Question

Case Study 1: Recent attacks

1. How could the attack been prevented if the five fundamental security principles—layering, limiting, diversity, obscurity, and simplicity—had been applied?

2. Create a table that lists each of these security principles and how they could have been used to mitigate the attack.

Case Study 2: Crypto-malware Attacks

Use the Internet to research some of the recent different crypto-malware ransomware attacks.

1. Define Crypto-malware Attacks and list some of them.
2. What do they do?
3. Why are they so successful?
4. How are they being spread?
5. What can users do to protect themselves?

Answer 1

Case Study 1: Please mention the attack being referred to.

Case Study 2:

Define Crypto-malware Attacks and list some of them.

Crypto-malware ransomware is a type of harmful program that encrypts files stored on victim's device in order to extort money from victim. These are malwares which holds data as hostage. The ransomware are increasing every year.

Here are some of the biggest attacks : WannaCry (2017), SamSam(2015), SimpleLocker(2015), TeslaCrypt (2016)

What do they do?

It essentially takes the files hostage and in return demands a ransom in exchange for the decryption key needed to restore the files. It scrambles the file to make it unreadable. To restore it to normal use, a decryption file will be needed.

There are some malwares which encrypt specific types of files. While others encrypt many different file types.

However, there's a malware which directly encrypts Master Boot Record (MBR) which is special computer program that loads on boot, allowing all other programs to run. After the encryption is complete, the crypto-ransomware will display a message containing the ransom demand. The amount will vary ans is accepted in Bitcoins or a similar digital cryptocurrency.

Why are they so successful?

There are three reason:

• It has been around for a while, which means it has evolved over a time
• Process is automated and straightforward. Doesn't require finding important information about victim
• It's highly scalable. Can initiate attack on single click by sending millions of email!
• Payment in BitCoin make the identity of attacker untraceable.

How are they being spread?

• Via files or links delivered through emails or messages
  • Attachments download crypto-ransomware onto the device.
• Downloaded onto your device by other threats like trojan-downloaders

The files received can't directly be triggered, they need to be opened. This is where victim is tricked to open the file.

What can users do to protect themselves?

• Backup data regularly
• Regularly update and apply security patch in all your OS
• Enable all your antivirus solution's security features
• Take emails from unknown sender with pinch of salt, especially if there is attachment
• Keep antivirus up to date