This is the second in my series of blog posts to share the results of my thesis, which can be found here

In my last post, I shared my findings from my thesis research. The relationship between types of malware and file extensions prove that it is possible to assess the potential type of malware exposure using the results of my research. But what do my results mean?

Originally I wanted to dive deeper about using my framework for bug bounty programs. However, due to recent events, I have realized that thos research can be used to analyze how malware invaded the network. Montana State University had a cyber attack, a ransomware attack called Royal. This ransomware uses phishing tactics to lure their victims into installing a remote desktop software. Once the victim downloads the contents, the only limit the ransomware has is the hackers’ creativity. This ransomware has been downloaded from use of an elf file or zip file.

These results can be used to deduce the type of cyber attack based on using my results to understand what the potential file culprit may be. Ransomware uses zip, chm, php, m2t, elf, and docx file extensions. I will attach a link to my spreadsheet used to analyze the metadata from VirusTotal. By understanding the relationship between malware and file extensions, we can deduce the initial attack file. This is just one example, and not all attacks come from malware, most attacks occur from vulnerability exploits.