Security Domains involved (Unit 3)
User domain: Many of the people involved were not aware of the possible online threats and did not update their Windows versions, or were still using old or end-of-life Windows systems, leaving vulnerabilities and exploits for the hackers to use.
​
​
​
​
System domain: When the worm was executed, it was capable of spreading across the network without human interaction, making it able to spread quickly and infect more than 300,000 computers in less than 3 days.
​
​
​
​
Organization domain: The National Security Agency discovered this vulnerability and, rather than reporting it to the cybersecurity community, they developed code to exploit it, called EternalBlue. This exploit was in turn stolen by a hacking group known as the Shadow Brokers, who released it to the public with a post on April 8, 2017.
User Domain
How did the computers get infected?
​
The ransomware, 'WannaCry' was initially thought to be spread through phishing emails, however the 'WannaCry' was actually a worm. As such, the worm are able to self-replicate itself to other computers on the same network.
​
How was the User Domain compromised?
​
The victims of the worm were negligent to keeping up-to-date to the latest Windows 7 patch, and hence their devices were vulnerable to the worm.
​
​
​
System Domain
WannaCry exploited what vulnerability?
​
The WannaCry ransomware exposed a specific Microsoft Windows vulnerability.
The ransomware exploited a security flaw within the Microsoft Windows 7 or older operating system. Due to most people negligence in patching their Windows operating system, their computers were vulnerable to the ransomware.
​
​
How did 'WannaCry' spread so fast?​
​
Wannacry is a worm as such, it is able to replicate and send copies of itself to other network devices without human actions. Those computers with unpatched Windows 7 operating system and are connected to the same network with an infected computer, were bound to get their computer infected as well.
​
Organization Domain
Policies, Standards, Guidelines, and Procedures
​
Lack of security policies of companies caused many of the victims to be running the outdated Microsoft Windows 7 or older operating system. This made them vulnerable to the malware that targeted exploited the flaw in Windows 7.
​
With proper procedures when dealing with the malware, the spreading could have been controlled and reduced. Since the malware was a worm, with proper preventive procedures, the spread could have been reduced, for example preventing the infected device from connecting to other network devices.