0Days and 7 seconds is all it took Chinese hackers to infect U.S. defense and financial industry targets. Let’s elaborate.
According to several reports from the Washington Post, USA Today, Wall Street Journal, and CNBC, and many others, as 2014 was winding down, for over three days in November, a group of Chinese hackers strung together a series of 0Day attacks on Forbes.com via their “Thought Of The Day” spash screen, and within 7 seconds, visitors to the site had a new infection on their computers.
What is a 0DAY? A new vulnerability previously unknown.
Symantec outlines it best through their quick refresher, “A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.”
It wasn’t just Forbes.com that were attacked, other companies including Dell, Microsoft, Ferrari and humanitarian organization Unicef were among those targeted, according to screenshots on Twitter and a website claiming to be from the SEA.
Media organizations such as Forbes, The Chicago Tribune, The Telegraph and Italy’s La Repubblica were also affected. The error message appeared to some users of CNBC.com.
The story has been told multiple times over during the past few months, I am not going to write about what you have already read. Instead, let’s take a step back a minute together to take a look at this a moment…and acknowledge how vicious breaches and attacks are becoming.
Hackers are increasingly being STATE SPONSORED, (Example China), the United States and allies in their crosshairs. They are particularly interested in attacking the INFRASTRUCTURE of the country, both financial and actual utility infrastructures.
As I have written many times in past articles (Cyber Bombs Hit Financial Institutions, BREACH!, We Are Under A Constant State Of Attack,) among others, clearly outlining what effects a successful cyber attack against the USA could have.
For example, what would you and your family do without power for months on end, no lights, cell phones, internet, nothing.
This question, and this column doesn’t have an answer, just a serious eye opening “heads up” what could be a reality in the future.