Could You Even Imagine Malware As High Art?

Apparently, there is at least one piece looking to fetch more than a million dollars.

The subject? A computer infected with six strains of high-profile malware. Think WannaCry and BlackEnergy here for examples. And this art—a laptop sitting on a table gap-locked from the rest of the internet (a techy way of saying the computer is in a vacuum to prevent the ransomware from escaping).

In a project called “Persistence of Chaos”, artist Guo O. Dong, with some cybersecurity consultants, created a Samsung Blue Netbook from 2008, running Windows XP Service Pack 3. It features six of the most prolific malware to date. These malware have been responsible for over 95 BILLION dollars in financial damage to businesses and organizations worldwide.

What are these different malware?

WannaCry—responsible for massive ransomware attacks all the way back in 2017, this malware still has variants plaguing a variety of industries—including healthcare! It is autonomous, in that it can move across your network without any guidance, relying on machine learning to find, search, and destroy files on every single detected computer.

BlackEnergy— a Trojan that was used to conduct Denial of Service (DDoS) attacks, cyber espionage and information destruction attacks. In 2014, BlackEnergy attackers began deploying SCADA-related plugins to victims in the ICS (Industrial Control Systems) and energy markets around the world, resulting in one instance to a complete power outage in the Ukraine.

Dark Tequila—a sophisticated credential-stealing malware first spotted in 2013, it is responsible for its cocktail of highly targeted attacks to give criminals access into their accounts. Primarily it was tasked with stealing financial information, as well as login credentials to popular websites that range from code versioning repositories to public file storage accounts.

ILOVEYOU— the ILOVEYOU virus is a computer virus (or) worm. It’s spread through an email with a subject line that said “I love you” in 2000.

SOBig Trojan— a Trojan horse program that could allow others access to infected systems, primarily used in 2004. Sobig (w32.sobig@mm) arrived by e-mail and attempts to download a Trojan horse onto infected systems.

MyDoom DDoS—a destructor worm that caused a TON of headaches for the federal government back in 2009. Targeting a series of U.S. government sites and some commercial sites, this worm was meant to destroy files, NOT steal data. It is nowhere near as sophisticated as some of the worms used in 2019.

Some art critics are already praising Dong’s work as an excellent “catalog of historical threats”.

Interested in Dong’s work? It’s currently going for 1.13 Million Dollars! Bids are now open.

How can we make Dong’s work simply a historic piece of artwork?

1. Educate your team— most of the latest attacks are exploiting users. What I mean by this is they are convincing users to open files or click on links. They are also getting users to divulge important or sensitive information that ultimately will help get a criminal access to your network. Education, awareness and storytelling are the best ways to shed light on the major problems we are facing as modern organizations when it comes to keeping our networks and data safe.
2. Monitor your network— understanding how your network normally runs and figuring out what suspicious activity looks like will empower you to make time-sensitive decisions about how to deal with a potential breach or attack while it’s in progress. The more you and your team is able to know and identify attacks while they’re happening will put you and your data in a much better spot than if you had no idea. Make sure your IT Security team is actively monitoring your network for suspicious activity (we use a SIEM at Healthcurity). If you are a Healthcurity client, ask your Business Technology Manager (BTM) about signing up for monitoring.
3. Be aware of your state of security—remember that old line about keeping up with the Jones’? In security, that line still rings true. It’s important to know what other people are doing in the community and to make sure you’re at least doing the same amount of data and network-protecting. My dad used to tell this old-timey joke—there are two men camping in the woods and one of the men popped his head out of the tent and yelled “there’s a bear outside”. The other started putting on his shoes.

The first man asked “why in the heck are you putting on your shoes? You’re never going to be able to outrun that bear!”

The second man responded, “I don’t have to outrun the bear. All I have to do is outrun you!”

This is entirely true in cybersecurity. Criminals have wide nets looking for organizations that are the lowest hanging fruit (i.e., are doing next to nothing to ensure their networks are secure). If you aren’t applying the latest patches, protecting your network with a smart firewall, educating your staff and staying up-to-date on the latest security risks (risks pop up daily in the cybersecurity field!), you’re probably not doing enough to outrun your peers.

It’s up to us all to prevent viruses and malicious attacks from making their way into our networks and destroying our businesses and organizations. Ransomware and other malicious software has turned the Twenty-First Century into a time where we all are easily victims. It’s up to us all to ensure that we don’t stay that way.