Recommended
More Related Content
Similar to Case Study: Wannacry Ransomware attacks Telefónica
Similar to Case Study: Wannacry Ransomware attacks Telefónica (20)
Recently uploaded
Recently uploaded (20)
Case Study: Wannacry Ransomware attacks Telefónica
- 1. Case Study:Wannacry Ransomware attacks Telefónica Sergio Renteria Nuñez
- 2. Ransomware Attack ● Ransomware is a type of malware that targets computer systems. Its operation varies depending on the type.There are 3 main types or families of Ransomware: Crypto, Locker, and Leakware/Doxware.The Crypto family encrypts a group of files on the station; the Locker type, blocks access to the computer; whereas, the Leakware/Doxware family blocks access to the operating system and files, threatening the user with the publication of confidential information.The common denominator that the 3 families have is that the device and the information is inaccessible and to recover it, a ransom must be paid, typically in cryptocurrencies such as Bitcoin. ● According to cybersecurityventures.com: "Global Ransomware Damage Costs PredictedTo Exceed $265 Billion By 2031. Fastest growing type of cybercrime is expected to attack a business, consumer, or device every 2 seconds by 2031".
- 3. What happened in Telefónica? ● Founded in 1924,Telefónica, S. A. is a Spanish multinational telecommunications corporation based on Madrid. It offers telephone, internet and television products and services. It is currently the fourth largest company in Europe and the thirteenth worldwide. In addition, it is listed on the Spanish stock market under the acronymTEF of the IBEX 35 stock index. ● According to Microsoft, the NSA was looking for vulnerabilities inWindows products during 2011. By 2012 they found a bug in the SMBv1 protocol ofWindows systems and developed the Eternal Blue exploit, which was stolen in 2016.This fact caused the NSA to notify Microsoft of the vulnerability in February 2017, so on March 14, 2017, the company published the security bulletin MS17-010 with CVE-2017-0145. Later, in April 2017, a group of hackers called Shadow Brokers leaked Eternal Blue which served as the basis for the worldwide ransomware attack calledWannacry. TheWannacry cyberattack started on May 12, 2017, with Spanish companies being the first victims, and specificallyTelefónica.The CDO of the organization reported via his blog that using a phishing campaign someone fromTelefónica downloaded a dropper through a link, thereby infecting his computer.The infected computer scanned the LAN for computers vulnerable to Eternal Blue in order to infect them and continue spreading. Likewise, the objective ofWannacry was to encrypt the files and not steal data.To decrypt the information, it requested a ransom of 300 dollars in Bitcoin.
- 4. Timeline 2011: NSA was looking for vulnerabilities inWindows products during this year, according to Microsoft. 2012: NSA found a bug in several versions ofWindows and developed the Eternal Blue exploit. 2016:The Eternal Blue exploit was stolen from NSA by Shadow Brokers, a hacking group. 2017: NSA notifies Microsoft about the vulnerability in February. On March 14th, the company published the security bulletin MS17-010 with CVE-2017-0145. 2017: In April, Shadow Brokers leaked Eternal Blue. Wannacry attack started on May 12th.That day, aTelefónica employee clicked on a link in a phishing email and downloaded a dropper, thus infecting his computer and later other computers with the ransomware. 2017:Wannacry encrypted the files of hundreds of computers and to decrypt them they asked for 300 dollars in Bitcoin for each computer, which was rejected.Telefónica disconnected the equipment from a part of the LAN. Finally, the CDO announced viaTwitter that they had been affected by the malware. Wannacry ransomware attacksTelefónica 1 2 3 4 5 6
- 5. Vulnerabilities Lack of user computer security education and a strict vulnerability management policy. Phishing Lack of education in basic computer security and in this type of attack in particular. Vulnerability and Patch Management Program Delay in the discovery of vulnerabilities and in the application of their respective patches. Systems Lack of upgrade in operating systems.
- 6. Costs Prevention • Nearly $260,000 from repairing approximately 650 computers at an average cost of $400 each. • AlthoughWannacry did not affect its clients, there was an economic impact due to the disconnection of the personnel during the 48 hours it took to solve the incident. • Costs derived from overtime for security checks and investment in implementing additional security measures. • Reputational damage and reduced trust of customers and partners. • Education, by levels, in cybersecurity for all company workers. • Early detection. • Follow a strict vulnerability and patch management plan. • Keep operating system and all software updated and configured. • Perform regular backups and keep them isolated from the network segment. • An intelligent SOC with machine learning in order to detect anomalous behavior.