How I survived the 2017 cyberattacks
If you haven't been attacked yet, you got lucky. So, this attack is still ongoing but I wanted to share some tips for people affected and prepare those who haven't. I had to take some pretty extreme measures to un-pwn my machines and secure my network, here's what I did:
Look:
Look for anomalies: slow internet, browser hangs, random crashes of routers and PCs, etc.
Investigate:
If any anomalies are detected, investigate further.
Troubleshoot:
In my case, I found slow internet. So I started by looking at the router(actiontec). It turns out it was one of those insecure ones that you get whenever you sign up for internet. So I tried to update the firmware, but the latest was 5 years old. I decided to replace it with a more recent system, a linksys WRT54G with openwrt. It helped for a little while but then the problem returned. Eventually I replaced it with a raspberry pi with a more updated openwrt, and the slow internet was solved. In case you didn't see the news, this wrt54g was hacked by the NSA and leaked online. Also the router I had before was notoriously hacked because it had security flaws.
Verify
My slow internet returned a few months later. I started shutting down machines and isolated it to a MS Windows box. I formatted it and installed linux and then everything returned to normal... for a little while.
Periodically reverify
I got browser hangs and OS crashes randomly so I went back to looking. I found some compromised browsers that were able to break system updates and so I installed noscript, adblock, and disabled javascipt on some sites. This fixed the problem... for a little while.
Later on, my 100% linux network protected by an openwrt firewall with everything updated got a crashing pbx server. We had to rebuild it and turn on automatic updates to resolve the problem. The hackers used a little-known asterisk bug to brute-force their way into the pbx and crash it.
Plan for future attacks
I decided that I need to think ahead and be more proactive so I am getting a new firewall which will run opnsense; it has intrusion detection and more advanced packet filtering than openwrt. I have DNSSEC on and it's helping. I get phishing attacks periodically so I am turning on email filtering.
Hope this helps
Very informative post, thanks for sharing! I installed Untangle Complete on my network and only costs me $5 per month at home which is insane!! I havent had any issues on my home network ever since, so I will definitely suggest trying that out..
thank you! We need to get the word out. I had 2 retail stores tell me, today, they are having credit card processing anomalies. I investigated and saw this huge global cyberattack going on. It's global and they are hacking nuclear plants, every company and financial institute, and they are very sophisticated. It's like a bot-net that is running pen-tests globally.
I have been in the IT Solutions industry for more than 10 years and found that there are 2 systems that are head and shoulders above the rest:
This system creates a type of honeypot on the network and allows you to create a dummy server - anything windows, linux, switch or router service that you want, it looks & feels exactly like that service BUT it's a dummy. You can add files to the system and when the hacker thinks he got to the real system, it's actually a fake and thus you can stop the attack before it gets to the real network.
CANARY URL
https://canary.tools/
These guys are doing some impressive systems in terms of removing the need for a username/password completely, basically it utilizes any file such as a picture which as you know has a unique hash value/thumbprint to authenticate to end device, thus making it completely secure, nobody has been able to hack this system at all and I believe they are still trying to get someone to hack it and expose it's vulnerabilities.
PASSFILE
http://passfilesafe.com/
Have a look at the above mentioned site, the coder isn't a graphic designer at all and will never utilize any framework such as wordpress, joomla or drupal to develop his websites, he does all his coding from scratch on a javascript/php environment and it's insanely secure. I haven't come accross a developer like this in ages to be honest.