Explore

s24 IN2004 G6 System Security Lab 3 Not Petya

How to hand this in:

Make a text file / 1 per team, named as TeamName.txt

Text file contains all team members’ info (name, student id, email)

Text file contains the Link to your Latex

Overleaf.com⁠

Project URL.

For example: here is a link to my Latex Document:

https://www.overleaf.com/3856266878qqxccprwrtbk#3147bc⁠

⁠

Peter@petersigurdson.net⁠

must be an editor of your Latex Document.

Upload this text file to :

https://www.dropbox.com/request/1iWSR1HtHV4h8wfx0MD4⁠

⁠

Grading Rubric

Based on the lab assignment details provided, here's a suggested grading rubric for the NotPetya assignment:

0. Content presentation in front of the class to assess learning (50 points)

1. Content Coverage (10 points) - Thoroughly addresses all 10 research questions (4 points each) - Demonstrates deep understanding of NotPetya and ransomware in general

2. Technical Accuracy (10 points) - Correctly explains technical concepts related to NotPetya and ransomware - Accurately describes infection vectors, attack lifecycle, and defense mechanisms

3. Analysis and Critical Thinking (10 points) - Provides insightful analysis of ransomware evolution and impact - Critically evaluates pros and cons of paying ransoms - Discusses implications of cryptocurrency in ransomware attacks

4. Organization and Structure (10 points): This is where Latex will help you! - Logical flow of information - Clear and coherent presentation of ideas

5. Use of LaTeX (5 points) - Proper formatting and use of LaTeX features - Professional appearance of the report

6. Citations and Sources (5 points) - Appropriate use of credible sources - Proper citation of information

7. Teamwork (if applicable) (5 points) - Equal contribution from all team members - Cohesive integration of different sections

Total: 100 points

Bonus points could be awarded for: - Exceptional depth in analyzing the NotPetya case study (up to 5 points) - Innovative insights or solutions proposed (up to 5 points)

This rubric ensures a comprehensive evaluation of the students' understanding of NotPetya and ransomware, their technical knowledge, analytical skills, and ability to present information effectively using LaTeX. The weightings can be adjusted based on the specific focus and priorities of the course.

What you are to do for this Lab:Present a Latex presentation report to answer the provided research questions about Not Petya.

You can work in teams.

Using Latex

⁠

To guide students in their investigation of the NotPetya cyberattack, here are 10 directed research questions:

Use any research tools you like:

Google

You.con

⁠

Perplexity.ai⁠

⁠

Claude.ai⁠

⁠

Merlin

Google Gemini

What is ransomware and how does it differ from other types of malware?

What are the main infection vectors used by ransomware attackers?

What are the key steps in a typical ransomware attack lifecycle?

What are some of the most notable ransomware variants in recent years and how do they differ?

How has ransomware evolved over time, from early examples to modern "double extortion" tactics?

What industries or types of organizations are most commonly targeted by ransomware attacks? Why?

What are some of the key technical and non-technical defenses against ransomware?

How should an organization respond if infected with ransomware? What are the pros and cons of paying the ransom?

What role do cryptocurrencies play in enabling ransomware attacks?

How have government agencies and law enforcement adapted their approaches to combat the rise of ransomware?

These questions will help guide students to explore the key aspects of ransomware, from technical details to broader impacts and mitigation strategies.

These questions align with the overall learning objectives for analyzing the NotPetya case study and understanding modern cybersecurity threats.

Technical Backstory:

⁠

What you are to deliver:

You can work in teams of up to 4. You will present a Latex formatted report on your findings.

The NotPetya cyberattack, which occurred on June 27, 2017, is widely regarded as one of the most destructive cyberattacks in history. It primarily targeted Ukrainian organizations but quickly spread globally, causing an estimated $10 billion in damages. The attack leveraged several techniques, including user account privilege escalation, to achieve its devastating impact.

Connection Between User Account Privilege Escalation and NotPetya

Initial Infection and Spread:

NotPetya initially spread through a compromised update mechanism of the Ukrainian tax software M.E.Doc. Once inside a network, it used the EternalBlue exploit (CVE-2017-0144) to propagate without user intervention, similar to the WannaCry ransomware attack.

Credential Theft and Privilege Escalation:

NotPetya included a version of the Mimikatz tool, which is designed to extract credentials from the memory of infected systems. This allowed the malware to steal legitimate user credentials, including those with administrative privileges.

By obtaining these credentials, NotPetya could perform lateral movement within the network, escalating privileges as needed to access and infect more systems. This method of privilege escalation was crucial for the malware to spread rapidly and cause widespread damage.

Impact of Privilege Escalation:

The ability to escalate privileges enabled NotPetya to encrypt critical system files, including the master boot records, rendering systems inoperable. This was a key factor in the extensive disruption caused to organizations such as Maersk, Merck, and Mondelez International.

The malware's use of administrative credentials allowed it to bypass security measures and infect systems deeply, making recovery difficult and increasing the overall impact of the attack.

Mitigation and Prevention Strategies

To prevent similar attacks, organizations should implement robust cybersecurity measures, including:

Regular System Patching: Ensuring all systems are up-to-date with the latest security patches to mitigate known vulnerabilities like EternalBlue.

Strong Authentication Methods: Implementing multi-factor authentication (MFA) to reduce the risk of credential theft and unauthorized access.

User Activity Monitoring: Monitoring user activity for suspicious behavior that could indicate compromised accounts or privilege escalation attempts.

Principle of Least Privilege: Limiting user permissions to only what is necessary for their role to minimize the potential damage from compromised accounts.

Network Segmentation: Using network segmentation to contain the spread of malware within an organization.

By understanding the role of user account privilege escalation in the NotPetya attack, organizations can better prepare and defend against similar threats in the future.

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.