Infection Stats on Well-known malware
egrizzly
Member Posts: 533 ■■■■■□□□□□
Does anybody know a good source where I can obtain data on the speed with which recent malware attacks (e.g. WannaCry, Conficker, MyDoom, CodeRed, etc) infected various corporate networks with. I'm working towards an article on threat readiness. Thanks all for your inputs in advance. I'll also post if I discover this on Google first.
* not necessarily how fast it spread globally...looking for speed it spread through individual corporate networks.
* not necessarily how fast it spread globally...looking for speed it spread through individual corporate networks.
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Comments
-
yoba222 Member Posts: 1,237 ■■■■■■■■□□Cisco Talos might have something on that, but likely more towards how fast one piece of malware might theoretically be able to propagate, based on reverse engineering individual samples.
As far as example case history of overall pwning the whole corporate network, that would be hard data to find I think. I've found the kinds of companies who have a security posture poor enough to get ransomwared are also unorganized in general and not logging many things they should be. So even in a forensic analysis on the network after the fact, there isn't good data to go on to piece the attack back together.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
636-555-3226 Member Posts: 975 ■■■■■□□□□□i've never seen official stats from a published study, but talked to companies affected and it was literally as fast as the computers could process the malware and the network links could tolerate, up to hundreds of computers in less than 5 minutes. it's the classic zombie scenario.
one infected patient bites 2
2 bite 4
4 bite 8
8 bite 16
16 bite 32
32 bite 64
etc. exponential growth that ramps up extremely quickly. so in the beginning you might just get a few infected computers, but after 10 minutes you've got hundreds or thousands -
tedjames Member Posts: 1,182 ■■■■■■■■□□636-555-3226 wrote: »i've never seen official stats from a published study, but talked to companies affected and it was literally as fast as the computers could process the malware and the network links could tolerate, up to hundreds of computers in less than 5 minutes. it's the classic zombie scenario.
one infected patient bites 2
2 bite 4
4 bite 8
8 bite 16
16 bite 32
32 bite 64
etc. exponential growth that ramps up extremely quickly. so in the beginning you might just get a few infected computers, but after 10 minutes you've got hundreds or thousands
That also works with feral cats. Start with two and end up with thousands within a few years. -
egrizzly Member Posts: 533 ■■■■■□□□□□636-555-3226 wrote: »i've never seen official stats from a published study, but talked to companies affected and it was literally as fast as the computers could process the malware and the network links could tolerate, up to hundreds of computers in less than 5 minutes. it's the classic zombie scenario.
one infected patient bites 2
2 bite 4
4 bite 8
8 bite 16
16 bite 32
32 bite 64
etc. exponential growth that ramps up extremely quickly. so in the beginning you might just get a few infected computers, but after 10 minutes you've got hundreds or thousands
Wow. Thanks 636. I'll try to dig into some encyclopaedias to see if I can find the stats/speed. I'm sure some cybersecurity company or Ph.D researcher has published something like this.B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+