|
WannaCry
The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the form of Bitcoin cryptocurrency. It was propagated using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Microsoft Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers (TSB) a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these patches, or were using older Windows systems that were past their end of life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Marcus Hutchins
Marcus Hutchins (born 1994), also known online as MalwareTech, is a British computer security researcher known for stopping the WannaCry ransomware attack. He is employed by cybersecurity firm Kryptos Logic. Hutchins is from Ilfracombe in Devon. Early life Hutchins is the elder son of Janet Hutchins, a Scottish nurse, and Desmond Hutchins, a Jamaican social worker. Around 2003, when Hutchins was nine years old, the parents moved the family from urban Bracknell, near London, to rural Devon. Hutchins had shown early aptitude with computers and learned simple hacking skills early on such as bypassing security on school computers to install video game software. In addition, he spent time learning to be a surf lifeguard. He became involved with an online forum that promoted malware development, more as a means to show off their skills to each other rather than for nefarious purposes. When he was about 14 years old, he created his own contribution, a password stealer based on Intern ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
EternalBlue
EternalBlue is a computer exploit software developed by the U.S. National Security Agency (NSA). It is based on a zero-day vulnerability in Microsoft Windows software that allowed users to gain access to any number of computers connected to a network. The NSA was aware of this vulnerability but did not disclose it to Microsoft for several years, as it intended to use the exploit as part of its offensive cyber operations. In 2017, the NSA discovered that the software was stolen by a group of hackers known as the Shadow Brokers. Microsoft might have been informed of this and released security updates in March 2017 patching the vulnerability. While this was happening, the hacker group attempted to auction off the software, but did not succeed in finding a buyer. EternalBlue was then released publicly on April 14, 2017. On May 12, 2017, a computer worm in the form of ransomware, nicknamed WannaCry, used the EternalBlue exploit to attack computers using Windows that had not rece ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Lazarus Group
The Lazarus Group (also known as Guardians of Peace or Whois Team ) is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra (used by the United States Department of Homeland Security to refer to malicious cyber activity by the North Korean government in general) and ZINC or Diamond Sleet (by Microsoft). According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office. The Lazarus Group has strong links to North Korea. The United States Department of Justice has claimed the group is part of the North Korean governme ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ransomware
Ransomware is a type of malware that Encryption, encrypts the victim's personal data until a ransom is paid. Difficult-to-trace Digital currency, digital currencies such as paysafecard or Bitcoin and other cryptocurrency, cryptocurrencies are commonly used for the ransoms, making tracing and prosecuting the perpetrators difficult. Sometimes the original files can be retrieved without paying the ransom due to implementation mistakes, leaked cryptographic keys or a complete lack of encryption in the ransomware. Ransomware attacks are typically carried out using a Trojan horse (computing), Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction. Starting as early as 1989 with the first documented ransomware known as the AIDS (Trojan horse), AIDS trojan, the use of ransomware scams grew inter ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Kill Switch
A kill switch, also known more formally as an emergency brake, emergency stop (E-stop), emergency off (EMO), or emergency power off (EPO), is a safety mechanism used to shut off machinery in an emergency, when it cannot be shut down in the usual manner. Unlike a normal shut-down switch or shut-down procedure, which shuts down all systems in order and turns off the machine without damage, a kill switch is designed and configured to abort the operation as quickly as possible (even if it damages the equipment) and to be operated simply and quickly (so that even a panicked operator with impaired executive functions or a bystander can activate it). Kill switches are usually designed to be noticeable, even to an untrained operator or a bystander. Some kill switches feature a removable, protective barrier against accidental activation (e.g. a plastic cover that must be lifted or glass that must be broken), known as a mollyguard. Kill switches are features of mechanisms whose normal ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
DoublePulsar
DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agency's (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017. The tool infected more than 200,000 Microsoft Windows computers in only a few weeks, and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack. A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec. Sean Dillon, senior analyst of security company RiskSense Inc., first dissected and inspected DoublePulsar. He said that the NSA exploits are "10 times worse" than the Heartbleed security bug, and use DoublePulsar as the primary payload. DoublePulsar runs in kernel mode, which grants cybercriminals a high level of control over the computer system. Once installed, it uses three commands: ping, kill, and exec, the latter of which can be used to load malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware dete ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Server Message Block
Server Message Block (SMB) is a communication protocol used to share files, printers, serial ports, and miscellaneous communications between nodes on a network. On Microsoft Windows, the SMB implementation consists of two vaguely named Windows services: "Server" (ID: LanmanServer) and "Workstation" (ID: LanmanWorkstation). It uses NTLM or Kerberos protocols for user authentication. It also provides an authenticated inter-process communication (IPC) mechanism. SMB was originally developed in 1983 by Barry A. Feigenbaum at IBM to share access to files and printers across a network of systems running IBM's IBM PC DOS. In 1987, Microsoft and 3Com implemented SMB in LAN Manager for OS/2, at which time SMB used the NetBIOS service atop the NetBIOS Frames protocol as its underlying transport. Later, Microsoft implemented SMB in Windows NT 3.1 and has been updating it ever since, adapting it to work with newer underlying transports: TCP/IP and NetBT. SMB over QUIC was introd ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
National Security Agency
The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and processing of information and data for global intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems. The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine. The NSA has roughly 32,000 employees. Originating as a unit to decipher coded communications in World War II, it was officially formed as the NSA by President Harry S. Truman in 1952. Between then and the end of the Cold War, it became the largest of the U.S. intelligence organizations in terms of personnel and budget. Still, information available as of 2013 indicates that the C ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
The Shadow Brokers
The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools, including several zero-day exploits, from the "Equation Group" who are widely suspected to be a branch of the National Security Agency (NSA) of the United States. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, antivirus software, and Microsoft products. The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA's Tailored Access Operations unit. Name and alias Several news sources noted that the group's name was likely in reference to a character from the ''Mass Effect'' video game series. Matt Suiche quoted the following description of that character: "The Shadow Broker is an individual at the head of an expansive organization which trades in information, always selling to the highest bidder. The Shadow Broker appears to be highly competent at its t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Microsoft Visual C++
Microsoft Visual C++ (MSVC) is a compiler for the C, C++, C++/CLI and C++/CX programming languages by Microsoft. MSVC is proprietary software; it was originally a standalone product but later became a part of Visual Studio and made available in both trialware and freeware forms. It features tools for developing and debugging C++ code, especially code written for the Windows API, DirectX and .NET. Many applications require redistributable Visual C++ runtime library packages to function correctly. These packages are frequently installed separately from the applications they support, enabling multiple applications to use the package with only a single installation. These Visual C++ redistributable and runtime packages are mostly installed for standard libraries that many applications use. [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Taiwan Semiconductor Manufacturing Company
Taiwan Semiconductor Manufacturing Company Limited (TSMC or Taiwan Semiconductor) is a Taiwanese multinational semiconductor contract manufacturing and design company. It is one of the world's most valuable semiconductor companies, the world's largest dedicated independent (" pure-play") semiconductor foundry, and Taiwan's largest company, with headquarters and main operations located in the Hsinchu Science Park in Hsinchu, Taiwan. Although the government of Taiwan is the largest individual shareholder, the majority of TSMC is owned by foreign investors. In 2023, the company was ranked 44th in the ''Forbes'' Global 2000. Taiwan's exports of integrated circuits amounted to $184 billion in 2022, nearly 25 percent of Taiwan's GDP. TSMC constitutes about 30 percent of the Taiwan Stock Exchange's main index. TSMC was founded in 1987 by Morris Chang as the world's first dedicated semiconductor foundry. It has long been the leading company in its field. When Chang retired in 2018, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
