Hack Naked News #124
Recorded May 16, 2017 at G-Unit Studios in Rhode Island!
Ransomware Expert Commentary: Amanda Rousseau, Endgame
Amanda is a Senior Malware Researcher at Endgame and was previously a Malware Researcher and Technical Lead for dynamic behavior detection both on Windows and OSX platforms at FireEye. She has worked on government and commercial incident response engagements and forensic investigations in her previous roles. She has also spent time at the Department of Defense Cyber Crime Center as a malware reverse engineer and computer forensic examiner. Her previous research subjects include malware api sequencing, vehicle embedded computer forensics and exploitation, malware analysis automation, and malware attribution.
- Tell us about your background as a malware researcher
- The "perfect storm" that was created is interesting: Remotely exploitable SMB service, patch issued for supported operating systems, then legacy operating systems and Microsoft's own advice for disabling SMBv1. Is this an anomaly?
- It seems as though this malware was not very good, given the kill switch and usage of public exploits and backdoors. Could it have been worse if they were more stealthy?
- Did you gauge the intent of the malware authors?
- Aside from securing your environment properly, how can we detect and prevent threats such as this? Detect the exploit? exploitation technique? payload? beacon traffic? Post-infection behavior? Attempts to encrypt files?