Serious Discussion Sophisticated hacker bypasses powerful antivirus, how?

[i7ii]

You bothered to read it and respond. Complete waste of time. My facts are straight and based upon credible, reliable, real-world attack and malware campaign statistics. Not theory and technobabble from the cybersec marketing presses.

That's exactly my issue with that wall of text - a complete waste of time. Supposedly, you were aiming for a counter-argument - but offered no credible/reliable arguments in that regard, quite the opposite - the parts which make sense - say the same thing (same core idea - different wording). Made no sense for you - to quote me with self-contradictory statements. You start with the next make belief cyber-utopia line "as counter-argument" ...

Malware and direct hacking of home users has not been the greatest threat for over a decade and yet there are places like this where people obsess about protecting their digital devices as if they have the nuclear launch codes of China, Russia and the US on them.

Which couldn't be further from the objective reality. Even more than that, my statements in regards to that - are credible & verifiable - even by someone with the most basic understanding of cyber-security - yet reasonably sociable (still connected with friends, family and different acquaintances / if secluded, antisocial and stubbornly holding on to outdated beliefs - such level of ignorance could make one blind to the present time state of the real and virtual world), if they happen to dodge every cyber-bullet in past 10 years. Your statement is based on what (Universe - which reality)?! Cause in our world - that context is plausible only for someone living Off-grid, pure luck or overly-excessive cyber-security measure(for first 2x examples - counting on luck or living off-grid - even a system filled with exploitable vulnerabilities - obviously couldn't be exploited if not reached). Which can't possibly reflect even 0.000000000000000000000000000000000000000000001% of Home Users.

And then, as if having a dual personality (actively taking over your mind) - you contradict-yourself with more than half of what you stated in previous post - by describing all the ways you can think of - where Home Users are easy targets (like fishing in a barrel). That being said, you yourself with your own words - nullified your own counter-argument. So what exactly is the point in all of this, why quote me to begin with?! Other than wasting my (and your) time - by spewing all you could think of - basically, saying a lot - but no valid challenging points, nothing new or remotely useful (nothing to learn or gain).

I work for a government. I have all the threat feeds and statistics from sensors throughout the global infrastructure. Those feeds and statistics from userland show that attacks on home users are so 2001.

Here you go again. Did you read my first post? I'm 41. If you wanna impress an adult - try with "factual/empirical evidence (something to show for)" or maybe some wordily renowned cyber-security project that has your name on it. Superficial titles like that - didn't impress me even as a child (even tho back then - the boastfulness was more compelling - like claiming their dad has access to nuclear codes). While this days, after working with multiple governments myself - i find such titles morally disgusting. Since landing a job among the highest mafia of many modern societies - usually implies some level of nepotism or bribes (even the cleaning lady - knew somebody - to land that job). Then comes the laughable part - "while noticing the outdated tech equipment (both hardware and software wise) - used by most governmental facilities. Old tech, like using HDD as storage and struggling to run Windows 7 is one thing (still cringe worthy - but it gets worst...) - but even seen apps made for Internet Explorer using the Active X framework. But hey, since the threat feeds statistics you have access to - are so outdated - wouldn't be surprise if even that gourvermental system is equally outdated - maybe even running Windows XP (which coincidentally - was actually released in 2001). Cause even in the Tech Age - public founds managed by tech illiterate seniors - whom also landed a job with the help of nepotism - were always deemed as better spent elswere.

Kowing and witnessing stuff like that - first hand... wasn't surprised in the slightest - that even a 11 year old manage to make a fool out of clowns in high places and their level of expertise:

Kids at hacking conference show how easily US elections could be sabotaged

Changing recorded votes would be difficult for bad actors. But at Def Con in Las Vegas, children had no trouble finding another point of entry

www.theguardian.com

But that's white hat hacking, black hat hackers play a diffrent game on a global scale:

U.K National Health Services​

Attack Type: Phishing, email account takeover (ATO)
Location: United Kingdom
Cost: Undisclosed
People affected: 139 employees and 1157 emails sent from hacked accounts


For over six months, email accounts used by 100 National Health Services (NHS) employees were also used by threat actors, who sent phishing emails out to obtain Microsoft credentials and other valuable information. The account takeover (ATO) and subsequent phishing attacks led to over a thousand fraudulent messages sent.


Researchers state that the attack did not originate from a server breach, but instead came from individually hacked accounts, highlighting the importance of individual user security awareness and identity security.

===================================

City of Oakland​

Attack type: Ransomware
Location: Oakland, California
Cost: Unknown
People Affected: Unknown, at least 13,000


In February 2023, the City of Oakland suffered a ransomware attack that forced them to declare a state of emergency and impacted many non-emergency city services including permitting, payment collections, and more.


The fallout of the attack included the publishing of 600 GB of data on the dark web by PLAY ransomware group, a class action lawsuit filed by citizens of Oakland, and a lawsuit filed by the Oakland police union, as many of the records leaked contained confidential information about the police department.

===================================

UK Electoral Commission​

Attack type: Vulnerability exploit
Location: United Kingdom
People affected: Millions of registered British voters
Cost: Unknown


In what was a long-running attack that originated back in October of 2021, it was publicly disclosed in August 2023 that the commission was the target of an attack that stole reference copies of electoral registers. These documents contained the personal information of any U.K. voter who was registered between 2014 and 2022. The threat actors also gained access to the organization’s email systems, further exposing data. In 2024, the British government stated that the Chinese government was behind the breach and issued sanctions to two individuals.


While the specifics of the attack are not fully known, it’s believed that it originated with a zero-day vulnerability.


===================================

Costa Rican Government​

Attack Type: Ransomware
Location: Costa Rica
People affected: Unknown
Cost: Unknown


In May 2022, multiple Costa Rican government agencies were taken offline by a ransomware attack, led by the ransomware-as-a-service (RaaS) group Hive and the Conti ransomware gang. The attack was multifaceted and hit various agencies after the initial ransom demand of $10 million USD was not met, and over 600GB of data was leaked online by the attackers. Why exactly Costa Rica was targeted is unclear, but the damage was extensive. President Rodrigo Chaves Robles declared a state of national emergency after the first round of attacks, which saw Conti members making verbal threats to overthrow the government via repeated hacks.


===================================

Canadian Revenue Agency​

Attack type: Credential stuffing
Location: Canada
Cost: Unknown
People affected: 48,500 personal accounts


A successful credential stuffing attack against the Canadian Revenue Agency’s online portal initially impacted 5,500 personal accounts and online portals related to COVID-19 relief programs, before the agency later increased the number of accounts exhibiting suspicious activity after the breach to 48,500.


Attackers used credentials from non-governmental data breaches and were able to gain access due to users recycling login names and passwords.


===================================

Bernalillo County, New Mexico​

Attack type: Ransomware
Location: New Mexico
Cost: Unknown
People affected: Unknown


In the aftermath of a ransomware attack in New Mexico, prisoners incarcerated in Bernalillo County found themselves confined to their cells. The ransomware attack had taken cameras at a local jail offline and deactivated the jail’s automated doors, forcing officers to use manual keys to confine the prisoners.


In separate attacks following the attack against the county’s prison system, Albuquerque’s public school system was forced to close for two days, while computer systems of Bernalillo County went offline, resulting in the inability of residents to file for mortgage loans.


===================================

Pottawatomie County, Kansas​

Attack type: Ransomware
Location: Kansas
Cost: $71,606.25
People affected: 150 desktop and laptop computers were breached


To regain control of servers encrypted in an attack on Sept.17, 2021, Pottawatomie County officials agreed to pay a ransom of $71,606.25, which could be seen as a bargain considering the initial asking price attackers demanded—a cool $1 million— to release control of the county’s data. The attack impacted the county’s driver’s license system and the tax department. It persisted for two weeks.


In the aftermath of the attack, the IT team deployed additional sensors on the county’s servers and continued their investigation to determine how the attackers breached their defenses.


===================================

The City of Chicago’s Department of Aviation​

Attack type: Phishing
Location: Illinois
Cost: Not disclosed
People affected: Not disclosed


When an employee of the City of Chicago’s Department of Aviation received an email from Skyline Management, a provider of custodial services at Midway and O’Hare, nothing appeared out of the ordinary. The company was an established vendor that had earned over $250 billion by providing custodial services since 2008.


The employee followed the instructions in the email and changed the company’s bank account on file from US Bank to Wells Fargo Bank, and then initiated an electronic payment for $1,150,759.82 as requested .


When Skyline Management contacted the City of Chicago weeks later to complain about a missing payment, the department realized their error and contacted Wells Fargo to hold the funds. The city did not incur a loss as the funds were still in the account.


An investigation determined that a hacked email account belonging to an employee of Skyline Management may have facilitated the attack.
The city’s finance department now requires its employees to call a vendor to confirm a bank account change by phone instead of relying exclusively on an email


===================================

City of Riviera Beach, Florida​

Attack type: Phishing
Location: Florida
Cost: $600,000 ransom paid by insurance company; $941,000 for computer equipment
People affected: Not disclosed


An attack in May 2019, which began when an employee in the police department opened an infected email, took the City of Riviera’s main computer system offline, affecting every department. The city’s finance department was forced to manually issue payroll checks that would otherwise have been automatically deposited in employee accounts electronically.


To secure the safe return of stolen data taken during the ransomware attack, city council members approved the payment of a $600,000 ransom, payable in Bitcoin by the city’s insurance company.


Additionally, the city agreed to spend almost $1 million to upgrade computer equipment, including the purchase of 310 new desktops and 90 laptop computers. The city’s IT department also engaged consultants to add safeguards and redundancies to prevent future attacks.

===================================

City of Atlanta​

Attack Type: Ransomware
Location: Atlanta
Cost: $17 million
People affected: Undisclosed


In March of 2018, a cyber attack against the City of Atlanta crippled government services. It took nearly a third of the city’s software programs offline and infected 3,789 computers. The attack impacted critical police services and the city’s court system, including the loss of police dash -cam recordings related to active prosecutions.


The attackers demanded a ransom of $51,000 to release the government’s data, payable in bitcoins, which the city declined to pay. A confidential report estimates a $17 million cost to taxpayers.


On December 5, 2018, the Department of Justice indicted Iranian nationals for their role in the attack.

===================================

City of Baltimore​

Attack type: Ransomware
Location: Baltimore
Cost: $18.2 million
People affected: Undisclosed


Threat actors successfully deployed RobbinHood ransomware against the City of Baltimore in 2019, which ended up costing the city $18.2 million. The attack compromised the city’s networks, took its email system offline, and adversely impacted its dispatch system.


The attackers demanded a payment of $76,000, which officials declined to pay thanks to advice from the Secret Service and the FBI, plus the city’s leadership did not want to reward criminal behavior.


Ultimately, however, Baltimore experienced a loss that far exceeded the ransom request.

===================================

UK National Health Service​

Attack type: WannaCry ransomware
Location: United Kingdom
Cost: £92 million (about $125 million USD)
People affected: 19,000 patient appointments


A 2017 ransomware attack involving the notorious WannaCry variant, launched by North Korea, inflicted losses of £92 million (about $125 million USD) and resulted in the cancelation of 19,000 medical appointments in the week following the attack.


The WannaCry attack is known as one of the most damaging ransomware attacks in modern history, infecting 200,000 computers in 150 countries, including devices owned by the U.K. NHS, Spain’s Telefónica, and several financial institutions.

===================================

But sure, i take it - in your world and whatever threat feeds you claim to have access to - there's no breach of a governmental institution since the 90s (if based on those threat feeds, home users running Windows 98 or even Windows XP SP1 released around that time - proved to be to secure - to much of a hassle for the hackers living in your personal Universe). Seriously, at this point - even claiming you have access to nuclear codes seems more feasible/plausible. You should try your luck as a politician - you do fit the requirements (can talk a lot - without actually saying anything useful, you can convince some people that empirical evidence - which they can easily check - is less relevant than some nonsensical child-like story about mystical data only couple of people have access to - despite sounding really silly, you're prone to manipulative evasiveness - where words like "credible, reliable, real-world, etc" are used - despite a lack of empirical evidence). Good luck.

 

[bazang]

That's exactly my issue with that wall of text - a complete waste of time. Supposedly, you were aiming for a counter-argument - but offered no credible/reliable arguments in that regard, quite the opposite - the parts which make sense - say the same thing (same core idea - different wording). Made no sense for you - to quote me with self-contradictory statements. You start with the next make belief cyber-utopia line "as counter-argument" ...

Which couldn't be further from the objective reality. Even more than that, my statements in regards to that - are credible & verifiable - even by someone with the most basic understanding of cyber-security - yet reasonably sociable (still connected with friends, family and different acquaintances / if secluded, antisocial and stubbornly holding on to outdated beliefs - such level of ignorance could make one blind to the present time state of the real and virtual world), if they happen to dodge every cyber-bullet in past 10 years. Your statement is based on what (Universe - which reality)?! Cause in our world - that context is plausible only for someone living Off-grid, pure luck or overly-excessive cyber-security measure(for first 2x examples - counting on luck or living off-grid - even a system filled with exploitable vulnerabilities - obviously couldn't be exploited if not reached). Which can't possibly reflect even 0.000000000000000000000000000000000000000000001% of Home Users.

And then, as if having a dual personality (actively taking over your mind) - you contradict-yourself with more than half of what you stated in previous post - by describing all the ways you can think of - where Home Users are easy targets (like fishing in a barrel). That being said, you yourself with your own words - nullified your own counter-argument. So what exactly is the point in all of this, why quote me to begin with?! Other than wasting my (and your) time - by spewing all you could think of - basically, saying a lot - but no valid challenging points, nothing new or remotely useful (nothing to learn or gain).



Here you go again. Did you read my first post? I'm 41. If you wanna impress an adult - try with "factual/empirical evidence (something to show for)" or maybe some wordily renowned cyber-security project that has your name on it. Superficial titles like that - didn't impress me even as a child (even tho back then - the boastfulness was more compelling - like claiming their dad has access to nuclear codes). While this days, after working with multiple governments myself - i find such titles morally disgusting. Since landing a job among the highest mafia of many modern societies - usually implies some level of nepotism or bribes (even the cleaning lady - knew somebody - to land that job). Then comes the laughable part - "while noticing the outdated tech equipment (both hardware and software wise) - used by most governmental facilities. Old tech, like using HDD as storage and struggling to run Windows 7 is one thing (still cringe worthy - but it gets worst...) - but even seen apps made for Internet Explorer using the Active X framework. But hey, since the threat feeds statistics you have access to - are so outdated - wouldn't be surprise if even that gourvermental system is equally outdated - maybe even running Windows XP (which coincidentally - was actually released in 2001). Cause even in the Tech Age - public founds managed by tech illiterate seniors - whom also landed a job with the help of nepotism - were always deemed as better spent elswere.

Kowing and witnessing stuff like that - first hand... wasn't surprised in the slightest - that even a 11 year old manage to make a fool out of clowns in high places and their level of expertise:

Kids at hacking conference show how easily US elections could be sabotaged

Changing recorded votes would be difficult for bad actors. But at Def Con in Las Vegas, children had no trouble finding another point of entry

www.theguardian.com

But that's white hat hacking, black hat hackers play a diffrent game on a global scale:



But sure, i take it - in your world and whatever threat feeds you claim to have access to - there's no breach of a governmental institution since the 90s (if based on those threat feeds, home users running Windows 98 or even Windows XP SP1 released around that time - proved to be to secure - to much of a hassle for the hackers living in your personal Universe). Seriously, at this point - even claiming you have access to nuclear codes seems more feasible/plausible. You should try your luck as a politician - you do fit the requirements (can talk a lot - without actually saying anything useful, you can convince some people that empirical evidence - which they can easily check - is less relevant than some nonsensical child-like story about mystical data only couple of people have access to - despite sounding really silly, you're prone to manipulative evasiveness - where words like "credible, reliable, real-world, etc" are used - despite a lack of empirical evidence). Good luck.

None of what you've stated in this post is correct. Your reality is not the actual reality of global cybersec.

 

[i7ii]

None of what you've stated in this post is correct. Your reality is not the actual reality of global cybersec.

Keep telling yourself that, maybe lies worked for you so far - but once in awhile you bump into people like me (unimpressionable, the analytical type - who value empirical evidence ) - and your house of cards (lies) comes tumbling down. Good luck tricking others.

 

[bazang]

Keep telling yourself that, maybe lies worked for you so far - but once in awhile you bump into people like me (unimpressionable, the analytical type - who value empirical evidence ) - and your house of cards (lies) comes tumbling down. Good luck tricking others.

No house of cards. No tricking anybody. I have made statements of fact.

Here is an example of a malicious campaign that the cybersecurity news reports as targeting "Mac Users." What the article author fails to mention - or further specify and clarify - is who is actually the intended target. He states "Mac Users." But the fact is that it is a subset of all "Mac Users." More specifically the threat actors are targeting a very specific cohort within the Mac user ecosystem - enterprise employees using their enterprise-issued Mac system, crypto traders, and the financially well-off. The threat actors are not interested in the general population, average user in any city or village the world over.

For one, the average home user is not going to install the Homebrew Mac OS package manager on their system. They don't know what it is nor do they care. So beginning with that fact alone it is simple to deduce that the threat actors are not throwing a malicious blanket at home users. They are targeting a very specific cohort within the Mac User ecosystem.

Criminals Use Fake Mac Homebrew Google Ads in New Malicious Campaign

In a new malicious campaign targeting Apple product users, criminals are spreading malware by using fake Mac Homebrew ads on Google.

www.bitdefender.com

The ones conducting the "Spray-and-Pray" campaigns are the junior cyber criminal script kiddies and those learning (practicing) to become better cyber criminals. Then there are the organized crime "bottom feeders" that launch low-effort malware-as-a-service campaigns. That segment is a small one targeting general home users. The days of "Let's attack the entire world because it is a numbers game" has been over for a very long time. A few still do it, but it is not the modus operandi of the well resourced and capable cyber criminal underground for many years.

The one area that continues to target any user are PUPs/PUAs. Those are far more of a problem than malware and malicious campaigns since 2010 or even a bit earlier. For one they are far easier to foist onto the global population, and two they do not cross into illegal territory (at least the ones not deliberately designed and intended to infect systems).