Case Study of WannaCry Ransomware
9 Pages3694 Words113 Views
Added on 2021-02-24
Case Study of WannaCry Ransomware
Added on 2021-02-24
ShareRelated Documents
Word Count: 2468 ContentsABSTRACT............................................................................................................3 INTRODUCTION.............................................................................................................3 CASE STUDY The potential vulnerabilities that have led to the speci ic cyber attack...............................4 The type of access rights required to exploit a vulnerability............................................4 Entry point of the attack.........................................................................................4 The overall low of the cyber-attack conduction...........................................................4 The parts of the system that failed...........................................................................4 The impact on the assets affected, inancial, reputation, data and third parties.......................5 The cyber security principle(s) were affected and in what ways......................................5 The type of attacker behind the attack and potential motivations.....................................5 The level of technical sophistication required to exploit a vulnerability..............................6 The laws affected by the attack and which laws will be complied with in the future...............6 Three ethical frameworks to assess the incident from a victim/adversary point of view..........7 The Prevention/Detection/Mitigation Techniques..........................................................7 CONCLUSION.........................................................................................................8 GROUP SUMMARY..................................................................................................8 REFERENCES........................................................................................................8 2
AbstractWith the rapid increasing use of technology, the extensive collection and online storage of data, and the ability to also make online payments, cyber security is integral to protecting our personal data and even our inances. Through our investigation of the 2017 WannaCry attack, we have overviewed possible techniques hackers may have used to break into the systems’ of organisations and individuals, the way these techniques may have damaged/affected data of organisations or individuals, the possible motivations behind the attack and how the attack was solved. Thus, we have learnt possible ways to prevent or reduce the severity of such attacks and ways of inding a kill switch to treat these incidents. IntroductionThis report aims to investigate one of the most famous ransomware attacks in history: the May 2017 WannaCry attack. This incident is a perfect representation of an active cyber-dependent attack which threatened integrity and availability of data across multiple computer systems world-wide, as this fraudulent attack involved ile manipulation, through encryption, with further malicious intentions, if crypto money wasn’t paid to the attackers. In particular, this report will examine the vulnerabilities exploited, the techniques and technical degree of these used, as well as the motivators behind the attack. Furthermore, this report will overview the impact on groups of individuals and various large organisations across different countries, the laws violated, in addition to the preventive measures and individuals involved at the recovery stage of the attack. Moreover, this report will address the ethical morality implied from a victim’s and adversary’s perspective. Given our gained knowledge from the module in conjunction with further online research, this report will: assess the effectiveness of the attack, outline how the attack could have caused a bigger impact and propose further prevention measures that could have taken place for future potential attacks of the same kind. Finally, this report will include the learning outcomes and personal indings gained from our research on the case study. 3
CaseStudyThepotentialvulnerabilitiesthathaveledtothespeci iccyberattackPotential vulnerabilities highlighted, include the fact that WannaCry was able to access organisations cybersecurity that did not have patches provided by Microsoft or that were ‘using older Windows systems that were past their end-of-life’. End-of-life refers to the ‘signi icance in the production supportability & purchase of soft/hardware products. Some argue that if it had not been for the lack of education around the need to update the software this attack could have been avoided. It was able to spread through corporate computers as it had a security exploit (Eternal Blue). which resulted in more than 200,000 computers over 150 countries left damaged ThetypeofaccessrightsrequiredtoexploitavulnerabilityAccess control is a form of sec that manages who and what can view or use resources within a computing environment it is essential in any business or organisation. The incident began with the U. S National Security Agency (NSA). The exploit was said to be stolen from someone within the agency, However, instead of reporting the event to Microsoft they decided to use it for their own personal gain and its ‘offensive work’. This means that they used it for ‘operations intended to project power by the application of force in and through cyberspace’. Eventually, Microsoft caught the light of the threat and in March 2017, issued a security bulletin ‘MS17-010. EntrypointoftheattackTens of thousands of computers had the Double Pulsar installed into their software meaning that there was a high chance of vulnerability. This allowed the WannaCry code to take advantage of the existing infection by Double Pulsar or install it. Once the malware is in the computer it checks the “kill switch”. The “kill switch” was a feature in Windows applications that disabled system-wide internet access if the VPN connection suddenly broke off or you disconnected manually. That way, it protected all the apps without terminating them. If the Malware was unable to detect this switch it would begin to encrypt the data of the computer. This attempts to exploit the SMB (Service Message Block) vulnerability and spread it out (randomly) to thousands of computers, globally. Theoverall lowofthecyber-attackconductionFriday 12 May 2017, the attack commenced. This was down to an exposed vulnerable SMB port rather than email phishing which everyone thought it was in the beginning. As with modern ransomware, the payload displayed a message telling the user that their iles had been compromised and alongside this would demand a sum of ‘US$300 in Bitcoin within three days or US$600 within seven days’. Once the victim cooperated with these demands, their money would be deposited in “wallets” or hardcoded bitcoin addresses. Through these wallets it allowed the perpetrators to remain unknown, making the possibility of getting money back virtually impossible. ThepartsofthesystemthatfailedThe reign of the WannaCry came to an end after Marcus Hutchins found a ‘kill switch domain hardcoded in the malware’. Hutchins registered a domain name for the DNS sinkhole used, this helped stop the attack spreading as this worm. The ransomware had only been able to encrypt the computer's iles if it had failed to connect to that domain. This did not help systems that had 4
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Wannacry: A Cyber-Warfare in Modern Timeslg...
|11
|2953
|469
Network Security and Data Communicationslg...
|10
|2937
|125
Network Security and Data Communicationslg...
|11
|3560
|61
Prevention of Cyber Fraud - Study Material and Solved Assignmentslg...
|19
|4599
|187
Contemporary Issues in Crime, Safety and Securitylg...
|15
|3605
|167
Network Securitylg...
|6
|779
|439