Haunted Networks & Ghosts in Machines: Cybersecurity’s Spooky Side

Even when we think that viruses are gone, worms have been eliminated, and cybercriminals taken care of, traces can still linger. Just because we can’t see them, doesn’t mean they are gone for good. Haunted networks are comprised of lost code fragments, forgotten accounts, and malware that just won’t quit. Traces of malware can be left behind, which means they can reemerge. Think of it as ghosts of malware past.  

Conficker  

Also known as Downup and Kido, was a worm that targeted Microsoft Windows operating systems. First discovered in 2008, it reeked havoc on government, business, and home computers across the world. It worked by exploiting a specific vulnerability that allowed remote code execution, meaning that the worm could write code in the system just by connecting to the network. This worm was so haunting because it could copy itself onto USB drives and transfer to other computers the second the USB was plugged in. Conficker itself didn’t actually do any damage. Instead, it connected computers to create a network that could be used later on by its creators. This way the worm didn’t draw too much attention until attackers chose to use it. It continued to infect computers from 2008 all the way until 2019. Starting in the millions, the number of infected computers dropped to 500,000 by the end of the worm. Another aspect that made this worm so effective was that its creators kept making new variants to evade law enforcement. Though one was eventually caught and sentenced to four years, the worm continued to spread during and after he completed his sentence. The worm threatens to live on. Systems still using unpatched Windows could be at risk of being haunted by Conficker. 

Stuxnet 

We’ve highlighted Stuxnet before and for good reason. It was discovered in 2010 and its origin is that of political rivalry. Allegedly created by the U.S. and Isreal to use against Iranian nuclear centrifuges, Stuxnet made global news because of how effective it was. This worm also spread through Windows vulnerabilities and USB drives. It stayed hidden by continuing to report normal data even while it was taking down the centrifuges. Stuxnet haunted in a couple of ways. Unfortunately, it didn’t stay contained in the targeted devices and soon spread globally. Parts of Stuxnet are still used today to create new malware. Essentially, it’s a ghost that teaches the art of haunting. The unlucky lesson here is that even malware created for a specific reason often escapes and outlived its creators' intentions. If your interested in learning more about Stuxnet check out this article. 

Emotet 

Originally detected in 2014 this worm wasn’t fully taken down until 2021 when its servers were disrupted by German and Ukrainian law enforcement efforts. But it continued its haunting just a couple years later once it had evolved, making it one of the most persistent global threats. This malware is referred to as a banking trojan because it specifically aims to steal banking credentials. This is a quintessential example of malware originating from an email attachment. This email was so convincing because it appeared to be a reply to an email that the potential victim sent first. By the end of 2022, Emotet’s creators resurrected the botnet through phishing campaigns yet again. A botnet is just a network of infected computers. It wasn’t long after its initial attacks that Emotet had developed a vast network that its creators could use. This ghostly creation is so spooky because it can be resurrected by virtually anyone with some of its code.  

Forgotten IoTs 

There’s more to haunted devices than just malware and worms, sometimes the devices themselves are the issue. IoT stands for ‘internet of things’ which are everyday devices that are connected to the internet. Think of regular items that have turned into smart devices. This could mean anything from cars to refrigerators. The problem is that these things are often installed and then forgotten about, leaving them vulnerable and unsecure. In other words, devices that don’t receive regular updates are more susceptible to haunting. Once inflected, it's unlikely that users will ever realize they are being exploited. One of the most infamous examples of IoT exploitation was the Mirai malware that created a network of IoT devices that could be remotely controlled by its creator to carry out one of the largest DDoS attacks in history. This malware mostly targeted home cameras and routers. Mirai worked by using a table of common usernames and passwords to attack IoT devices with poor security. The devices would keep functioning normally unless rebooted. Even then the password would need to be changed right away, but owners would have no reason to do this because they had no idea anything was wrong. Even Mirai continues to haunt through new variants. The lesson here is to always make sure that even your smallest and seemingly most inconsequential devices are always protected. 

These are just a handful of the spooky things to look out for when using your devices. Once released, malware can linger indefinitely. This is especially true on unprotected networks. Sometimes this means that your unsuspecting devices, IoTs, are the most vulnerable. Like a ghost, these threats want to possess your systems so remember to stay secure and bring a crucifix.