CUOA WannaCry Detections At An All Time High Article Analysis

Business Finance

Post 1 student #1

RE: Weekly Topic Summaries/Comments Here

COLLAPSE

Top of Form

The article I chose this week to summarize is “WannaCry Detections At An All-Time High” by Jai Vijayan. Link: https://www.darkreading.com/endpoint/wannacry-detections-at-an-all-time-high/d/d-id/1335848

The article is discussing the aftermath that is occurring more than two years following the WannaCry outbreak. The WannaCry ransomware attack was a worldwide cyberattack which targeted computers running the Microsoft Windows operating system. The ransomware took advantage of Microsoft’s SMB protocol which allows Windows users to share files. The malware acted as a cryptoworm effecting system after system using EternalBlue, a zero-day exploit owned by the NSA.

Sophos, a security vendor, reported in the past month it had discovered and blocked more than 4.3 million attempts by WannaCry-infected hosts. According to Sophos, WannaCry detects seem to be reaching a new high, however, mostly all of the malware variants in circulation are unable to encrypt data and are ineffective. The malware’s potential to damage systems is low yet the systems remain vulnerable. Even though the final payload was corrupted, the malware still had the capability to spread to new systems and copy unwanted files to the machines.

In 2017, over 200,000 computers were impacted by WannaCry, but the outbreak ended when UK-based security researchers discovered a “kill-switch” that would stop the malware from spreading. Recent analysis done by Sophos showed that a vast number of the variants contain codes that have been altered from the original. Due to this, new samples are able to avoid the kill-switch mechanism and spread to systems that have not yet applied the Microsoft patch. However, the malware is still ineffective as the encryption component is broken due to the alterations. These alternations are not thought to be planned rather they are an error in replication. The number of systems that remain vulnerable to the EternalBlue exploit is unknown. No threat is fixing the system with a functional encryption code because an easier way of distributing ransomware is using an automated active attack model.

In the Singer/Friedman reading it discussed various types of cybercrime examples. Since so many crimes involve a digital component it is now difficult to define cybercrimes. This article was similar to an example used in the reading where cybercriminals made $72 million from people paying to have bogus malware warnings removed from their computers. Similarly, the article is discussing WannaCry an attack which encrypted data and demanded a ransom to retrieve the information.

Post 2 student #2

RE: Weekly Topic Summaries/Comments Here

COLLAPSE

Top of Form

This paper is a summary of Kelly Sheridan’s article titled “Malware Linked to Ryuk Targets Financial & Military Data”. The article was published on September 13, 2019 in the DarkReading website and is available at https://www.darkreading.com/threat-intelligence/malware-linked-to-ryuk-targets-financial-and-military-data/d/d-id/1335808

In this article Sheridan reports about a recent discovery of a new malware that resembles the Ryuk ransomware. This malware is specifically designed to steal confidential information from military, financial institutions and from law enforcement agencies. Ryuk ransmware is designed to encrypts the targeted information and data and then ask victims for a ransom. However, the new malware, unlike Ryuk, does not encrypt data. Rather it explores files in the victim’s computer, identify confidential files and copies them to a separate site that is under the control of the attackers. Cyber security experts have not yet identified the method that attackers are using to load the malware into a victim’s computer.

The unique aspect about this malware is that it scans and identifies files using a list of 77 strings that are in a blacklist. In this case, when a computer folder or file matches the string, the malware automatically stops checking the files and goes further to verify the validity of the file. Some of thesestrings include “finance”, “report”, “military”, “SWIFT” and “Routing”. Other are “Clandestine”, and “Checking” among others. Whenever a file is matched to one of the 77 strings, it is copied to server that is controlled by the attackers. It is not known how the attackers are using or intend to use this information.

The new malware can be compared to the “Shady RATs” malware that is discussed in Singer and Friedman book. Generally, malware attacks presents one of the most common methods attackers are using to obtain confidential information from governemnt agencies and private institutions. Singer and Friedman highlight that attackers are today able to penetrate into systems of institutions that may even highly secure such as the CIA. This shows that cybercrime is becoming of a much bigger scale that many people would think.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *