Assignment 1- Survey and Analysis of Cyber Attacks
pdf
keyboard_arrow_up
School
University of Colorado, Denver *
*We aren’t endorsed by this school
Course
5743
Subject
Information Systems
Date
Dec 6, 2023
Type
Pages
15
Uploaded by ChefBeaver2604
1
Assignment-1
Survey and Analysis of Cyber Attacks
Susmitha Wilson
ID: 110349921
2
WannaCry
Cyber Attack
WANNACRY ATTACK
Introduction:
In May 2017, the WannaCry ransomware attack—a significant event in the field of computer security—took place. It served as a potent reminder of the evolving challenges posed by unscrupulous actors online. This article goes into great depth on the WannaCry assault. It examines its origins, the harm it did, and the lessons we can draw from them to make computer systems safer.
Something horrible occurred in the world of computers on May 12, 2017. Large nations including the United States, United Kingdom, Spain, Russia, and Japan were among the first to experience the dangerous computer software known as WannaCry. This has an impact on many different groups worldwide, including governments, corporations, and the general public.
According to the American administration, North Korea was responsible for this assault. This was significant because it demonstrated the gravity of potential cyberthreats. The hackers took use of a flaw in the Windows Server Message Block (SMB) computer system, which Microsoft had already patched earlier in March 2017. However, a lot of consumers and businesses neglected to upgrade their computers in time, which exacerbated the issue. This shows us how important it is to maintain our computer systems updated in order to protect ourselves from such assaults.
We'll go into more information regarding the WannaCry ransomware outbreak in this report. We'll examine how it operated, what security objectives it violated, how it impacted individuals and organizations, and we'll also talk about how to spot and stop such attacks from occurring in the future (Cybersecurity & Infrastructure Security Agency - CISA, 2017).
Detailed Description Of The Attack:
According to the Microsoft blog article "WannaCrypt ransomware worm targets out-of-date systems" (Microsoft, 2017), the WannaCry ransomware outbreak was a catastrophic assault on computer systems throughout the world, targeting flaws in out-of-date software and creating extensive disruption.
WannaCry, commonly referred to as WannaCrypt, was a malicious software program that encrypted files on affected systems and then demanded a ransom in Bitcoin in return for the decryption key. The MS17-010 vulnerability, which was discovered and fixed by Microsoft in a
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
WANNACRY ATTACK
4
security update released on March 14, 2017, was the one that this attack used to take advantage of a significant Windows Server Message Block (SMB) vulnerability (Microsoft, 2017).
Microsoft Windows-powered machines were the main targets of the assault. Its means of reproduction were very cunning. The clever worm-like characteristics that WannaCry used allowed it to spread automatically from one susceptible machine to another without the need for user intervention. These capabilities allowed the ransomware to spread quickly, infecting tens of thousands of devices in more than 150 countries in a matter of hours (Microsoft, 2017).
Once inside a weak system, WannaCry exploited robust encryption techniques to prevent people from accessing their files. The perpetrators then showed a ransom letter requesting a $300 or so Bitcoin payment. The victims were offered a brief window of opportunity to pay the ransom before they risked permanently losing access to their information.
The ransomware code in WannaCry was created to be polymorphic, allowing it to alter itself to avoid detection by conventional antivirus tools. For cybersecurity professionals, this increased complexity made malware much harder to combat (Microsoft, 2017).
The necessity of regular system upgrades and patching was emphasized in the Microsoft blog article from 2017. WannaCry took use of a known vulnerability that had already been patched, underscoring the vital importance of proactive cybersecurity efforts in averting similar catastrophes.
In conclusion, the WannaCry assault was a very devastating ransomware operation that took use of a known software flaw, quickly spreading around the world and having an impact on numerous people, businesses, and countries. It was a potent cyber threat because of its high level of technological skill and use of worm-like dissemination methods.
Discussion On Violated/Targeted Security Goals:
Confidentiality, integrity, authenticity, and availability were among the security objectives targeted by the WannaCry ransomware assault.
Confidentiality:
The encryption of sensitive information on affected computers by WannaCry constituted a confidentiality violation since it prevented authorized users from accessing their own data. The private information kept on hacked devices was made public by this infraction.
WANNACRY ATTACK
5
Integrity:
Integrity was harmed because of WannaCry's tampering with the data it encrypted. By changing the contents of files, the virus rendered them unreadable until a ransom was paid, and the decryption key was given. The impacted data's reliability was compromised by this modification.
Authenticity: The assault made many question the veracity of messages. Choosing whether to believe the ransom note and give the assailants money presented a problem for the victims. The difficulty of confirming the veracity of the attackers' promises was highlighted by the lack of assurance that paying the ransom would lead to data recovery.
Availability: As was previously noted, WannaCry severely hampered accessibility by encrypting files and interfering with data access. The quick spread of the ransomware amplified the effect on availability, affecting multiple businesses and people, underscoring the crucial significance of data accessible.
In conclusion, the WannaCry attack was a complex assault on important security objectives, highlighting the necessity for thorough cybersecurity policies that address confidentiality, integrity, authenticity, and availability to guard against emerging cyber threats.
Discussion On The Impact Of The Attack:
Users, communities, organizations, and national and international security were all adversely affected by the WannaCry ransomware outbreak (Cybersecurity & Infrastructure Security Agency - CISA, 2017).
Users:
Due to the loss of private information and memories, some users experienced emotional hardship. As paying the ransom did not ensure that the victims' data would be recovered, the hack also put their money and personal information in danger and exposed them to further financial loss.
Communities:
As neighborhood businesses and institutions struggled with system recovery, communities suffered disruptions. Public safety may have been jeopardized by the disruption of vital services including healthcare and local government functions. The publicity surrounding the incident increased people's understanding of cybersecurity issues.
WANNACRY ATTACK
6
Enterprises: Enterprises suffered serious losses, including the loss of critical data, operational interruptions, financial hardships, and reputational damage. Trust in the institutions that were attacked decreased, escalating the negative effects over the long run.
National/Global Security:
Global and national security are at stake because WannaCry disclosed flaws in crucial infrastructure systems on a bigger scale. It brought home the danger of nefarious individuals interfering with crucial services. The attack's worldwide scope also highlighted how interrelated cybersecurity threats are and how combating them requires collaboration on a global scale.
In conclusion, the WannaCry assault had a wide-ranging effect on society, having an emotional and financial impact on users, upsetting communities, ruining enterprises, and raising issues of national and international security. It serves as a sharp reminder of the necessity of strong cybersecurity procedures at all levels in order to guard against emerging threats.
Possible Prevention Mechanisms For This Attack:
A diversified strategy is advised to protect against the WannaCry ransomware assault and related threats (Cybersecurity & Infrastructure Security Agency - CISA, 2017).
1.
Install the Microsoft Patch:
Applying the Microsoft patch, which was made available on March 14, 2017, to address the MS17-010 SMB vulnerability, as soon as possible is the main preventive strategy. The security flaw that WannaCry exploited is fixed by this patch.
2.
Email Security: To prevent phishing emails from hitting end users, deploy powerful spam filters. To stop email spoofing, use authentication technologies like SPF, DMARC, and DKIM. Thoroughly scan all incoming and outgoing emails for malware and executable files.
3.
Anti-Virus and Anti-Malware:
Ensure that anti-virus and anti-malware programs are running and configured to automatically run routine scans to identify and get rid of harmful software.
4.
Privileged Account Management:
Manage privileged accounts by adhering to the least privilege principle when creating user accounts. Give administrative access only when absolutely necessary, and only for activities that are necessary.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
WANNACRY ATTACK
7
5.
Access Controls:
Limit user rights to what is necessary for their responsibilities and configure access controls with least privilege in mind. Users who just need to view certain files should not be given write access.
6.
Macro Script Disabling:
Turn off macro scripts in emails containing Microsoft Office documents. Instead of utilizing the entire Office suite to open such files, think about using Office Viewer software.
7.
Employee Education:
Create, put into action, and test programs that teach staff members how to spot phishing schemes, dangerous links, and social engineering ploys.
8.
Penetration Testing:
To find vulnerabilities and weak points in the network, conduct regular penetration testing, ideally as frequently as is practicable but no less than once a year.
9.
Backup Testing:
Test backups to make sure they work properly when data restoration is required.
Network Protection Recommendations:
10.
Network Patching: Apply the MS17-010 patch to your network. Consider turning down SMBv1 and blocking all SMB versions at the network boundary if patching is not an option. Consider the advantages in relation to user disturbances, since this move may affect shared files and data access.
11.
Best Practices for Networks: Adhere to best practices including separating networks and functions, restricting lateral connections, hardening network devices, securing access to infrastructure devices, carrying out out-of-band network management, and confirming the accuracy of hardware and software.
Remediation Steps:
12.
Law Enforcement Contact: In the case of an incursion, get in touch with your neighborhood police, especially the FBI, to report the incidence and ask for help. Maintain and make available pertinent logs for analysis.
13.
Incident Response and Backup: Execute your business continuity and security incident response plan. To make data restoration easier, make sure backups are safe and readily accessible.
WANNACRY ATTACK
8
General Ransomware Defense:
14.
Keep Software Updated: Make sure your antivirus program is current. Create a data backup and recovery strategy and store sensitive data somewhere secure that is off-limits to local networks. Use cautious when clicking on email attachments and links, and only download software from reputable websites. Activate operating system and web browser automatic patches.
Organizations may greatly improve their resistance against ransomware attacks like WannaCry by implementing these preventative and corrective actions, safeguarding their data, operations, and reputation (Cybersecurity & Infrastructure Security Agency - CISA, 2017).
References:
1.
Cybersecurity & Infrastructure Security Agency - CISA. (2017). Indicators Associated with WannaCry Ransomware. https://www.cisa.gov/news-
events/alerts/2017/05/12/indicators-associated-wannacry-ransomware
2.
Microsoft. (2017). WannaCrypt ransomware worm targets out-of-date systems. https://www.microsoft.com/en-us/security/blog/2017/05/12/wannacrypt-ransomware-
worm-targets-out-of-date-systems/
3.
https://youtu.be/eiPHmfxisFg?si=a1iElsmWePvDXhOF
9
NotPetya
Cyber Attack
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
NOTPETYA
10
Introduction:
Imagine a digital storm that hit the world on June 27, 2017, causing widespread chaos and destruction. This storm had a name: NotPetya. It wasn't a typical storm but a type of computer attack, and it's one of the worst ever seen.
NotPetya pretended to be something harmless, like a fake ransom note, but it was far more dangerous. It spread like wildfire through computers, causing all kinds of problems. Hospitals had to delay surgeries, factories stopped making things, and even huge ships couldn't unload their cargo.
Ukraine, a country in Eastern Europe, was hit the hardest because the attack started there. NotPetya invaded government offices, airports, and even the systems that watched over the Chernobyl nuclear power plant.
This report explores the story of NotPetya, how it worked, and the big problems it caused. It's not just about computer security; it's also about how attacks like this can affect the world we live in. In today's connected world, we need to understand how to stop these digital storms from happening again. This report will also look at ways to detect and prevent future attacks, so we can stay safe in our digital age (Greenberg, 2019).
Detailed Description Of The Attack:
NotPetya was not a typical computer virus. It caused massive damage and confusion worldwide on June 27, 2017. Unlike regular viruses that steal our data and ask for money (ransom), NotPetya was more like a digital wrecking ball.
NOTPETYA
11
Figure 1: How The Petya Attack Worked (Microsoft, 2018, Figure 1).
Figure 2: How The Petya Attack Spreads (Microsoft, 2018, Figure 2).
First, it encrypted (locked up) people's files using a secret code (key). What was really tricky was that this code had no connection to the victim's ID, making it almost impossible to unlock the files, even if you paid a ransom. So, it seemed like the attackers didn't care about money; they just wanted to create chaos.
NotPetya had different ways of spreading to other computers on a network. One very effective method was stealing usernames and passwords from one computer and then using those stolen details to sneak into other computers on the same network. It was like using stolen keys to enter a bunch of houses.
NOTPETYA
12
Another method it used was an old trick called the "EternalBlue exploit." This was like finding a secret door in some computer systems that weren't properly protected. Once it got inside, it would spread to other computers like a digital infection.
When NotPetya got into a computer, it locked up all the files using a super-strong code. It also left a message on the computer's main drive with a Bitcoin wallet address (a type of digital money) and a special code. The attackers expected victims to pay a ransom to get their files back, but because of the way it was coded, even if you paid, you might not get your files back. It was like a cruel trick.
The attack started in Ukraine and used a sneaky tactic. It hid inside a piece of software that many businesses used for accounting, called M.E.Doc. The attackers had secretly taken control of this software earlier, giving them the power to do all sorts of harmful things on the affected computers.
NotPetya was a unique and destructive kind of cyberattack that caused confusion and damage worldwide. It showed how vulnerable our digital world can be and how important it is to protect our computers and networks from such threats (Cybersecurity & Infrastructure Security Agency - CISA, 2017).
Discussion On Violated/Targeted Security Goals:
The NotPetya attack was a catastrophic assault on multiple security goals, leaving a trail of devastation in its wake.
Confidentiality:
NotPetya breached confidentiality by encrypting victims' files, making sensitive information inaccessible to rightful users. This violation exposed confidential data to unauthorized parties, causing significant privacy breaches.
Integrity:
The attack severely compromised data integrity as it irreversibly altered files through encryption. Even if victims paid the ransom, there was no guarantee that their files would be restored to their original, unaltered state.
Authenticity:
NotPetya undermined the authenticity of affected systems and data. It posed as ransomware but behaved destructively, eroding trust in digital communications and transactions.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
NOTPETYA
13
Availability:
One of the most notable impacts was on availability. NotPetya disrupted critical systems, rendering them inoperable. Hospitals, factories, and ports experienced downtime, affecting essential services and the global supply chain.
In summary, NotPetya's attack on confidentiality, integrity, authenticity, and availability exemplifies the far-reaching consequences of a sophisticated cyberattack on security goals, emphasizing the need for robust cybersecurity measures and incident response strategies.
Discussion On The Impact Of The Attack:
The NotPetya assault had a significant and diverse impact on users, communities, enterprises, including national and even international security.
Since users personal information and data were at danger, users were directly impacted. Due to the malware's capacity to encrypt data, users ran the risk of losing sensitive information, which might have a negative impact on their right to privacy.
As crucial services were interrupted, the attack's aftershocks were felt by whole communities. Surgery delays forced hospitals to postpone operations, which might have had a negative impact on patient health. The disruption of the movement of products and services caused by the attack on business buildings and transportation infrastructure also had an impact on community member’s livelihoods.
Businesses encountered several difficulties, including the temporary or even permanent loss of critical data for many. Organizations were forced to spend a significant amount of money on recovering systems and information, which had serious financial repercussions. These monetary losses had a ripple effect on the economy, which affected job security and may have resulted in layoffs.
The incident affected national and international security on a larger scale. Targeting vital infrastructure sectors including finance, electricity, and healthcare, NotPetya brought attention to how vulnerable these vital services are. Because of how intertwined the world's economies are, disturbances in one region might have a significant impact on commerce and security on a worldwide scale.
NOTPETYA
14
The NotPetya assault, in conclusion, had a significant impact on people, communities, enterprises, and national or international security. It caused major financial and reputational damage, revealed flaws in crucial infrastructure, and interrupted services. In order to reduce the threats presented by bad actors in the digital age, this incident served as a sharp reminder of the significance of strong cybersecurity measures and international collaboration (Cybersecurity & Infrastructure Security Agency - CISA, 2017).
Possible Prevention Mechanisms For This Attack:
A comprehensive strategy that includes preventative measures and industry best practices to preserve crucial systems and data is needed to stop a disastrous cyberattack like NotPetya. Organizations may use the preventative recommendations from the Cybersecurity & Infrastructure Security Agency (CISA) to strengthen their cybersecurity posture and reduce the dangers brought on by attacks like NotPetya.
Patch Administration: To keep systems up-to-date, examine security updates often and deploy them. Apply Microsoft's March 14, 2017, MS17-010 SMB vulnerability fix specifically.
Disaster Recovery And Data Backup: As part of a thorough disaster recovery strategy, frequently test data backups and perform regular data backups. This guarantees that, in the event of a ransomware attack, data may be recovered.
Anti-virus and Anti-malware:
Antivirus and anti-malware solutions should be set up to automatically run routine scans in order to identify and eliminate possible threats.
Privileged Account Management:
Implement the least privilege concept for user accounts while managing privileged accounts. Give people administrative access only if it is absolutely essential, and restrict how they may utilize those accounts.
Access Limitations: Apply the least privilege concept for configuring access restrictions, including file, directory, and network sharing permissions. Only the resources needed for their specialized responsibilities should be available to users.
Network Security:
Workstation-to-workstation connections should be restricted and blocked using host-based firewalls for network security. Block remote execution using PSEXEC, disable or restrict remote WMI and file sharing, and so forth.
NOTPETYA
15
Network Segmentation:
Segment networks and their operations to reduce the chance that attackers may move laterally within the network.
Device Hardening:
Protect access to infrastructure equipment by hardening network devices. Manage the network outside of the band while checking the hardware and software's reliability.
SMB Protocol Security:
At the network border, disable SMBv1 and block all SMB versions while considering the advantages of mitigation against probable user disturbances.
Organizations may greatly decrease their susceptibility to damaging cyberattacks like NotPetya and improve their overall cybersecurity resilience by adhering to these preventative recommendations (Cybersecurity & Infrastructure Security Agency - CISA, 2017).
References:
1.
Cybersecurity & Infrastructure Security Agency - CISA. (2017). Petya Ransomware Alert. [URL: https://www.cisa.gov/news-events/alerts/2017/07/01/petya-ransomware
]
2.
Greenberg, A. (2019). Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers. [URL: https://dokumen.pub/sandworm-a-new-era-of-cyberwar-
and-the-hunt-for-the-kremlins-most-dangerous-hackers-978-0385544405.html
]
3.
Microsoft. (2018). Overview of Petya: A Rapid Cyberattack. [URL: https://www.microsoft.com/en-us/security/blog/2018/02/05/overview-of-petya-a-rapid-
cyberattack/
]
4.
https://youtu.be/N20q-ZMop0w?si=GgMBv6vvv1q4uX5L
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help