Hi, my name is bob. I'm here to talk to you about Adidas and a PTS. Ddos stands for distributed denial of service, distributed meaning comes from all sorts of different locations simultaneously. Originally dos denial service was a very simple thing to do, simply download a program something like L O I C. Or HOIC. A charging my lasers and that's what LOIC starts with. As you can see it's a simple program you hit the start button, starts flooding traffic to whichever source you wanted to. Thus in theory slowing it down. Now, the internet obviously has become such a massive pipe that it's almost impossible to bring down a website or some other source with one program from their home iP address. So groups of people got together and banded together and said okay at three o'clock we're going to flood this particular IP.using LOIC I see that was our first distributed denial of service attack. Why would they do this? Multiple reasons? A lot of hacktivists protesters there was that those were the earliest ones as we move forward. It's actually become money that that the people are interested in. There's actually places like stressors and boaters that claim that their legitimate business and they utilize zombies, zombies being computers that are infected throughout the entire world that they have control of through command and control channels. So if they get irritated they simply tell the zombies to attack a particular website and go for and bring it down to its knees, interestingly enough, you can actually see a lot of these attacks on the real world but simply doing a search on the internet for DDOS maps, here's an example of Adidas map as you can see the graphics, make it pretty simple. And if you look at the text near the bottom you'll actually see what kind of packets are hitting these different sites where the originating and what exactly is going on. If you're lucky enough you'll be watching this site when something big happens and it's really quite interesting to keep your eye on. I do have to mention however, that doing such things, bringing down sites is illegal and you can be charged or find a lot and possibly even go to jail as you'll see if you watch the movie. We are legion. They discuss that in quite some depth recently. We've got some examples of some really big DDOS attacks. There's a thing called Marie that came out recently. It's a script, a program that utilizes I O T S I O T s being internet of things. It's the new buzzword as you know, these I O T S. They had default passwords and default names simply logged in automatically. Marie scripted this process and Krebs on security. A well known security writer, his website was brought down even though he is fully protected from these Ddos attacks. The amount of flooding actually just stop this site completely. And even more interesting attack recently happened When somebody attacked dying DNS in October of 2016. So why would they attack dyn DNS dynamic DNS? Dying DNS is a way that people look up website. So if you type in a web site name, it resolves to an IP address. A lot of companies use dying DNS as that resolution peace and by flooding it with tons and tons of traffic. It brought down dying DNS If you were on the internet that day, you would know it because all the big sites were going down. Not because they were brought down, but because dying DNS was brought down, bring down dying DNS, it made it impossible for that resolution to occur. And nobody had any sites. It was big news, made the news quite a bit that day. I do have a heat map from that, as you can see, it hit the East Coast west Coast and really made things difficult for that day for a lot of people. That's a short description of distributed D. O. S. And I hope that you find that somewhat interesting. It's easy to find lots of information on it. Remember if you're going to download L O I C and H I C. Play safe because you can't get in trouble. Now let's talk about a PTS A for advanced P for persistent and T for threat. What makes this different than regular old threat? Well, think about it. A lot of threats and malware simply are sent out by random random emails hoping to get people to click on things. Of course the last couple years, everybody's heard ransomware and that's just a hit and miss. Good luck. Hopefully make some money kind of kind of deal. Whereas an advanced persistent threat goes after a particular target numerous ways they can do that. A lot of ways that just docks or look up as much possible information as they can on the company. They also look at the ceo of the company, find the names of family members, phone numbers, whatever use social engineering to actually find ways to get that person to disclose information about their network. They also target third parties that come in with computers that are well known. EVAc vendors just like Target had. And when they find that a special information for this particular target, they're actually looking for particular target that's randomly choosing one. Then once they get inside that network, they're looking for persistence Now they want to make money, but they don't, they don't like ransom where it's a one time shot and it's over. They want to get inside that network. They're interested in intellectual property, governmental information and who knows what else. A lot of these have cost companies a lot of money and even cause some to potentially even close a lot of smaller businesses, a lot of larger businesses that having struggles with even staying in control. Sony for example, lost so much data that it caused mass havoc including their emails. So the persistence piece comes in because once they do get in there, they want to have control. They want to slowly milk what they can out of this intellectual property out of this company, whether it be money or movies or simply emails, anything they can. A great example is the carbon act. It started in the Ukraine. They got this malware in by sending a simple CPL file. This control panel file, it's a semi excusable, is considered a portable executable to a banking person in the Ukraine that that infected their computer, reached out, downloaded the necessary execute doubles and called home. Once these criminals had this software inside their system, they were able to pivot that is go from computer to computer internally quietly because they're interested in persistence. They're not interested in the fast grab it and run and once they got in there and start pivoting around, they were actually able to control the A. T. M. Machines. They would then to hire these mules. These people they called mules. These mules would go over to an ATM machine in particular time of day and just stand there and wait until the persistent attack had control that ATM and said, hey spit out $1000 at three o'clock in the afternoon mule grab that money, bring it home, they would share it. This went on for years before anybody noticed because they were able to jog over the account. The other thing that they ended up doing and this is really interesting is they installed a rat on some of these systems inside the banks. The rat allowed them rat meaning remote access tool, allowed them to actually control the computer, take videos of the use of the, of the accounting software which the criminals are not familiar with. And by simply watching these videos and key logging, they were actually able to learn the accounting system that was being utilized in that bank. Once they learned how to use that accounting system, they will be able to, they were able to create all kinds of different fake accounts, transfer money, everything else persistence. That is the key with Apts went that on for a long time and as a matter of fact it's still going on to this day. They estimate it's about a billion dollars. But nobody really truly knows because it was such an advanced persistent attack. Carbon act is still in use today. It's running around the networks of many banks and financial institutions throughout the world. Well, I hope you found these two topics somewhat interesting. DDoS and A P. T. S. There's a lot more out there to learn about. But I I find it terribly interesting. If you're bored check out exploit kits until next time this is bob signing off.
