Lululemon Athletica Inc. Website down for 24 hours

I have witnessed various retailers go down for half an hour or so (Bestbuy on Black Friday sales is very common), but never did I see a MAJOR retailer go down for 24 hours. The message that lululemon.com was showing for 24 hour span was:

We are usually awesome at this. Please don’t refresh your browser. You’ll be back in the flow shortly.

There was no word from the company on what exactly occurred. They use the largest CDN provider Akamai, the same provider that Apple uses. Akamai is known to be the top content delivery network provider, therefore I would assume that the issue was not with them. Even if your cloud storage or a dedicated server was to go down, recovering from back-up shouldn’t take longer than 30 minutes. The assumption here is that the dedicated server or cloud did go down and that the back-up they had was corrupt. Or they had major issues restoring form the original backup and had to resort to their secondary off-shore storage. I assume they have more than 1 backup location that they use. These are all assumption. Maybe their administrator went away for the long weekend. We really don’t know.

The moral of the story is, make sure your back-ups are not corrupt and that you are capable of recovering from a disaster within a 3o minute span especially in today’s technological advances of cloud storage.

 

Malware Reverse Engineering

Malware DissembleAs the title of this blog states, this short blog is about malware reverse engineering. This seems to be a very popular topic among security experts. The idea of reverse engineering of malware is to find out what weakness did the malware expose on your side (network, operating system, etc).

After researching for approximately 3 days, this is one tough area to learn. Assembly language and system calls are the two objectives that you are looking into when dissembling malware. The system I used is Late 2013 iMac with a Windows 7 virtual machine installed on it. The virtual machine is isolated and is not connected to the network. I did use a dissembler which was used for static analysis. Debugger is great because it provides you with a great sense of on the fly action that the malware migh execute. Debuggers that I consider valuable are: IDA Pro, Immunity Debugger and Oly Debugger. The one I spent most time on was IDA Pro. Keep in mind that these tools are not cheap. IDA Pro for example Starter edition is USD$589 and Pro is US$1129. I do believe this particular area will see significant growth as Malware becomes more sophisticated and the attacks turn toward mobile users.

What was I able to do in 3 days? Take a look at the diagram above. I did manage to dissemble one particular type of Malware, however my skills are fairly basic in this area, and I’m unsure if I got all the systems calls. This was a Windows based Malware, see if you can guess what Malware it is?

 

 

WannaCry Ransomware received how many payments?

As everyone knows by now WannaCry / WanaCrypt0r ransomware would encrypt your hardrive, lock you out and simply ask for payment between $300.00 to $600.00 to restore access back. There are certainly users out there that paid, but how many paid and how much did WannaCry / WanaCryptor. According to ActualRansom

The three bitcoin wallets tied to #WannaCry ransomware have received 296 payments totaling 48.86359565 BTC ($99,448.11 USD).

It is a very impressive amount of money for a few days of work.