Fireball is a Chinese based malware that affected over 250 million computers. This malware was discovered by Check point threat intelligence and research team which ascertained that a high volume of the Chinese threat operation that affected millions of computers worldwide. The fireball malware takes usually take targeted browsers and alter them to become zombies. Fireball malware tend to have two functionalities. First, this malware has the ability of running any code of the targeted computer. This leads to the downloading any file or and manipulating the infected user and generate the ad-revenue. Moreover, this malware install plug-ins and the configuration to foster its advertisements.
What sector it affected?
Fireball malware the corporate sector networks. Over 250million computers which represent 20% of the corporate networks across the world were affected. The hit rates in the US alone were 10.7%, china 4.75, 14% in India and 385 in Brazil. This actually was a massive infection which this malware caused to the corporate sector. The corporate sector was targeted because there are high level of exchange and thus, attacking the networks would earn the attacker good cash. Moreover, some of the corporate computers are not well-guarded that is why the attacker focused on these network other than focusing on governments networks. Moreover, the corporate sector was target by this malware because it was the largest network therefore, finding some details from various corporations was easy and thus, the attacker collected information from various unsuspecting forms and launched the attacks on their computers. The attacker also found the corporate network to more vulnerable compared to the government networks. It is hard to trace the attacker on a large network. However, the authorities can easily trace an attacker on the government networks and heavy measures can be leveled against the perpetrators.
What are the indicators of the attack?
The first indicators of the attack as revealed by Yahoo one of the victims of the attack is the compromise of the real names, emails, addresses and the dates of the users. Yahoo established that the names and the addresses of over 500 million of its customers had been compromised in that they were not aligning. Due this attack, most users of the yahoo accounts could not log in their accounts because their emails and passwords had been corrupted by using the robust bcrypt algorithm.
The second indicator of an attack is the slowing computer. When the computer that has been working properly start to slow down or hang, then one obvious factor for this is an attack. When Fireball malware was launched, millions of targeted compauet5rs slowed down. Most computers hang and the users found it hard to operate them. The malware in most case are heavy in capacity and thus the computers cannot work when they have entered the system. The computers also found it hard accessing the internet because the browsers are corrupted and cannot function as expected. The slow funcyioning of the computers usually make the operations of the business in the organizations to come to a standstill because nobody can access the files and the data required.
The third indicator of an attack to the computers is the corrupted files and loss of data. When Fireball malware was launched, millions of files and volumes of data were lost by the corporations. After the attack, the users find it hard to access the simple files that were initially available and also the data get corrupted in that some elements of the data go missing. One would easily find that the security solutions have been disabled and thus, the system is open and unsecured.
Another indicator of the malware attack is that the internet traffic suspiciously increases in that there are so many popping up messages and Adz. Some Adz and message become annoying and frustrating because the activity one tries to do on the computer fails due to the large volume of the traffic. There are also unusual error messages when trying to browse of access certain information. During the attack by Fireball malware, many users reported unusual behaviors of their systems making them frustrated while discharging their duties.
Tactics, technique and procedures
The hackers usually have different techniques they use to accomplish their hacking mission. The first technique used by the attackers is generating unique binaries that are only used once and then discarded. The hackers know very well that using the unique binaries more than once would make them be exposed. Thus, they generate and use them to commit hacking and destroy them to cover their foot markings so that the defenders fail to trace them. Discarding the binaries that were used to hack makes it hard for the defenders to understand how the hackers attacked and how to deal with them. Many of the n binary attacks can be traced through simple configuration and other low cost means.
The second technique employed by the hackers is the use of spear-phishing. Spear-phishing means going after the less defended assets such as employees accounts, emails, and devices instead of the highly guarded assets. In fact, Fireball malware used the spear-phishing because it attacked the less guarded assets such as the customers’ contacts in Yahoo. It was easier for the hacker to get access the customers’ files in the corporate world and corrupts them than finding the corporation files that are sensitive. The sensitive corporation files are heavily guarded and it needs complex planning in order to access such files.
The third tactic used by the attackers is getting foothold of the target organization. The hacker tries to target the users outside the safety zones of the corporate perimeter. The attack gets these details of various external aspects of the organization and develops a malware that would be able to penetrate through the anti-malware protecting the internal files. Once inside, the malware cannot be easily be noticed and the attackers would go for most vulnerable files such as the employees’ records and corrupts it and find a route to most guarded files.
Another tactic used by the hackers is that they like simplicity. They do not develop very complex entry malware that would easily cause an alarm before the attack but they develop simple tools that could not be easily detected or tools that can easily be ignored by the users. However, once the simple tools manage to get foothold in the organizations, then the attack can execute the hacking using string tools. In most cases, the hackers prefer keeping the risks as minimal as possible no wonder they take time planning and launching the attack.
What was the impact of the attack?
There are numerous impacts of the cyber-attack. The first impact is that the targeted organization loose important files and data. Losing of the company files means that the company would have no records and tis is disastrous to any organization. The second impact of the attack is that the company loses its network and thus, loses the contacts of its customers and partners. This implies that the company’s business may come to a standstill. Thirdly, the targeted firm incurs costs and also incurs losses because important data has been lost and some transactions could not be done. Many firms incurred big losses due to the attack of Fireball malware.
Different cyber-attack stages
Cyber-attack tends to have stages and thus, the hackers follow these stages before attacking the targeted organization. The first stage is Recon which involves the preparation which includes the identification of the targeted organization and collecting the important information concerning the organization. The attackers are usual motivated by the financial gains.
The second stage is the intrusion and presence. At this stage, the hacker finds ways to penetrate the corporate perimeter and get foothold in the organization’s network. This can be done by spear-phishing to get the most important credentials to access the corporate network. Lateral movement is the third stage of at the attack where there is a connection to the internal network. Completion and mission is the last step where the attack execute the mission.