Because of the large amount of TCP, UDP, and ICMP traffic that traverses a normal network, Wireshark’s ability to filter that captured traffic at a granular level is particularly useful, especially when investigating and tracing the activities of a malware infection. Wireshark intercepts the binary traffic that traverses networks and, though its intuitive GUI, translates that data into human readable, filterable, and exportable formats. Understanding how Wireshark works is fundamental to truly appreciating its power. It’s analysis capabilities extend to dropped packets, latency issues, and of special interest to this project, malicious activity (Porup, 2018). This tool analyzes network traffic in real time and is used for analysis, troubleshooting and, as stated, forensic analysis.
Wireshark ( ) is a free network protocol analyzer that is a critical tool for any system administrator, security professional, or forensic investigator. Tools & Threats Wireshark & Network Analysis This report will explore Wireshark, a powerful network analyzer, as a forensic tool to examine and discuss the network traffic that is generated by an Emotet infection and suggest methods for early detection. The Emotet malware has been traditionally difficult to detect in systems and in its current form has been made available to malicious actors as a “Malware-as-a-Service” that can be customized with various malicious payloads (Petcu, 2021).
One of the most effective tools for malware infection has been the Emotet malware A malware that can itself collect and transmit data about the systems it infects while actively introducing other malware, such as ransomware, onto the system. Canada has been no exception to this rash of attacks and Canada’s cyber defence agency has warned that “attacks against critical Canadian business and infrastructure are ‘almost certain’ to continue, as Canada has already seen its systems targeted by such attacks in recent years” (Gilmore, 2020). The average ransomware payment rose 33% in 2020 to $111,605 USD and the average cost of a ransomware attack on businesses is $133,000 USD (Sobers, 2021). saw a 139% year-over-year increase to 145.2 million recorded attacks (Help Net Security, 2020). Worldwide news reports of ransomware attacks have become an almost weekly occurrence in recent years and while some countries saw decreases in ransomware attacks over 2020, the U.S.
0 kommentar(er)
