Probably OOC but I can't get myself to open CRK bro i'm scared it'll disappoint me and SCOOP it's like the autismnuke for me IT BETTER BE GOOD anyways BlackEnergy for everyone

seen from Argentina

seen from United States
seen from France

seen from Japan
seen from China

seen from United States

seen from United States

seen from Türkiye

seen from Czechia

seen from France

seen from United States

seen from United States
seen from China
seen from Poland
seen from Canada
seen from United States

seen from United States
seen from United States
seen from Lithuania
seen from Poland
Probably OOC but I can't get myself to open CRK bro i'm scared it'll disappoint me and SCOOP it's like the autismnuke for me IT BETTER BE GOOD anyways BlackEnergy for everyone
Evil Malware
Welcome back to another episode of An Actual Post. As usual, no prior computer science education needed. Today I'm going to talk about the worst of the worst malware. A lot of things has happened since what the general population consider to be viruses; annoying and maybe steals some money or logins. Unfortunately it's nowadays way way way worse than that so prepare for some uncomfortable reading!
Since the dawn of Stuxnet (which I wrote about here), malware has gotten increasingly more real-life, with real-life complications. It could be the Pegasus spyware, that targets political activists in authoritarian regimes, or disruptive infections that put a stop to Copenhagens metro trains for a few hours. But we're merely in the beginning, because in the last few years, some nasty shit has been going down. I'm going to write about two (technically three but I'll group the first two together for obvious reasons) of the worst incidents we've seen today.
BlackEnergy and CrashOverride
This piece of malware has been around since early 2000's, for the intention of creating DDoS attacks (which I wrote about here) from infected computers. It has since then branched out in its usage, particularly into targeting infrastructure environments. Most notable is the 2015 Ukrainian powergrid incident, which occured when the Russian hacking group known as "Sandworm", infected three Ukrainian energy companies, wiping out systems and causing a power outage for over 250 000 households during winter. The attack began with just one infected document being opened in the affected companies. When BlackEnergy infected their systems, it opened up a remote connection to the attackers, making them able to control the entire powergrid opreation from inside Russia, and thereby switching it off.
That was not enough though, as the attackers also implanted another piece of malicious software known as KillDisk, which wiped out many of the ciritical operation systems, as well as cutting off the connection to the UPS units, which are backup generators in case of system outage. To add a cherry on top, BlackEnergy did what it was originally intended to do - DDoS attacks - towards the energy companies call-centers, so that customers were not able to call and ask what was happening.
The Ukrainian powergrid is quite outdated, which made the attack easier, but it was also the saving grace, as they still had manual power-switches (as opposed to purely digital, which were under the attackers control), so power was eventually restored before they had to rebuild all of their digital systems. This is more concerning for countries with modern powergrids, as manual switches have all been replaced by only digital, meaning power restoration could take weeks or months in case of a similar attack.
Besides the energy companies, three other critical Ukrainian infrastructure organisations were hit by BlackEnergy, but did not result in any operational outages.
But it didn't stop there. Just one year later, in December 2016, a similar attack struck Kiev, successfully taking down one-fifth of the countrys electrical power. Like with the BlackEnergy incident, it was quite quickly restored, but there was a far more horrifying infection this time. Named CrashOverride, the malware was much more sophisticated than BlackEnergy, did more things automatically without the need of input from a remote attacker. It was also modular, meaning that functionalities could just be added to it like lego-pieces, adapting it to whatever kind of electrical grid it was entering. This meant that it wouldn't just be able to infect only Ukranian electrical grids, but just about any country's. Furthermore, evidence points to the 2016 CrashOverride infection only being a test-run.
Triton
Last but definitely not least - Triton, the first (known) malware designed to kill.
But before we talk about it, we need to look at what happened in Bhopal, India in 1984 when what has since been considered the worst industrial disaster of all time occured. At the Union Carbide India Limited pesticide plant in December 2nd, one of the gas tanks had a fatal malfunction, creating a massive gas leak of methyl isocyanate, which is extremely toxic. The leak spread to the surrounding city of Bhopal, resulting in almost 600 000 injured people, 40 000 temporary injuries, 4 000 permanent or severe injuries and over 8 000 people died within the first two weeks, with an estimated additional 8 000 deaths following due to injuries in the time after.
This was of course not caused by Triton, but it became the inspiration for the creation of the malware In 2017, a new piece of malware was discovered in Schneider Electrics industrial control system (called Triconex) at a Saudi Arabian petrochemical facility, which unravelled a horrible and complex secret. The infection chain for Triton contains many steps, so let's start with a brief overview of what the Triconex ICS and SIS is. ICS (Industrial Control System) are computers that handles all the industrial processes, computers that are programmed to do one thing and one specific thing only, unlike our regular PCs which you can play games or surf the internet and whatever. ICS will be computers who control valves, releases chemicals into vats, spins stuff around, or whatever automated processes may happen at an industrial facility.
SIS (Safety Instrumented System) are a kind of ICS that are responsible to check that everything is going alright and, if needed, will take over the process in case some ICS is failing and may result in damage, fire, injury or other disasters. So a SIS are monitoring failsafes, meant to prevent what happened in Bhopal.
Unless, of course, you program a malware intended to make the SIS malfunction.
What happened in the Saudi Arabian petrochemical facility started as follows:
The attackers successfully implanted a remote access trojan, which just like in the BlackEnergy case, makes the attackers able to control infected machines remotely. However, you can't infect a ICS or SIS this way, you need to enter a regular computer with internet access first, which is what they did. The initial machine was an engineering station, on which ICS and SIS computers are controlled. From there, the attackers wanted to plant their own software on the ICS and SIS machines, but there was a problem; the software can't be installed without someone turning a physical key on the Triconex devices, as a security measure. A second problem is that every time new software changes are made to a Triconex device, the old software will be deleted and replaced entirely by the new, which meant that the malware was at risk of being deleted if any engineer made any software changes.
So a second piece of Triton malware was made to overcome those hurdles. Instead of being save where the software should be saved in the Triconex devices, it saved itself where the firmware was installed (the piece of software that's made to have the Triconex work as opposed to where the software that tells the Triconex what to do), this not only gave Triton persistence even if new software was loaded, but also overrides the physical key as firmware always has administrator privileges. With all this in place, the attacker could execute any commands at the comfort of their home to both the ICS and SIS systems in the facility.
As luck would have it, before the attackers were able to cause any harm, the facility experienced a safety incident, prompting shutdown of the whole operation, and an investigation later uncovered the malware in the systems. Had Triton not been discovered in time, it would have been able to cause catastrophic failures similar to what happened in Bhopal. But just because it was thwarted this time, doesn't mean it's gone for good. There will always be some actor who is willing to try again.
Thank you for reading and sorry if I scared you, but honestly I think people need to be aware of the situation, as for some bisarre reason, events like these are not reported in the news. If you have any questions, feel free to send an ask!
Guo O Dong, “The Persistence of Chaos” (2019)
A laptop running 6 pieces of malware that have caused financial damages totaling $95B.
The piece is isolated and airgapped to prevent against spread of the malware.
Malware:
ILOVEYOU
The ILOVEYOU virus, distributed via email and file sharing, affected 500,000+ systems and caused $15B in damages total, with $5.5B in damages being caused in the first week.
MyDoomMyDoom,
potentially commissioned by Russian e-mail spammers, was one of the fastest spreading worms. It's projected that this virus caused $38B in damages.
SoBigSoBig
was a worm and trojan that circulated through emails as viral spam. This piece of malware could copy files, email itself to others, and could damage computer software/hardware. This piece of malware caused $37B in damages and affected hundreds of thousands of PCs.
WannaCry
WannaCry was an extremely virulent ransomware cryptoworm that also set up backdoors on systems. The attack affected 200,000+ computers across 150 countries, and caused the NHS $100M in damages with further totals accumulating close to $4B.
DarkTequila
A sophisticated and evasive piece of malware that targeted users mainly in Latin America, DarkTequila stole bank credentials and corporate data even while offline. DarkTequila costed millions in damages across many users.
BlackEnergy
BlackEnergy 2 uses sophisticated rootkit/process-injection techniques, robust encryption, and a modular architecture known as a "dropper". BlackEnergy was used in a cyberattack that prompted a large-scale blackout in Ukraine in December 2015.
NC10-14GB 10.2-Inch Blue Netbook (2008), Windows XP SP3, 6 pieces of malware, power cord, restart script, malware
10.3” x 1.2” x 7.3” 2.8Lbs
(Final bid received: $1,345,000)
Courtesy of the artist and Deep Instinct
THINK AND ENGAGE CHANGE.
BRAVE the album has been out for more than a week now and GIL is still busy.
The album is now available for streaming and download on Spotify and Bandcamp.com
Spotify : https://open.spotify.com/album/2mxzps0a4CKcIujXIC9qEH?si=kBAAwbSHTpedZHMaDJ4AfQ
Bandcamp: isgil.bandcamp.com/brave
Black Energy Samurai Energy Drink Can 250ml - 32mg / 100ml Can manufactured by Canpack
I’m confused by this can. I think it may be the massive word “Black” on a red can but then I think this is one of the brands to suffer from naming themselves after their first product and then struggling to branch out without it being weird. I quite like the design aesthetic of the Hanzi (which my phone tells me say “Samurai”, rather predictably) but the rest of the can is somewhat standard and not particularly interesting. The other point of interest is the slightly strange flavour of “Cherry, Ginger and Sake”
https://energydrinkcans.uk/cans/black-energy-samurai/
Stuxnet versus Little Boy
Lees mijn nieuwe blog #Stuxnet versus #LittleBoy
Het is alweer 75 jaar geleden dat de eerste atoombom, Little Boy boven Hiroshima tot ontploffing werd gebracht. Het toonde de wereld voor het eerst de destructieve kracht van de atoombom. Little Boy werd onbedoeld het startschot voor een toen nieuwe wapenwedloop. Stuxnet Stuxnetwordt algemeen beschouwd als het eerste cyberwapen. Ook haar destructieve kracht werd pas duidelijk na de inzet ervan…
View On WordPress
#EmpowerYourself #VictoryWithHonor #MikeTyson #BlackEnergy #BlueBerry (at Poland) https://www.instagram.com/p/CBnk7MYCy8K/?igshid=115at71hapxk0
And to the #haters really! #dontcare #lordhelpem #Blackenergy #fuckem #Kiz1beats #Charlotte (at Charlotte, North Carolina) https://www.instagram.com/p/B9kChZLl4QU/?igshid=a3zgzm8si44m