Options

Infection Stats on Well-known malware

egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
in Other Security Certifications
Does anybody know a good source where I can obtain data on the speed with which recent malware attacks (e.g. WannaCry, Conficker, MyDoom, CodeRed, etc) infected various corporate networks with. I'm working towards an article on threat readiness. Thanks all for your inputs in advance. I'll also post if I discover this on Google first.

* not necessarily how fast it spread globally...looking for speed it spread through individual corporate networks.
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
· Share on FacebookShare on Twitter

Comments

  • Options
    yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    Cisco Talos might have something on that, but likely more towards how fast one piece of malware might theoretically be able to propagate, based on reverse engineering individual samples.

    As far as example case history of overall pwning the whole corporate network, that would be hard data to find I think. I've found the kinds of companies who have a security posture poor enough to get ransomwared are also unorganized in general and not logging many things they should be. So even in a forensic analysis on the network after the fact, there isn't good data to go on to piece the attack back together.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
    · Share on FacebookShare on Twitter
  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    i've never seen official stats from a published study, but talked to companies affected and it was literally as fast as the computers could process the malware and the network links could tolerate, up to hundreds of computers in less than 5 minutes. it's the classic zombie scenario.

    one infected patient bites 2
    2 bite 4
    4 bite 8
    8 bite 16
    16 bite 32
    32 bite 64
    etc. exponential growth that ramps up extremely quickly. so in the beginning you might just get a few infected computers, but after 10 minutes you've got hundreds or thousands
    · Share on FacebookShare on Twitter
  • Options
    tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
    636-555-3226 wrote: »
    i've never seen official stats from a published study, but talked to companies affected and it was literally as fast as the computers could process the malware and the network links could tolerate, up to hundreds of computers in less than 5 minutes. it's the classic zombie scenario.

    one infected patient bites 2
    2 bite 4
    4 bite 8
    8 bite 16
    16 bite 32
    32 bite 64
    etc. exponential growth that ramps up extremely quickly. so in the beginning you might just get a few infected computers, but after 10 minutes you've got hundreds or thousands

    That also works with feral cats. Start with two and end up with thousands within a few years.
    · Share on FacebookShare on Twitter
  • Options
    egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    636-555-3226 wrote: »
    i've never seen official stats from a published study, but talked to companies affected and it was literally as fast as the computers could process the malware and the network links could tolerate, up to hundreds of computers in less than 5 minutes. it's the classic zombie scenario.

    one infected patient bites 2
    2 bite 4
    4 bite 8
    8 bite 16
    16 bite 32
    32 bite 64
    etc. exponential growth that ramps up extremely quickly. so in the beginning you might just get a few infected computers, but after 10 minutes you've got hundreds or thousands

    Wow. Thanks 636. I'll try to dig into some encyclopaedias to see if I can find the stats/speed. I'm sure some cybersecurity company or Ph.D researcher has published something like this.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
    · Share on FacebookShare on Twitter
Sign In or Register to comment.