SlideShare a Scribd company logo

Top 10 Hacks of the Last Decade

Teleport
Teleport

Security breaches have become a normal part of our lives over the past decade, but each hack comes with its own complications and ramifications. In this webinar, Teleport Tech Writer Virag Mody will dive deep into the details of 10 notable hacks of the past decade, how they happened, and their effects on how we approach cybersecurity. This will include kickstarting new models, turning cybersecurity into a national-security issue, and forcing a conversation around data privacy. The presentation will include breaches from: Solarwinds Panama Papers Operation Aurora Equifax Capital One Cambridge Analytica Virag Mody

Software
1 of 21
Download to read offline
Top 10 Hacks of the Last Decade goteleport.com
Top 10 Hacks Operation Aurora (2010) Stuxnet (2010) Mt. Gox (2014) Panama Papers (2016) The DNC Hack (2016) Equifax (2017) WannaCry (2017) Cambridge Analytica (2018) Capital One (2019) SolarWinds (2020) 1. What happened? 2. How did it happen? 3. What happened afterwards?
Operation Aurora (2010) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What Happened? What happened? How did it occur? What happened afterwards? ● Google, Adobe, Juniper Networks, Dow Chemical, Morgan Stanley, and more ● IP Theft - Source code ● Sophisticated ● Internet Explorer zero-day ● Spear phishing ● JS program exploited IE zero day to download malware ● Malware opened backdoor for access and search internal networks ● BeyondCorp: A new Approach to Enterprise Security (2014) ● Implement Zero Trust at scale
Stuxnet (2010) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What Happened? What happened? How did it occur? What happened afterwards? ● Computer worm for industrial SCAD systems ● Precisely designed to target specific configurations ● Error in software update unintentionally unleashed the worm on the internet ● >50% Iran, indonesia, india, azerbaijan, etc. ● Air-gapped environment - Contractor’s USB ● Payload, .lnk file, rootkit, command and control network ● Exploited zero-days and shared secrets ● Slowly manipulated PLC for centrifuges ● First attack on industrial infrastructure ● Highly publicized (error) = weaponized cyberspace ● Kicked off another arms race
Mt. Gox (2014) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What Happened? What happened? How did it occur? What happened afterwards? ● Largest Bitcoin exchange in the world stopped all trades ● 850K $BTC stolen (largest theft to date) ● $450MM in 2014 but > $34B now ● Only 200K $BTC ever recovered ● Poorly managed codebase ● Stole credentials from an auditor ● Siphoned $BTC from hot wallet masked as normal txs ● Debate over centralized exchange - similar to enterprise trusting third-parties for private data ● Binance / Coinbase - Transparent ops + insured deposit ● Die hard fans = DEXs
Panama Papers (2016) © Gravitational, Inc. 2020 | goteleport.com What happened? ● Law firm - Mossack Fonseca ● Exposed high-ranking officials using offshore companies to hide income + taxes ● Largest leak in history - 2.6TB of data Countries implicated in Panama Papers
Panama Papers (2016) © Gravitational, Inc. 2020 | goteleport.com How did it occur? ● Outdated Drupal CMS version ● Outdated WP version - Revolution Slider ● Emails not encrypted TLS ● Web servers on same network as mail servers Portal ran outdated Drupal version
Panama Papers (2016) © Gravitational, Inc. 2020 | goteleport.com What happened afterwards? ● Reinforce basic principles - segment, encrypt, update software ● Warning - Companies store sensitive customer information ● Illegally obtained info can be evidence
DNC Hack (2016) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What happened? How did it occur? What happened afterwards? ● (1) DNC (2) Clinton Campaign (CC) ● 50K emails published on WikiLeaks ● CC - 2FA, wiped servers, phishing drills ● Fancy Bear targeted private accounts - 50K emails ● Admin credentials to DNC network ● X-Agent and X-Tunnel ● 300GB through buffer servers ● Election cyberwarfare ● Billions spent voter upgrading security infra ● DNC - specialized hardware, cloud, phishing drills
Equifax (2017) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What happened? How did it occur? What happened afterwards? ● One of the largest credit reporting agencies: Sensitive personal + financial info ● 143MM americans - 40% of population ● Address, SSN, driver ID ● Apache - Security notice to patch vuln in Struts ● Remote code injection via HTTP header ● Human error - Equifax did not upgrade ● Hackers scanned for vuln -> Equifax ● DB to DB, extracted data ● Did not renew 3rd party software = did not inspect traffic ● Not much fallout - Stock went down for a few months ● $1.4B in upgrades & $1.4B in claims (~$125/person) ● Legacy co’s slow to modernize - poor implementation / governance
WannaCry (2017) How? Aftermath What happened? ● Ransomware attack ● 100,000s of windows machines in 150+ countries ● Ransomed access in return for $BTC - Often not honored ● Mostly UK hospitals, railway networks, and private co’s © Gravitational, Inc. 2020 | goteleport.com Locations affected by WannaCry
WannaCry (2017) How? Aftermath How did it occur? ● Shadow brokers stole NSA tools ● NSA inform MSFT about exploit, but not enough time to patch ● EternalBlue - Arbitrary code execution delivered in network packet ● DoublePulsar payload = Backdoor to install WannaCry ● DNS killswitch © Gravitational, Inc. 2020 | goteleport.com Countries implicated in Panama Papers
WannaCry (2017) What happened afterwards? ● EB and DP used in NotPetya (2017) ● Critical of NSA ● PATCH Act - Balance vuln disclosure and national security © Gravitational, Inc. 2020 | goteleport.com It was NSA. I saw them do it. What??? Noooo. I wouldn’t spy on you … Remember Snowden? LOLOLOL Yeah. It was NSA. Vote to kick
Cambridge Analytica (2018) How? What happened? How did it occur? What happened afterwards? ● Whistle blown on data harvesting op ● 87MM American ● High-def psychographic profiles -> Targeted ads ● 300K users accepted terms of thisisyourdigitallife ● Abusive ToS harvested user and FB Friends data ● Public profile, pages liked, birthday, location ● Access to photos, timeline, and messages ● Not exactly a hack ● $5B fines + regulation ● CCPA (2018) - As California Goes, So Goes the Country ● Changed privacy policies, minimize API access, banning cookies © Gravitational, Inc. 2020 | goteleport.com
Capital One (2019) How? What happened? How did it occur? What happened afterwards? ● ex-Amazon employee ● Exploited misconfigured WAF ● 100K SSN & 1MM SIN ● Financial info = CC apps, bank account ● Hacker admitted guilt over GitHub and Slack ● Details not fully disclosed, but expected to be SSRF ● WAF sent HTTP request to Amazon metadata services ● AWS IAM credentials to S3 bucket ● Brought attention to SSRF ● Public clouds communicate through HTTP and assume a degree of trust ● More popular with APIs and SaaS © Gravitational, Inc. 2020 | goteleport.com
SolarWinds (2020) How? What happened? How did it occur? What happened afterwards? ● Most consequential hack of all time ● Supply chain attack through Orion software ● 18K customer exposed over months ● Nearly all F500 Co’s and govts ● Trusted component with backdoor to third party servers ● Digitally signed upstream by SolarWind ● SUNBURST - transfer and execute files, reboot, disable services, profile network, exfiltrate data ● Masked data extraction as network traffic part of protocol ● Will require months to understand full extent of damage and years to mitigate/clean ● Adds to growing concern of cyberwarfare © Gravitational, Inc. 2020 | goteleport.com
Best Practices © Gravitational, Inc. 2020 | goteleport.com Segmentation ● Networks designed for clustered resources ● API, SaaS, cloud, remote devices ● Interconnectivity means trust in networks deteriorates ● Better yet, don’t trust network at all
Best Practices How? © Gravitational, Inc. 2020 | goteleport.com Secrets ● Individualized, rotated, automated, stored, encrypted ● Infrastructure packaged and scaled up and down ● End up sharing static credentials - hard coded or on multiple client machines
Best Practices How? © Gravitational, Inc. 2020 | goteleport.com RBAC ● Credentials have two basic levels: privileged and unprivileged ● Different segments within unprivileged ● Follow PoLP ● Requires identity information, but most secrets are arbitrary strings (ssh, bearer)
How? © Gravitational, Inc. 2020 | goteleport.com
Thanks for stopping by! Check your email for the whitepaper

Recommended

Why Web Security Matters!
Why Web Security Matters!Why Web Security Matters!
Why Web Security Matters!Philippe De Ryck
 
R u hacked
R u hackedR u hacked
R u hackedSumedt Jitpukdebodin
 
THE DECADE BEHIND AND THE DECADE AHEAD - Saumil Shah
THE DECADE BEHIND AND THE DECADE AHEAD - Saumil ShahTHE DECADE BEHIND AND THE DECADE AHEAD - Saumil Shah
THE DECADE BEHIND AND THE DECADE AHEAD - Saumil ShahNSConclave
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Cyber threat trends
Cyber threat trendsCyber threat trends
Cyber threat trendsStephen Richards
 
Seguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable DataSeguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable DataCristian Garcia G.
 
2012: The End of the World?
2012: The End of the World?2012: The End of the World?
2012: The End of the World?Saumil Shah
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 

Recommended

Why Web Security Matters!
Why Web Security Matters!Why Web Security Matters!
Why Web Security Matters!Philippe De Ryck
 
R u hacked
R u hackedR u hacked
R u hackedSumedt Jitpukdebodin
 
THE DECADE BEHIND AND THE DECADE AHEAD - Saumil Shah
THE DECADE BEHIND AND THE DECADE AHEAD - Saumil ShahTHE DECADE BEHIND AND THE DECADE AHEAD - Saumil Shah
THE DECADE BEHIND AND THE DECADE AHEAD - Saumil ShahNSConclave
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Cyber threat trends
Cyber threat trendsCyber threat trends
Cyber threat trendsStephen Richards
 
Seguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable DataSeguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable DataCristian Garcia G.
 
2012: The End of the World?
2012: The End of the World?2012: The End of the World?
2012: The End of the World?Saumil Shah
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 
MNSEC 2018 - Evolving DDoS Threat Landscape
MNSEC 2018 - Evolving DDoS Threat LandscapeMNSEC 2018 - Evolving DDoS Threat Landscape
MNSEC 2018 - Evolving DDoS Threat LandscapeMNCERT
 
News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal Jaskaran Narula
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Cyber crimes Challenges in Global and Oman
Cyber crimes Challenges in Global and OmanCyber crimes Challenges in Global and Oman
Cyber crimes Challenges in Global and OmanMubarak Al Hadadi
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyNetwork Intelligence India
 
CSRF_RSA_2008_Jeremiah_Grossman
CSRF_RSA_2008_Jeremiah_GrossmanCSRF_RSA_2008_Jeremiah_Grossman
CSRF_RSA_2008_Jeremiah_Grossmanguestdb261a
 
How to Create 80% of a Big Data Pilot Project
How to Create 80% of a Big Data Pilot ProjectHow to Create 80% of a Big Data Pilot Project
How to Create 80% of a Big Data Pilot ProjectGreg Makowski
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...CODE BLUE
 
On the Bleeding Edge: 8 Predictions for the Internet in 2018
On the Bleeding Edge: 8 Predictions for the Internet in 2018On the Bleeding Edge: 8 Predictions for the Internet in 2018
On the Bleeding Edge: 8 Predictions for the Internet in 2018Cloudflare
 
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisBangladesh Network Operators Group
 
The Dangers of Lapto
The Dangers of LaptoThe Dangers of Lapto
The Dangers of LaptoInfosec Europe
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation J Hartig
 
DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...
DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...
DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...DataDome
 
Basic Internet Security (for Association of Bridal Consultants - Italy)
Basic Internet Security (for Association of Bridal Consultants - Italy)Basic Internet Security (for Association of Bridal Consultants - Italy)
Basic Internet Security (for Association of Bridal Consultants - Italy)Marco Marcellini
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Asia Pte Ltd
 
A CAPTCHA in the Rye
A CAPTCHA in the RyeA CAPTCHA in the Rye
A CAPTCHA in the RyeImperva
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomwareAlgoSec
 
8. cyber51-case-studies
8. cyber51-case-studies8. cyber51-case-studies
8. cyber51-case-studiesDoree Garcia, CCNA, OSWP
 
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clientsRenaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clientsnooralmousa
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
Introducing Teleport cloud
Introducing Teleport cloudIntroducing Teleport cloud
Introducing Teleport cloudTeleport
 
Teleport 5.0 release webinar
Teleport 5.0 release webinarTeleport 5.0 release webinar
Teleport 5.0 release webinarTeleport
 

More Related Content

Similar to Top 10 Hacks of the Last Decade

MNSEC 2018 - Evolving DDoS Threat Landscape
MNSEC 2018 - Evolving DDoS Threat LandscapeMNSEC 2018 - Evolving DDoS Threat Landscape
MNSEC 2018 - Evolving DDoS Threat LandscapeMNCERT
 
News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal Jaskaran Narula
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Cyber crimes Challenges in Global and Oman
Cyber crimes Challenges in Global and OmanCyber crimes Challenges in Global and Oman
Cyber crimes Challenges in Global and OmanMubarak Al Hadadi
 
CSRF_RSA_2008_Jeremiah_Grossman
CSRF_RSA_2008_Jeremiah_GrossmanCSRF_RSA_2008_Jeremiah_Grossman
CSRF_RSA_2008_Jeremiah_Grossmanguestdb261a
 
How to Create 80% of a Big Data Pilot Project
How to Create 80% of a Big Data Pilot ProjectHow to Create 80% of a Big Data Pilot Project
How to Create 80% of a Big Data Pilot ProjectGreg Makowski
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...CODE BLUE
 
On the Bleeding Edge: 8 Predictions for the Internet in 2018
On the Bleeding Edge: 8 Predictions for the Internet in 2018On the Bleeding Edge: 8 Predictions for the Internet in 2018
On the Bleeding Edge: 8 Predictions for the Internet in 2018Cloudflare
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation J Hartig
 
DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...
DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...
DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...DataDome
 
Basic Internet Security (for Association of Bridal Consultants - Italy)
Basic Internet Security (for Association of Bridal Consultants - Italy)Basic Internet Security (for Association of Bridal Consultants - Italy)
Basic Internet Security (for Association of Bridal Consultants - Italy)Marco Marcellini
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Asia Pte Ltd
 
A CAPTCHA in the Rye
A CAPTCHA in the RyeA CAPTCHA in the Rye
A CAPTCHA in the RyeImperva
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomwareAlgoSec
 
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clientsRenaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clientsnooralmousa
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 

Similar to Top 10 Hacks of the Last Decade (20)

MNSEC 2018 - Evolving DDoS Threat Landscape
MNSEC 2018 - Evolving DDoS Threat LandscapeMNSEC 2018 - Evolving DDoS Threat Landscape
MNSEC 2018 - Evolving DDoS Threat Landscape
 
News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
Cyber crimes Challenges in Global and Oman
Cyber crimes Challenges in Global and OmanCyber crimes Challenges in Global and Oman
Cyber crimes Challenges in Global and Oman
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. Mookhey
 
CSRF_RSA_2008_Jeremiah_Grossman
CSRF_RSA_2008_Jeremiah_GrossmanCSRF_RSA_2008_Jeremiah_Grossman
CSRF_RSA_2008_Jeremiah_Grossman
 
How to Create 80% of a Big Data Pilot Project
How to Create 80% of a Big Data Pilot ProjectHow to Create 80% of a Big Data Pilot Project
How to Create 80% of a Big Data Pilot Project
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
 
On the Bleeding Edge: 8 Predictions for the Internet in 2018
On the Bleeding Edge: 8 Predictions for the Internet in 2018On the Bleeding Edge: 8 Predictions for the Internet in 2018
On the Bleeding Edge: 8 Predictions for the Internet in 2018
 
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security Analysis
 
The Dangers of Lapto
The Dangers of LaptoThe Dangers of Lapto
The Dangers of Lapto
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation
 
DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...
DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...
DataDome's winning deck for 2019 FIC (Cybersecurity International Forum) "Pri...
 
Basic Internet Security (for Association of Bridal Consultants - Italy)
Basic Internet Security (for Association of Bridal Consultants - Italy)Basic Internet Security (for Association of Bridal Consultants - Italy)
Basic Internet Security (for Association of Bridal Consultants - Italy)
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
 
A CAPTCHA in the Rye
A CAPTCHA in the RyeA CAPTCHA in the Rye
A CAPTCHA in the Rye
 
2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware2021 01-13 reducing risk-of_ransomware
2021 01-13 reducing risk-of_ransomware
 
8. cyber51-case-studies
8. cyber51-case-studies8. cyber51-case-studies
8. cyber51-case-studies
 
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clientsRenaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 

More from Teleport

Introducing Teleport cloud
Introducing Teleport cloudIntroducing Teleport cloud
Introducing Teleport cloudTeleport
 
Teleport 5.0 release webinar
Teleport 5.0 release webinarTeleport 5.0 release webinar
Teleport 5.0 release webinarTeleport
 
Webinar - 2020-09-23 - Escape the ticketing turmoil with Teleport PagerDuty &...
Webinar - 2020-09-23 - Escape the ticketing turmoil with Teleport PagerDuty &...Webinar - 2020-09-23 - Escape the ticketing turmoil with Teleport PagerDuty &...
Webinar - 2020-09-23 - Escape the ticketing turmoil with Teleport PagerDuty &...Teleport
 
Industry Best Practices For SSH - DevOps.com Webinar
Industry Best Practices For SSH - DevOps.com WebinarIndustry Best Practices For SSH - DevOps.com Webinar
Industry Best Practices For SSH - DevOps.com WebinarTeleport
 
Secure Developer Access at Decisiv
Secure Developer Access at DecisivSecure Developer Access at Decisiv
Secure Developer Access at DecisivTeleport
 
DevOpsTO meetup 2018-08
DevOpsTO meetup 2018-08DevOpsTO meetup 2018-08
DevOpsTO meetup 2018-08Teleport
 
Introduction to Gravitational Teleport
Introduction to Gravitational TeleportIntroduction to Gravitational Teleport
Introduction to Gravitational TeleportTeleport
 

More from Teleport (7)

Introducing Teleport cloud
Introducing Teleport cloudIntroducing Teleport cloud
Introducing Teleport cloud
 
Teleport 5.0 release webinar
Teleport 5.0 release webinarTeleport 5.0 release webinar
Teleport 5.0 release webinar
 
Webinar - 2020-09-23 - Escape the ticketing turmoil with Teleport PagerDuty &...
Webinar - 2020-09-23 - Escape the ticketing turmoil with Teleport PagerDuty &...Webinar - 2020-09-23 - Escape the ticketing turmoil with Teleport PagerDuty &...
Webinar - 2020-09-23 - Escape the ticketing turmoil with Teleport PagerDuty &...
 
Industry Best Practices For SSH - DevOps.com Webinar
Industry Best Practices For SSH - DevOps.com WebinarIndustry Best Practices For SSH - DevOps.com Webinar
Industry Best Practices For SSH - DevOps.com Webinar
 
Secure Developer Access at Decisiv
Secure Developer Access at DecisivSecure Developer Access at Decisiv
Secure Developer Access at Decisiv
 
DevOpsTO meetup 2018-08
DevOpsTO meetup 2018-08DevOpsTO meetup 2018-08
DevOpsTO meetup 2018-08
 
Introduction to Gravitational Teleport
Introduction to Gravitational TeleportIntroduction to Gravitational Teleport
Introduction to Gravitational Teleport
 

Recently uploaded

What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptrcbcrtm
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 

Recently uploaded (20)

What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.ppt
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 

Top 10 Hacks of the Last Decade

  • 1. Top 10 Hacks of the Last Decade goteleport.com
  • 2. Top 10 Hacks Operation Aurora (2010) Stuxnet (2010) Mt. Gox (2014) Panama Papers (2016) The DNC Hack (2016) Equifax (2017) WannaCry (2017) Cambridge Analytica (2018) Capital One (2019) SolarWinds (2020) 1. What happened? 2. How did it happen? 3. What happened afterwards?
  • 3. Operation Aurora (2010) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What Happened? What happened? How did it occur? What happened afterwards? ● Google, Adobe, Juniper Networks, Dow Chemical, Morgan Stanley, and more ● IP Theft - Source code ● Sophisticated ● Internet Explorer zero-day ● Spear phishing ● JS program exploited IE zero day to download malware ● Malware opened backdoor for access and search internal networks ● BeyondCorp: A new Approach to Enterprise Security (2014) ● Implement Zero Trust at scale
  • 4. Stuxnet (2010) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What Happened? What happened? How did it occur? What happened afterwards? ● Computer worm for industrial SCAD systems ● Precisely designed to target specific configurations ● Error in software update unintentionally unleashed the worm on the internet ● >50% Iran, indonesia, india, azerbaijan, etc. ● Air-gapped environment - Contractor’s USB ● Payload, .lnk file, rootkit, command and control network ● Exploited zero-days and shared secrets ● Slowly manipulated PLC for centrifuges ● First attack on industrial infrastructure ● Highly publicized (error) = weaponized cyberspace ● Kicked off another arms race
  • 5. Mt. Gox (2014) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What Happened? What happened? How did it occur? What happened afterwards? ● Largest Bitcoin exchange in the world stopped all trades ● 850K $BTC stolen (largest theft to date) ● $450MM in 2014 but > $34B now ● Only 200K $BTC ever recovered ● Poorly managed codebase ● Stole credentials from an auditor ● Siphoned $BTC from hot wallet masked as normal txs ● Debate over centralized exchange - similar to enterprise trusting third-parties for private data ● Binance / Coinbase - Transparent ops + insured deposit ● Die hard fans = DEXs
  • 6. Panama Papers (2016) © Gravitational, Inc. 2020 | goteleport.com What happened? ● Law firm - Mossack Fonseca ● Exposed high-ranking officials using offshore companies to hide income + taxes ● Largest leak in history - 2.6TB of data Countries implicated in Panama Papers
  • 7. Panama Papers (2016) © Gravitational, Inc. 2020 | goteleport.com How did it occur? ● Outdated Drupal CMS version ● Outdated WP version - Revolution Slider ● Emails not encrypted TLS ● Web servers on same network as mail servers Portal ran outdated Drupal version
  • 8. Panama Papers (2016) © Gravitational, Inc. 2020 | goteleport.com What happened afterwards? ● Reinforce basic principles - segment, encrypt, update software ● Warning - Companies store sensitive customer information ● Illegally obtained info can be evidence
  • 9. DNC Hack (2016) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What happened? How did it occur? What happened afterwards? ● (1) DNC (2) Clinton Campaign (CC) ● 50K emails published on WikiLeaks ● CC - 2FA, wiped servers, phishing drills ● Fancy Bear targeted private accounts - 50K emails ● Admin credentials to DNC network ● X-Agent and X-Tunnel ● 300GB through buffer servers ● Election cyberwarfare ● Billions spent voter upgrading security infra ● DNC - specialized hardware, cloud, phishing drills
  • 10. Equifax (2017) How? Aftermath © Gravitational, Inc. 2020 | goteleport.com What happened? How did it occur? What happened afterwards? ● One of the largest credit reporting agencies: Sensitive personal + financial info ● 143MM americans - 40% of population ● Address, SSN, driver ID ● Apache - Security notice to patch vuln in Struts ● Remote code injection via HTTP header ● Human error - Equifax did not upgrade ● Hackers scanned for vuln -> Equifax ● DB to DB, extracted data ● Did not renew 3rd party software = did not inspect traffic ● Not much fallout - Stock went down for a few months ● $1.4B in upgrades & $1.4B in claims (~$125/person) ● Legacy co’s slow to modernize - poor implementation / governance
  • 11. WannaCry (2017) How? Aftermath What happened? ● Ransomware attack ● 100,000s of windows machines in 150+ countries ● Ransomed access in return for $BTC - Often not honored ● Mostly UK hospitals, railway networks, and private co’s © Gravitational, Inc. 2020 | goteleport.com Locations affected by WannaCry
  • 12. WannaCry (2017) How? Aftermath How did it occur? ● Shadow brokers stole NSA tools ● NSA inform MSFT about exploit, but not enough time to patch ● EternalBlue - Arbitrary code execution delivered in network packet ● DoublePulsar payload = Backdoor to install WannaCry ● DNS killswitch © Gravitational, Inc. 2020 | goteleport.com Countries implicated in Panama Papers
  • 13. WannaCry (2017) What happened afterwards? ● EB and DP used in NotPetya (2017) ● Critical of NSA ● PATCH Act - Balance vuln disclosure and national security © Gravitational, Inc. 2020 | goteleport.com It was NSA. I saw them do it. What??? Noooo. I wouldn’t spy on you … Remember Snowden? LOLOLOL Yeah. It was NSA. Vote to kick
  • 14. Cambridge Analytica (2018) How? What happened? How did it occur? What happened afterwards? ● Whistle blown on data harvesting op ● 87MM American ● High-def psychographic profiles -> Targeted ads ● 300K users accepted terms of thisisyourdigitallife ● Abusive ToS harvested user and FB Friends data ● Public profile, pages liked, birthday, location ● Access to photos, timeline, and messages ● Not exactly a hack ● $5B fines + regulation ● CCPA (2018) - As California Goes, So Goes the Country ● Changed privacy policies, minimize API access, banning cookies © Gravitational, Inc. 2020 | goteleport.com
  • 15. Capital One (2019) How? What happened? How did it occur? What happened afterwards? ● ex-Amazon employee ● Exploited misconfigured WAF ● 100K SSN & 1MM SIN ● Financial info = CC apps, bank account ● Hacker admitted guilt over GitHub and Slack ● Details not fully disclosed, but expected to be SSRF ● WAF sent HTTP request to Amazon metadata services ● AWS IAM credentials to S3 bucket ● Brought attention to SSRF ● Public clouds communicate through HTTP and assume a degree of trust ● More popular with APIs and SaaS © Gravitational, Inc. 2020 | goteleport.com
  • 16. SolarWinds (2020) How? What happened? How did it occur? What happened afterwards? ● Most consequential hack of all time ● Supply chain attack through Orion software ● 18K customer exposed over months ● Nearly all F500 Co’s and govts ● Trusted component with backdoor to third party servers ● Digitally signed upstream by SolarWind ● SUNBURST - transfer and execute files, reboot, disable services, profile network, exfiltrate data ● Masked data extraction as network traffic part of protocol ● Will require months to understand full extent of damage and years to mitigate/clean ● Adds to growing concern of cyberwarfare © Gravitational, Inc. 2020 | goteleport.com
  • 17. Best Practices © Gravitational, Inc. 2020 | goteleport.com Segmentation ● Networks designed for clustered resources ● API, SaaS, cloud, remote devices ● Interconnectivity means trust in networks deteriorates ● Better yet, don’t trust network at all
  • 18. Best Practices How? © Gravitational, Inc. 2020 | goteleport.com Secrets ● Individualized, rotated, automated, stored, encrypted ● Infrastructure packaged and scaled up and down ● End up sharing static credentials - hard coded or on multiple client machines
  • 19. Best Practices How? © Gravitational, Inc. 2020 | goteleport.com RBAC ● Credentials have two basic levels: privileged and unprivileged ● Different segments within unprivileged ● Follow PoLP ● Requires identity information, but most secrets are arbitrary strings (ssh, bearer)
  • 20. How? © Gravitational, Inc. 2020 | goteleport.com
  • 21. Thanks for stopping by! Check your email for the whitepaper