Attack Economics - Resources

Automated Attacks

Also search for "worms" in this website: two major events hit the Internet in 2001, more than 20 years ago.

Threat Brief: Petya Ransomware
Maersk, me & Notpetya "Along with tens (if not hundreds) of others, I played a role in the recovery and cybersecurity response to the events of the well-publicised notPetya malware attack in 2017"
NonPetya ransomware forced Maersk to reinstall 4000 servers, 45000 PCs "Imagine a company where a ship with 10 to 20 thousand containers is entering a port every 15 minutes, and for 10 days, you have no IT...It's almost impossible to even imagine."

Non-technical analyses, very interesting.

Bad malware, worse reporting Ross Anderson, University of Cambridge. "In well over 90% of NHS organisations, the well-meaning amateurs managed perfectly well. What they did was to keep their systems patched up-to-date; simple hygiene, like washing your hands after going to the toilet."
The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack Brad Smith, Microsoft VicePresident. "As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past. This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support".

MASSCAN: Mass IP port scanner This is an Internet-scale port scanner. It can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine.
Notes on Volt Typhoon ("pull the plug" ) "somebody is assigned the ability to pull the plug purely on their own authority...I’ve done that (metaphorically) a couple times, notified the CEO that there’s an extreme situation and I’m going to bypass all processes and piss off a lot of people in order to address it." Robert Graham is a sort of must-read author, mentioned multiple times in this website. His views are sometimes quite radical, but he definitely knows what he is talking about. BTW: he is the author and maintainer of masscan.

Cybersecurity for Small Businesses Hearing before the New York City Council Committee on Technology, Steve Bellovin, University of Columbia, 2020 (My opinion: When Steve Bellovin speaks or writes, one should only try to listen or read very carefully). Basic "security hygiene" practices.

NSA Hacker Chief Explains How to Keep Him Out of Your System A very interesting read for understanding the capabilities of APT groups (better said, the capabilities that this person, basically the Hacker in Chief of the USA, decided to make public).
Disrupting Nation State Hackers The full transcript of his speech. Extremely interesting.
Advanced Persistent Threats and Nation-State Actors Threat overviews and advisories maintained by CISA for: China, Russia, North Korea, Iran.

How CEOs think A must read for understanding cybersecurity in the real world. Its author, Robert Graham, is a well known person in the cybersec world.
Microsoft Digital Defense Report 2022 Long and detailed, quite interesting. One of the final sections (Cyber resilience) contains the diagram summarizing the missing security controls detected by Microsoft in their impacted customers. My personal opinion: a product that in most cases is installed or deployed with so many problems is a product with many problems. Microsoft is telling us this fact about one of its most important products.