___________ by Mary-Jane Phillips___________________
I had just finished a course on ransomware when Wanna Cry hit. This ransomware was not typical in the way it was delivered, so I spent time reading media articles and tweets about the 'outbreak'. Experts on Twitter led me to Malware Tech's botnet tracker which sadly, is not currently available. At the time, I was able to see the map of Wanna Cry infections over time. (Including in Australia). https://www.malwaretech.com/
I also saw the famous tweet from Marcus Hutchins of Malware Tech about the Wanna Cry 'kill switch' domain name being registered. Mass media was much slower to report information than Twitter and was often incorrect. So Twitter has become my source of information on rapidly spreading, malware.
Now, I use malware events on Twitter to fine tune my feed of malware information. This is the simple process.
- Find the relevant trending hash tags on Twitter. E.g. #wannacry #wannacrypt or #expeta #expetya #notpetya or #bad rabbit #badrabbit ransomware
- Scan through the tweets to see which ones get a large number of likes, re-tweets or comments (or are liked by experts).
- Critically assess the tweets (E.g. Large numbers of comments can mean it is controversial).
- Follow people that give you valuable information on the level of risk, prevention methods, short and long term fixes. (or whatever you are looking for in particular)
- Think hard before clicking a link. During an incident, a certain percentage of malicious links will appear. People who care about the security of society will communicate as much information as possible within the tweet and not just have a hook for you to click.
- Expand and refine your list with every malware incident.
- Identify your favourites. (You will see who collaborates and who is marketing).
- Find the relevant trending hash tags on Twitter. E.g. #wannacry #wannacrypt or #expeta #expetya #notpetya or #bad rabbit #badrabbit ransomware
- Scan through the tweets to see which ones get a large number of likes, re-tweets or comments (or are liked by experts).
- Critically assess the tweets (E.g. Large numbers of comments can mean it is controversial).
- Follow people that give you valuable information on the level of risk, prevention methods, short and long term fixes. (or whatever you are looking for in particular)
- Think hard before clicking a link. During an incident, a certain percentage of malicious links will appear. People who care about the security of society will communicate as much information as possible within the tweet and not just have a hook for you to click.
- Expand and refine your list with every malware incident.
- Identify your favourites. (You will see who collaborates and who is marketing).
I particularly like Hasherezade on reverse malware engineering. She is scientific and has a great network of people she calls on for rapid help. https://twitter.com/hasherezade
With a relatively small amount of work over time, Twitter gives you fast access to a diverse range of experts on malware risk, as well as short and long term fixes. The method would probably work for most areas in cybersecurity but it works particularly well for malware due to the speed of communication and collaboration required in the community.
Have a look to see the reverse malware experts I follow. This is the link to my Twitter profile. And please connect with me on LinkedIn. I look forward to meeting you all.
Have a great day.
Mary-Jane Phillips
Mary-Jane Phillips BSc GDip Eng MBA
Mary-Jane began her career in scientific equipment sales, then moved into environmental management and assisted with ISO14001certifications. Mary-Jane is currently working on her micromasters in cybersecurity at Rochester Institute of Technology, and CISSP associate certification. Mary-Jane is highly skilled with risk and compliance management systems and is actively looking for a cyber security role in Brisbane, part time in 2018 and full time in 2019.
Mary-Jane began her career in scientific equipment sales, then moved into environmental management and assisted with ISO14001certifications. Mary-Jane is currently working on her micromasters in cybersecurity at Rochester Institute of Technology, and CISSP associate certification. Mary-Jane is highly skilled with risk and compliance management systems and is actively looking for a cyber security role in Brisbane, part time in 2018 and full time in 2019.
 |
| (c) AWSN 2017 |
Disclaimer: The views and opinions expressed in this article are those of the author/s and do not necessarily reflect the official policy or position of any agency, organisation or association.
No comments:
Post a Comment