Subscribe via RSS Feed Connect on Google Plus Connect on Flickr

WannaCry glossary in Plain English

Monday, 22 May, 2017

StrategyPage examines what it calls “An Endless Mystery Called WannaCry” and rounds off the piece with a useful glossary of basic hacker terms “in plain English” that begins with “Backdoor” and ends with “ZDE” (Zero Day Exploit). Three examples:

EternalBlue – A bit of malware developed by the NSA that exploits a ZDE in Microsoft local network software. EternalBlue was stolen and distributed by Wikileaks.

Spear fishing– a fishing operation where targets are carefully chosen and researched before putting together the attack. Despite having software and user rules in place to block spear fishing attacks there are so many email accounts to attack and you only have to get one victim to respond to a bogus email with a ‘vital attachment’ that must be ‘opened immediately’.

Social Engineering– Exploiting human nature to get malware onto a system. This is what fishing and spear fishing attacks depend on.

Update: Keith Collins has a superb article in Quartz titled Inside the digital heist that terrorized the world—and only made $100k. Bottom line:

“All told, the three bitcoin wallets used in the attack have received just under 300 payments totaling 48.86359565 bitcoins as of Saturday evening, the equivalent of about $101,000 USD. That’s a small take for an attack that infected nearly 300,000 systems, made medical care inaccessible, shut down factories, and ultimately may have created billions of dollars in losses.”

There’s something very fishy about the WannaCry fishing.


Filed in: Crime • Tags: , , , ,

Comments are closed.