Hello i'm from Singapore university you can call "Jun" so let explain I'm looking for a topic about cyber sec especially malware. I want to cover the topic of "Wannacry" but have a problem with thesis, can you help find these criteria:
Who made Wannacry
History Wannacry
Techniques in malware (virus)
Encryption
Analysis
prevent
Or any suggest? I can speak Indonesian but a little bit i hope someone can help
*Beware click the link!
Freelance | Student
I don't think so who made this malware. But I know Marcus Hutchins he stopped wannacry attack by registering a web domain found in the malware's code you can see on Youtube
Wannacry exploited a security vulnerability in Windows contained in SMB this called EternalBlue. This vulnerability was discovered by the NSA but the exploit has been hacked by Shadow Brokers. This virus can enter through from packets sent on the network. This virus is spread by spam, social e, phishing, crack applications and others
This virus can lock files, as well as propagate itself, for this you can analyze from the network, observe the behavior of the packets sent. WannaCry, Petya, NotPetya and Locky, uses a hybrid encryption scheme, with a combination of AES and RSA encryption
To analyze you need to know about reverse engineering. These skills are necessary to analyze what programs do, what they deliver and so on. So you can find a loophole or information from the program, for this I don't know much more about it
How to prevent?
1. Data backup
2. Protect your email from spam
3. Be careful with malicios link
4. Always update AV software or operating system
5. Security awareness
6. Following information about hacking
7. Use a firewall
I've forgotten about this malware, to find out more in depth try to find a journal reference or read a malware methodology
If I give suggest. Maybe you can investigation Follina zero day (CVE-2022-30190) It's in 2022 I've found some IoC and dataset about this
CVE-2022-30190 ( IOCS ) :
Images foolina
Help
https://www.hypr.com/shadow-brokers/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/follina-msdt-exploit-malware
https://www.socinvestigation.com/new-microsoft-office-zero-day-follina-detection-response/
https://securelist.com/cve-2022-30190-follina-vulnerability-in-msdt-description-and-counteraction/106703/
https://davinsi.com/news/threat-advisory-follina-cve-2022-30190
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/follina-microsoft-office-zero-day-cve-2022-30190.html
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
https://www.virustotal.com/gui/search/follina/comments
https://www.virustotal.com/gui/file/4f11f567634b81171a871c804b35c672646a0839485eca0785db71647a1807df/community
I hope this helps
Reply