain for IT jobs *]
Fragmented approaches.
Emerging technologies are driving an increasing interdependence and entanglement between policy and technology at a time when the global governance of cyberspace is weak.
New approaches.
Existing operational-security capabilities and technologies will not be fit for purpose, so mitigating threats and responding to incidents individually and collaboratively will require new approaches.
Underinvestment.
Security is not being considered as an integral component of technology innovations and as such, proper investment is not being made into support (knowledge, guidance, research investment) and incentives (market forces, regulation) for developing emerging technologies securely.
Ambiguous accountability.
Shared dependence widens the pool of actors affected by the resilience of a part of the ecosystem, built can also create ambiguity in the accountability for ensuring this resilience.
The World Economic Forum’s Centre for Cybersecurity is calling on the global community to implement the recommendations made in its Future Series report.

“Security must be more proactive and future-proof if we are to out-innovate the attackers.”

Nikesh Arora, Chief Executive Officer and Chairman, Palo Alto Networks, USA
Click to expand...

How can you get involved?​


A new approach to cybersecurity is needed. The security and technology community, industry and government leadership and the international community must intervene to ensure that security issues are addressed in such a way that the benefits of emerging technology are inclusive.
Companies can join the Forum's efforts to tackle the range of complex industry-wide challenges. Find out more via the links below.
Click to expand...

So what we can probably glean from this is:
1) A whole bunch of scary cyber attacks. Supply chain disruptions (great for covering the actual supply chain disruptions caused by lockdowns). Probably a whole bunch of power/water/monetary (can't buy food or fuel) outages. A good chance that lots of smaller businesses get 'picked off' and taken out - as well as 'problematic websites'.
2) More jobs will be offered in IT/security, as this was mentioned as part of the Great Reset plan.
3) Digital ID's/passports will likely be proposed as 'the solution'.
4) Given the food shortages and lack of jobs/money - this ID will probably grant you food (vegan, with a calorie limit) and 'universal basic income'. Assuming you are a 'good vaccinated citizen who doesn't make trouble'.
5) As always it'll be linked to getting rid of meat production and 'being green'.

I've seen a lot of articles over the last few years that line up with preparing the population to accept these narratives (might be worth collecting some here?). Here's just one of the latest:

www.news.com.au

JBS meatworks cyber attack shuts down Australia, US and Canada facilities

Major cyber attacks have led to Australia’s largest meatworks company JBS Foods shutting down, as well as their facilities in the United States and Canada, the Queensland meat industry union confirmed.
www.news.com.au www.news.com.au

JBS meatworks cyber attack shuts down Australia, US and Canada facilities​

Australia’s biggest meatworks company has been hit by a shock attack – and insiders say it could end up driving up prices for shoppers.

May 31, 20215:31pm

Major cyber attacks have led to Australia’s largest meatworks company JBS Foods shutting down, as well as their facilities in the United States and Canada, the Queensland meat industry union confirmed.

Their information systems were targeted, with the company’s chief executive Brent Eastwood confirming the news to Beef Central.
JBS meat packing has been shut down over cyber attacks. Picture: Getty Images

JBS meat packing has been shut down over cyber attacks. Picture: Getty ImagesSource:Getty Images

The cyber attack means that thousands of people would go without pay, the Australian Meat Industry Employees’ Union Queensland Secretary Matt Journeaux said.
“The meat in the sandwich is that this is a concerted effort against Australian business and the workers will suffer as a result of that,” Mr Journeaux told ABC Radio Brisbane.
“There’s six sites in Queensland that will be affected … and around the nation there would be significantly more.
“In most processing facilities the workers are on daily hire arrangements and unfortunately if they don’t work, they don’t get paid.”
Across Australia the company has 47 sites, operating the largest network of production facilities and feedlots in the country.
The attack may lead to meat shortages. Picture: Getty Images

The attack may lead to meat shortages. Picture: Getty ImagesSource:Getty Images

The government has since been made aware of the attack, says Federal Agriculture Minister David Littleproud. He confirmed they were working to get JBS meatworks back online nationally.
However, Mr Journeaux explained of a dire possible ramification which could come from this attack if it isn’t resolved soon.
“If this situation isn’t rectified within weeks it would definitely have flow on effects,” he said.
“There could be a protein deficiency globally because of this.”
He went on to explain that every step of processing was down.
“Cattle get entered into systems to be processed,” he said.
“When those cuts are in a box computers print tickets with barcodes for those cuts, and I think all of those systems have been affected by this.”
Click to expand...
 
Tying in some other threads. Articles like the ones below on their own are nothing new - these things happen all the time.

However the article below did catch my eye this year. My thinking is that perhaps we don't need an EMP to wipe out all technology, but instead the cyber pandemic will kill off a bunch of PC's/MAC's/phones etc in one go. Can't have the plebs having access to the old tech that was free.

The short version for anyone who isn't interested - your harddrives contents can be destroyed by simply opening a folder and seeing an icon in that folder.
www.bleepingcomputer.com

Windows 10 bug corrupts your hard drive on seeing this file's icon

An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.
www.bleepingcomputer.com www.bleepingcomputer.com

Windows 10 bug corrupts your hard drive on seeing this file's icon

January 14, 2021

An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.


In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive errors that corrupt the filesystem index instantly.


"Critically underestimated" NTFS vulnerability​


In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10 that has not been fixed.

When exploited, this vulnerability can be triggered by a single-line command to instantly corrupt an NTFS-formatted hard drive, with Windows prompting the user to restart their computer to repair the corrupted disk records.


The researcher told BleepingComputer that the flaw became exploitable starting around Windows 10 build 1803, the Windows 10 April 2018 Update, and continues to work in the latest version.


What's worse is, the vulnerability can be triggered by standard and low privileged user accounts on Windows 10 systems.


JonathanLyk NTFS vulnerability
Jonas' tweet about a "critically underestimated" vulnerability
Source: Twitter

A drive can become corrupted by merely trying to access the $i30 NTFS attribute on a folder in a certain way.


*WARNING* Executing the below command on a live system will corrupt the drive and possibly make it inaccessible. ONLY test this command in a virtual machine that you can restore to an earlier snapshot if the drive becomes corrupted. *WARNING*


An example command that corrupts a drive is shown below.


Command. Use at your risk.



The Windows NTFS Index Attribute, or '$i30' string, is an NTFS attribute associated with directories that contains a list of a directory's files and subfolders. In some cases, the NTFS Index can also include deleted files and folders, which comes in handy when conducting an incident response or forensics.


It is unclear why accessing this attribute corrupts the drive, and Jonas told BleepingComputer that a Registry key that would help diagnose the issue doesn't work.


'I have no idea why it corrupts stuff and it would be a lot of work to find out because the reg key that should BSOD on corruption does not work. So, I'll leave it to the people with the source code,' Jonas told BleepingComputer.


After running the command in the Windows 10 command prompt and hitting Enter, the user will see an error message stating, "The file or directory is corrupted and unreadable."


Windows 10 will immediately begin displaying notifications prompting the user to restart their PC and repair the corrupted disk volume. On reboot, the Windows check disk utility runs and starts repairing the hard drive, as demonstrated in the video below.




After the drives become corrupted, Windows 10 will generate errors in the Event Log stating that the Master File Table (MFT) for the particular drive contains a corrupted record.


Event Viewer log showing NTFS corruption from command
Event Viewer log showing NTFS corruption from command
Source: BleepingComputer

BleepingComputer's tests also show that you can use this command on any drive, not only the C: drive and that drive will subsequently become corrupted.


More sophisticated ways to exploit the zero-day​


In tests conducted by BleepingComputer, threat actors can use the command maliciously in various PoC exploits.


One striking finding shared by Jonas with us was that a crafted Windows shortcut file (.url) that had its icon location set to C:\:$i30:$bitmap would trigger the vulnerability even if the user never opened the file!


As observed by BleepingComputer, as soon as this shortcut file is downloaded on a Windows 10 PC, and the user views the folder it is present in, Windows Explorer will attempt to display the file's icon.


To do this, Windows Explorer would attempt to access the crafted icon path inside the file in the background, thereby corrupting the NTFS hard drive in the process.


Next, "restart to repair hard drive" notifications start popping up on the Windows PC—all this without the user even having opened or double-clicked on the shortcut file.


Delivering payload via ZIP archives, HTML files, and various means​


Creative attackers can also deliver this payload in a variety of ways to the victim.


While the same-origin policy on most browsers would limit such attacks being served from a remote server (e.g., a remote HTML document referencing file:///C:/:$i30:$bitmap), creative means exist to work around such restrictions.


The researcher briefly stated that other vectors could be used to trigger this exploit remotely, such as via crafted HTML pages that embed resources from network shares or shared drives that have references to the offending $i30 path.


In some cases, according to the researcher, it is possible to corrupt the NTFS Master File Table (MFT).


During our research, BleepingComputer came across a caveat.


In some tests, after the Windows 10 chkdsk utility had "repaired" the hard drive errors on reboot, the contents of the exploit file, in this case, the crafted Windows shortcut with its icon set to C:\:$i30:$bitmap would be cleared and replaced with empty bytes.


This means the crafted Windows shortcut file was enough to pull a one-off attack if this happens.


Besides, a victim is not likely to download a Windows shortcut (.url) file from the internet.


To make the attack more realistic and persistent, attackers could trick users into downloading a ZIP archive to deliver the crafted file.


An attacker can, for example, sneak in their malicious Windows shortcut file with a large number of legitimate files inside a ZIP archive.


Not only is a user more likely to download a ZIP file, but the ZIP file is likely to trigger the exploit every single time it is extracted.


Triggering the NTFS corruption via a ZIP archive
Triggering the NTFS corruption via a ZIP archive
Source: BleepingComputer

This is because the compressed (and possibly encrypted) contents of the ZIP file, including the Windows shortcut, would not trigger the exploit unless extracted.


And even when extracted, the hard drive repairing process would empty the extracted Windows shortcut file without touching the compressed copy present inside the ZIP archive until the user attempts to re-extract the ZIP.


According to sources in the infosec community, serious vulnerabilities like these have been known for years and reported to Microsoft earlier but remain unpatched.


BleepingComputer reached out to Microsoft to learn if they knew of the bug already and if they would fix the bug.


“Microsoft has a customer commitment to investigate reported security issues and we will provide updates for impacted devices as soon as possible,” a Microsoft spokesperson told BleepingComputer.


Update 15-Jan-2021: This NTFS issue impacts older Windows XP versions as well according to new information. One user has stated that the offending "$i30" path is actually a valid path that is accessed behind the scenes any way when a user accesses C:\ directory, but that accessing it directly in the manner described above might be causing unprecedented issues.
Click to expand...

www.welivesecurity.com

Apple rushes to patch zero-day flaw in iOS, iPadOS

Apple has released an emergency update for its iOS, iPadOS, and watchOS operating systems to patch a zero-day vulnerability that is being exploited in the wild.
www.welivesecurity.com
www.scmagazine.com

Malware used zero-day exploit to take screenshots of victims’ Macs

The TCC bypass exploit could have allowed attackers to create ransomware that encrypts protected system files and folders without user knowledge.
www.scmagazine.com www.scmagazine.com
www.infosecurity-magazine.com

Microsoft Fixes Exchange Server Zero-Day in May Patch Tuesday

Microsoft Fixes Exchange Server Zero-Day in May Patch Tuesday. Bug was first disclosed in Pwn2Own competition last month
www.infosecurity-magazine.com www.infosecurity-magazine.com
 
I think most of these bugs are simply the result of human disintegration. We can't expect software and hardware created and maintained by often borderline-psychotic, super-stressed, slowly disintegrating humans to keep running well.

Sometimes I wonder if this "cyberpandemic" thing isn't so much a planned event, but maybe more like a cover... Sort of like saying, "No, that wasn't a meteorite impact. It was Russia bombing us!"

There is even more chaos injected into the system because on the one hand, we're supposed to lockdown and watch Netflix and play video games and surf for porn, but on the other 'they' want to shut down and control everything. The left tentacle and the right tentacle can't agree on anything. Ya know, like:

1. Buy everything on Amazon!
2. Small businesses close.
3. Giant Cyberpandemic - "Um, where do I buy stuff now?!"
4. Chaos ensues

And then you can toss weather into the mix... Too cold or too hot, and power grids/pipelines/whatever collapse.

I think there are 'things' being planned, but what comes to pass and how and where and why are completely up in the air. It's gonna be a wild ride for at least the next year or two, I reckon...
 
In the last few years, companies have been aggressively migrating their infrastructure to the 'cloud.'
A 'healthy' choice between a select few providers (AWS, GCP and Azure), along with cult-like
software programming practices (Agile, Scrum, etc), proves to be the last piece of the puzzle.

But the psyop continues...

In the advent of a catastrophe, there are NO backup plans outside of the 'cloud.'
'Cloud providers have 99.999% uptime. Why should we be worried?' they say.

And they get cookies for saying that, lots of cookies...

'We'll get all the data centralized in one place.'
'We'll release software by the minute.'
'We'll be faster than our competitors.'

The programming is complete.
 
Scottie said:
Sometimes I wonder if this "cyberpandemic" thing isn't so much a planned event, but maybe more like a cover... Sort of like saying, "No, that wasn't a meteorite impact. It was Russia bombing us!"
Click to expand...

I was thinking the way to look at this in terms of events, I considered three types:

1. DDoS attacks.
2. Service providers outages.
3. Major Big Tech/Cloud services outages.

Though all three could be related to each other, point number three has seen an increase recently, at least so far is confirmed. And all of them have also the consequence of people fearing for loss the internet access (and all that that entails for communication, jobs, financial system) due to cyber criminals or state-sponsored attacks (Russia did it!).

So, I wonder how much of this activity is sponsored and how much is disintegration by people and how much is communications disruption by external cosmic factors, could it be all?
 
Natus Videre said:
In the last few years, companies have been aggressively migrating their infrastructure to the 'cloud.'
A 'healthy' choice between a select few providers (AWS, GCP and Azure), along with cult-like
software programming practices (Agile, Scrum, etc), proves to be the last piece of the puzzle.
Click to expand...
Funny, I thought about that on today's "sprint planning" meeting. Scrum wasn't meant to be like that from what I remember, but the toxic office culture created exactly that: a cult.

Scottie said:
I think most of these bugs are simply the result of human disintegration. We can't expect software and hardware created and maintained by often borderline-psychotic, super-stressed, slowly disintegrating humans to keep running well.
Click to expand...
Being a software engineer for the last decade, I can only think about just one company that I've worked for, that was truly innovative and wanted to create the best product, and actually cared for their customers. Especially in corporations, technical level of the employees were disastrous from what I remember. On the other hand, startup founders that I've known were drug abusing sociopaths, creating the most toxic woke-places known to man. Only one of the companies had an security expert, that was available to discuss software designs with the engineers. I can go on and on with anecdotes, but I just wanted to confirm what Scottie wrote. Modern software is extremely complicated and ridden with bugs.

There was a funny case regarding one of the banks here in Poland that demonstrates the quality of the modern software development.

Natus Videre said:
In the last few years, companies have been aggressively migrating their infrastructure to the 'cloud.'
Click to expand...
Not only companies, from what I've seen, some services provided by Polish government are hosted on Azure Cloud. I always thought that they are hosting these on their own infrastructure, within the borders...
 
I wonder if others of you are pondering this too, and following news (hopefully good information) on actually where/whom these attacks originate. I feel sure the recent JBS attack is another excuse for the West to scapegoat Russia, but there is so much complexity in trying to unwind these things as they are designed to deflect blame. Once in awhile, I get security related email and have realized that even advanced analysts will sometimes accept an attack origin story seemingly based on IP location info. Can’t those be spoofed? Maybe I am missing something?

And just yesterday, the subject came up of purchasing antivirus software for replacement computers at my husband’s workplace. He was given the advice not to purchase Kaspersky, because it was thought that it could make their system hackable by Russian agents. But by that logic, US antivirus software vendors could be doing the same thing for their counterparts. So what is the best thing to do? Years ago I settled on Kaspersky after doing enough research to feel confident it was the best choice, and it seems to have worked well, no complaints. But perhaps things have changed?

Anyone have recommendations from more recent research between antivirus vendors? Do tell! Frankly, I sometimes reminisce about the days before the internet was used in the workplace, and computers were just using an internal network. The problems were certainly fewer back then, and much easier to troubleshoot. Sigh.
 
15-minute summary from someone who watched the whole 6-hour Cyber Polygon exercise (organized by the World Economic Forum).

Some interesting takeaways:

- Only 2.5% of the 200 teams in 40 countries were able to withstand the simulated supply chain attack
- The results of the exercise will only be published in November, even though anyone can see the results in the recording on cyberpolygon.com
- Before the supply chain exercise, the Cyber Polygon conference itself was hacked (denial of service attack) and they lost the English livestream for 5 minutes
- The main event was held in Moscow and there were only English and Russian official livestreams
 
First ever case of cyber disaster in Germany:

According to its own information, the district of Anhalt-Bitterfeld has declared a disaster situation after a hacker attack.
Under the leadership of the district administrator and his staff, cooperation is being coordinated with all the relevant authorities, and defensive measures are being combined, the Saxony-Anhalt district, which has a population of around 157,000, announced on its official website on Friday.

Criminals attacked the computer system on July 6, reports the Reuters news agency with reference to the district. As a result, the administration of Anhalt-Bitterfeld will have to largely stop its work for almost two weeks. A disaster situation has been declared in order to be able to react more quickly.

"We are virtually completely paralyzed - and will be for the next week," a spokesman said on Saturday, according to Reuters.

As a result, the district is no longer able to pay out social and maintenance benefits, for example. The security authorities are investigating.
Click to expand...
 
cindyj said:
Frankly, I sometimes reminisce about the days before the internet was used in the workplace, and computers were just using an internal network. The problems were certainly fewer back then, and much easier to troubleshoot.
Click to expand...
I agree and can sympathize with your thoughts. It did provoke another thought for me though, and I wonder if this predicament is actually something new....as opposed to one that has existed through all ages but evolves as technology progresses.

I would suggest it's not new, technology is different today compared to decades and centuries ago but the feeling is possibly the same or very similar to those before us throughout the ages who have had to contemplate and endure the problems associated with new technology - and the new concerns that are introduced (e.g., the wheel and transport, the advent of paper and writing, electricity and fossil fuels). But, if that's the case, is this perpetual - i.e. the feeling/awareness of new problems arising as a consequence of technological progression, surely it is something that will continue forever so long as technology continues to progress? I guess it's partially a thought experiment involving many variables: progress vs contentment vs malevolent vs benign vs subjective vs objective (vs more?).

If I had to guess, I would say the personal feeling/emotion is probably similar to the other individuals throughout history. But the difference is today, there is so much more information accessible to the individual that while the feeling might be the same individually to those in the past, collectively on a grander scale it's far more important due to the potential for (collective) awareness in terms of the multiplier of numbers of people involved and the total information that is available to be accessed.

[I hope that's not word salad, it makes sense in my head]
 
True enough, there are tradeoffs. For instance, how awesome is it, that we are all able to meet in this digital space to encourage each other and exchange news and views?! As a child, I always was curious and interested to hear about the lives of people in other countries, and many years later, here we all are! Maginficent. The other thing I appreciate is having access to music and information about music. Many times, I have had a song in my mind-- a past memory, but no idea of the title and/or musicians. It has been amazing to figure out what these songs are, and some, I’ve even since learned to play for personal enjoyment. I am also grateful to those who post online tutorials, sharing their experiences and research.

I was thinking the other day about the term “world wide web,” and how the internet connects us all. But, also, it can trap us, just as a spider’s web is designed to do. As systems become more complex, it will become ever more difficult to detect the many layers, much less manage them all. Recourse? One could simply continue placing their trust in others to administer and update systems to address security issues. Alternatively (or additionally) build some systems that never touch the internet at all. Will we someday crave disengagement from this connectivity after it is too late?
 
 
You must log in or register to reply here.
Back
Top Bottom