WannaCry Ransomware Attack 2017

Questions and Answers

What is an advanced persistent threat (APT) characterized by?

Using a wide variety of intrusion technologies and malware against specific targets over an extended period (correct)

Focusing on disrupting commercial websites

Randomly targeting individuals

Releasing malware in the wild to see what sticks

What is the primary purpose of a downloader?

To install other malicious software on a compromised system (correct)

To create a backdoor in a system

To launch a denial-of-service attack

To remove malware from a system

What is the term for a set of tools used to generate new malware automatically?

Exploit Builder

Vulnerability Scanner

Attack Kit (correct)

Malware Factory

What is a type of malware that displays unwanted advertisements?

Adware

What is the term for a mechanism that bypasses normal security checks, allowing unauthorized access?

Backdoor

What is a type of attack that uses code on a compromised website to exploit a browser vulnerability?

Drive-by download

What is a primary reason why worms are ideal for spreading malicious payloads?

Because they can rapidly compromise a large number of systems

What technique do worms use to evade detection and skip past filters?

Polymorphic technique

What is a characteristic of metamorphic worms?

They change their appearance

What is a zero-day exploit?

An unknown vulnerability that is only discovered by the general network community when the worm is launched

How many zero-day exploits were discovered and exploited in 2015?

54

What is a primary goal of worm developers when spreading a worm?

To maximize the spread of the worm

Which type of malware is characterized by its ability to spread from system to system without the need for human interaction?

Worm

What is the primary goal of an Advanced Persistent Threat (APT)?

Theft of sensitive information

What is the term for malware that is designed to target a specific individual or organization?

Targeted malware

What is the term for the process of identifying potential targets for a malware attack?

Target selection

What is the term for the process of assessing the potential impact of a malware attack?

Threat assessment

What is the term for malware that is designed to remain undetected on a system?

Stealth malware

What is the term for the process of analyzing malware in a controlled environment?

Sandbox analysis

What is the term for the process of detecting and blocking malicious traffic at the network perimeter?

Perimeter scanning

What is the term for the process of identifying and mitigating vulnerabilities in software and systems?

Vulnerability management

What is the term for the process of responding to and managing a malware outbreak?

Incident response

Study Notes

Malware Definition and Concepts

• Malware is software inserted covertly into a system to compromise data confidentiality, integrity, or availability.
• Advanced Persistent Threat (APT): Long-term cybercrime aimed at business and political targets, often state-sponsored.
• Adware: Software integrated with advertising, causing pop-ups or browser redirection.

Types of Malware

• Trojan Horse: Malicious software that misleads users about its true intent.
• Backdoor (Trapdoor): Unauthorized mechanism bypassing normal security to access a system.
• Downloader: Code that installs other malware on an already compromised machine.
• Worms: Self-replicating malware that spreads through vulnerabilities, often evading detection methods via polymorphic behavior.

Notable Malware Examples

• WannaCry Ransomware: Spread rapidly in May 2017, encrypting files and demanding Bitcoin ransom. Compromised systems included personal computers and servers across 150 countries.
• Mobile Phone Worms: First discovered via Cabir in 2004. Can disable phones, delete data, and send costly messages.

Malware Propagation Techniques

• Drive-by Download: Exploits browser vulnerabilities for automatic malware installation without user consent.
• Social Engineering: Users are tricked into compromising their own systems.
• Spam: Bulk unsolicited emails often containing malware links or phishing attempts.

Information Theft Mechanisms

• Keyloggers: Capture keystrokes to monitor sensitive data, targeting keywords like passwords.
• Spyware: Monitors and reports user activity, including redirecting web traffic to fake sites.

Phishing Techniques

• Phishing: User trust exploited via deceptive emails that mimic legitimate sources to collect sensitive information.
• Spear Phishing: Personalized attacks targeting specific individuals with researched data.

Malware Countermeasures

• Prevention Strategies: Implementation of policy, awareness, and vulnerability management.
• Detection Techniques: Utilization of host-based behavior-blocking software to monitor and block malicious actions in real time.
• Sandbox Analysis: Allows potentially harmful code to run in a controlled environment to observe behavior without risk to the real system.

Monitoring Approaches

• Ingress Monitors: Analyze incoming traffic for malicious activities, focusing on unused IP addresses.
• Egress Monitors: Survey outgoing traffic for signs of suspicious behavior.

Summary of Malware Types

• Classification includes attack kits, advanced persistent threats, and various forms of malware like backdoors and worms.
• Malware can have damaging payloads such as data corruption, ransomware, and identity theft tactics.

Other Considerations

• The malware landscape continues to evolve with the emergence of zero-day exploits and increasingly sophisticated propagation techniques.
• Understanding malicious code and its countermeasures is crucial for maintaining cybersecurity.

Description

This quiz will test your knowledge of the WannaCry ransomware attack that occurred in May 2017. Learn about the impact of the attack, how it worked, and how to recover from it.