In my imaginary cyberattack, the attacker would target the server responsible for pushing updates to the firmware of various computer devices on a large corporate office’s network. This office would be the headquarters of a national bank. To carry out the attack, the hacker could intercept the server’s traffic as it downloads updates, enabling them to insert their own code into download stream. To avoid detection, it could spoof integrity checkers by first detecting the hash code or whatever method used to verify the data and replicating it. Once inside of the update server, it would copy itself into every firmware update contained inside. Once the IT department pushes out the updates from the server, every system that gets an update gets infected. This virus would then enter its second phase, where it digs into the OS and gets administrative access to the system. From there, it would provide the hacker with a backdoor into the entire network. With this backdoor, the hacker could record passwords, destabilize the network, obtain vital client and company information, etc. 

            An attack of this kind could potentially affect millions depending on the hacker’s intentions. They could simply steal a sum of money or they could wipe the entire network, wiping data related to customers and employees. With an ambitious enough attacker, this could even destabilize an entire county’s economy, and thus the world. To prevent this, the company could’ve used more rigorous integrity checks, where the data sent along the company’s network is checked with a known real version of the software and the version being sent at every single stop. Should anything not match up, the incorrect version of the software is discarded or quarantined until it is investigated by human staff. The problem is, most large businesses only monitor traffic going in and out of the business in detail, ignoring internal traffic as the other monitoring provides them with the illusion of safety. Modernizing security is an expensive and time-consuming task, but a necessary one.