The half-day Ransomware seminar at the RSA Singapore 2017 conference dived into the latest waves of attacks in Cyber Space. Through innovative research, case studies and panels, the seminar discussed and offered insights into the technical, policy, compliance and economics of the issue and the underground economy – its motivation, actors and organisations, and impacts on the wider economy
When WannaCry struck computer systems of private and public organisations across 150 countries in May, notably the NHS (National Health Service in UK), several competing attribution theories were put forward with no consensus view: How similar to previous attacks were the use of the DoublePulsar backdoor, the EternalBlue exploit, and the SMB (Server Message Block) vulnerability for propagation? Were there consistent evidence linking the threat actors and their motivations to a sophisticated financially motivated group, or a national or state-affiliated actor conducting a disruptive operation?
Some pointed out that the low number of Bitcoin wallets could be attributed to either unsophisticated actor, or a state-sponsored actor conducting a trial run. The initial infection vector remained unknown. IBM X-Force scanned over one billion emails passing through its honeypots and found no evidence suggesting that spam/phishing was the first stage of attack and functioned as the delivery mechanism of the ransomware.
Over time, new information will come to light and support or discredit the theories of who was behind the WannaCry campaign. The recent arrest of the alleged NotPetya perpetrator operating from his Ukraine home illustrated how, in some cases, the plausible identities of the attackers may not even form part of the widely discussed theories…Click HERE to read full article.