With increasing cyber crimes, terrorism has moved to another level. Do they really need ammunition to terrorize the world anymore when they have computers? They are Cyber-terrorist, or simply, hackers. On Friday, 12 May 2017, the world saw one of the biggest cyber attack, popularly known as WannaCry. This cyber attack also goes by the names WannaCrypt, WCry, WNCry. It infected more than 230 thousand computers in over 150 countries. Clearly, 2017 has not been the best year as far as security is concerned. Before WannaCry a Phishing scam targeted Gmail users. This worm caused a lot of trouble for many Gmail users even though it was a simple and old phishing technique. The reason behind this was its unbelievably sophisticated construction. Another malware called Judy is terrorizing Android users. It was found in over 41 apps on the Google play store. It has infected over 36.5 million users and counting.
What is WannaCry?
What is WannaCry?
It is a Ransomware which basically means if your computer gets infected by it then all your files will get be encrypted until you pay ransom for it. The ransom payment is accepted only in Bitcoins ( a digital payment system invented by some unknown programmers who go by the name Satoshi Nakamoto). It mostly targeted Windows Operating system, mainly Windows 7. In fact, Microsoft Windows was the most affected Operating system.
 |
| Infected OS Screen |
To unlock your files you had to make a payment of $300 or $600 in Bitcoins in 3 days. If the ransom was not paid in the given amount of time then your files were deleted. The following graph shows which Windows version got affected the most by WannaCry.
 |
| Affected Windows Version |
Recently after the WannaCry Attack, the value of Bitcoin surpassed the value of gold. The value of one Bitcoin exceeded the value of one ounce of gold. Just to be clear,
1 Bitcoin = 2389 USD = 182755 INR
Who's To Blame For WannaCry?
Microsoft is blaming U.S National Security Agency (NSA) for making it possible for the hackers to crack into Windows. In April 2017, Shadow Brokers (a group of hackers whose identity is not yet revealed) hacked into NSA, a U.S Spy Agency, and leaked a bunch of hacking tools online which is the main reason behind WannaCry's Success. Microsoft blamed NSA for not informing it about the vulnerabilities that were present before they were leaked online.Shadow Brokers leaked two exploits mainly, they are:
1. EternalBlue
2. DoublePulsar
EternalBlue: It was developed by NSA and it exploited a vulnerability present in the first version of Server Message Block (SMB), a network protocol operating at the application layer of OSI reference model which facilitates shared access to files and serial ports.
DoublePulsar: Also developed by NSA, this exploit allowed the hackers behind WannaCry to inject a Dynamic Link Library (DLL) shellcode into the victims computer and execute it.
How these two exploits worked together to support WannaCry Attack?
The shellcode executed using DoublePulsar exploit enabled hackers to target vulnerable computers using their IP addresses. The Exploitation was done via SMB port 445. Once the victims computer was infected by EternalBlue, DoublePulsar helped the hackers to maintain persistent control over the victims computer.
What was the Victims Fault?
A month later, after shadow brokers leaked Spy tools from the arsenal of NSA, Microsoft released the patches to fix the bug in SMB protocol and make Windows invulnerable to EternalBlue. However many of the victims did not install the patch which made WannaCry one of the biggest Cyber Attack the world has ever seen. This should be a good lesson for all those who are too lazy and ignorant to install security patches.
How To Protect Yourself From Cyber Crimes?
1. Strong and up to date Antivirus software - Always use a good antivirus software and make sure it is up to date from time to time.
2. Automatic System Update - Make a habit of keeping auto update enabled on your system. If you are unaware of new patches against some security breach then the auto update will automatically install it for you in your system.
3. Be Cautious when opening any attachment - Configure your antivirus in such a way that it first scans the attachment you are downloading and then let you open it.
4. Don't Follow Links Blindly - The easiest way for a hacker to get your information is to make you follow a sophisticatedly constructed duplicate link and make you fill out a form. For instance, a hacker may trick you to give away your information on a duplicate link of google which may look like: WWW.G00GLE.COM. Notice the underlined part in the link, instead of the alphabet 'O' it is numeral 0. This is just an example to make you familiar with the underhand tricks that a hacker may use to fool you. In reality, the links are much more sophisticated than the example given above.
5. Updated Web Browser - It is as crucial as having an updated antivirus. An updated web browser can easily help you steer clear off phishing sites. I would recommend you to use Chrome.
6. Back up your system - Regularly backup your system to an external hard drive. Prevention is always better than dealing with it afterward, but in some cases, you just can't prevent your computer from ransomware like WannaCry. In such situations, backup is your most desirable option.
7. Strong and different passwords for all accounts - We all are very smart and intelligent but no harm comes from following the tips to set a strong password while registering for a new account.
8. Don't have Obvious Answers to Security Questions - A hacker may hack into your account by answering security questions with obvious answers. But you should never have the obvious answers to security questions. Security questions are meant to assist you in case you are having a hard time logging into your account. They are not meant to assist hackers to get into your account. Take for instance the following security question:
Q. What is your mothers' middle name?
Now an obvious answer to it will be the actual middle name of your mother which a hacker can easily find. So a good answer to this question could be anything which you and only you know. It may be a number or a combination of numbers, character, and symbols which are known only to YOU and cannot be guessed by a hacker. I would answer the above security question as:
A. rollsroyace
9. Never delete any evidence - If you find yourself stuck in a situation online, never delete any evidence (chats, emails etc) that may help you get out of it legally.
10. Consult Security Experts - If you are involved in a cyber situation which is going out of your control, don't hesitate to consult a security expert. You may follow Mr. Rakshit Tandon, Cyber Security Expert, for great tips to prevent yourself from Cyber Crimes.
Web address: http://www.rakshittandon.com
Facebook: https://www.facebook.com/tandon.rakshit/
Facebook: https://www.facebook.com/tandon.rakshit/
Thank you, if you have any queries feel free to ask in the comment section. You can also contact us at:
Email: techievent@gmail.com
No comments:
Post a Comment