'Twas the night before a big breach, when all through the internet
Not a DDoS was stirring, not even against a bank.
The WAF was installed by the security admin with care,
In hopes that hackers soon would not be there.
The assets were protected all patches were applied,
While visions of exploits danced in their logs.
And the CISO with her ‘reports, and I with mine,
Had just settled our concerns for a long winter night.
When out on the network there arose such a clatter,
I sprang from the bed to see what was the matter.
Away to the SIEM I flew like a flash,
Tore open the logs and threw up the dash.
The alert on the breast of the new-fallen threat
Gave the insight of forensics to objects below.
When, what to my wondering eyes should appear,
But a piece of malware, and eight vectors compromised.
With a little script kiddie, so lively and quick,
I knew in a moment it must be a hacker.
More rapid than eagles his payloads they came,
And he whistled, and shouted, and called them by name!
"Now Zeus! now, Phoenix! now, Blackhole and Vixen!
On, Redkit! On, Flashback! on, on Stuxnet and Flame!
To the inside of the perimeter! inside of the firewall!
Now hack away! Hack away! Hack away all!"
As dry leaves that before the wild hurricane fly,
When they meet with an obstacle, mount to the sky.
So into the firewall the exploits they flew,
With the payload full of bad things, and malicious code too.
And then, in a twinkling, I heard on my smartphone
The alarms and notifications of each new attack.
As I drew in my head, and was turning around,
Down the servers came crashing down.
He was in my systems, from my desktops to my servers,
And his cleverness was bypassing all of the controls.
A bundle of exploit kits he had flung on his attack,
And he looked like a professional, not just learning to hack.
His eyes-how I knew they twinkled! his dimples how merry!
His signatures were hard to block, he knew his IPSs!
I knew his droll little mouth was drawn up like a bow,
And I knew he was not a hat as white as the snow.
The spoofing he did kept me from identifying him,
And the fake IPs prevented me from knowing him.
He had a multi-vector attack and multiple phishing attempts,
That caught some people, even the execs too!
He was quick and swift, not so much a kiddie,
And I cried when I saw his work, in spite of preparation!
A glimpse of his method and seeing what he went after,
Soon gave me to know I had something to dread.
He spoke not a word, but went straight to his work,
And went after the databases, then dumped them to a folder.
And setting up an FTP to accept them,
And giving a nod, out the firewall he rose!
He exported the files, to his team gave a whistle,
And away they deleted all the logs.
But I heard him exclaim, ‘ere we left the system,
"Happy Hacking to all, and to all a good-night!"
To see how Rapid7 can prevent breaches from happening visit www.Rapid7.com