Cybercrime Goes Mobile

gmazur at March 05,2015
Nice, easy to follow analysis of the Shamoon Malware attack. Stresses the importance of forensics and attribution. The narrator through a systematic forensic analysis was able to demonstrate how the malware worked and why forensically Shamoon more likely to be tied to an insider threat vice a nation state actor based on the tactics, techniques, and procedures executed by the malware and those who wrote it. With the name “wiper” associated, one could potentially jump to the conclusion that Shamoon was tied to flame, Duqu, or Stuxnet, thus linking it to a nation state cyber-attack. In reality the malware was “noisy”, pointed to an “internal”, poorly written, and made use of known credentials. The video, as such, also demonstrates the ease at which a motivated amateur coder could inflict severe damage to an organization, the dire need for all company employees to learn cyber security and hire highly qualified cyber defenders.

nbodyk at March 10,2015
Interesting video. Interesting that this attack was allegedly carried out by an insider who brought the malware in on a USB drive. A relatively simple virus that did a lot of damage and infected 30,000 machines. The attacker was clearly trying to send a message as well as create a lot of work for the system administrator and help desk. Once you destroy the MBR, you have to reload the HD from a new image to get the computer working again. 30,000 computers is a lot of systems, which results in a lot of down time on the network while systems are being re-imaged and loaded back onto the network.

dmoraval at March 18,2015
This attack is unique and uncommon. The malware reported to a server inside the company. Uncommon behavior, malwares usually report to a server on Internet, outside attacked network. It is a destructive malware, wipe files and destroy MBR. Check this video to understand some basic ideas how virus work.

dmoraval at March 18,2015
This attack is unique and uncommon. The malware reported to a server inside the company. Uncommon behavior, malwares usually report to a server on Internet, outside attacked network. It is a destructive Malware, wipe files and destroy MBR. Check this video to understand some basic ideas how virus work.

dmoraval at March 18,2015
This attack is unique and uncommon. The malware reported to a server inside the company. Uncommon behavior, malwares usually report to a server on Internet, outside attacked network. It is a destructive malware, wipe files and destroy MBR. Check this video to understand some basic ideas how virus work.