WannaCry Ransomware Attack Analysis
VerifiedAdded on 2020/02/24
|10
|2520
|395
AI Summary
This assignment delves into the WannaCry ransomware attack, a major global cyber event in 2017. Students are tasked with analyzing the attack's origins, its widespread consequences on organizations like the NHS, and potential preventative measures against similar attacks. The analysis should encompass technical aspects, societal impacts, and lessons learned for cybersecurity.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: COMPUER SECURITY BREACHES
Computer Security Breaches (2017)
Name of the Student
Name of the University
Author Note
Computer Security Breaches (2017)
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
COMPUTER SECURITY BREACHES
Table of Contents
Part A.............................................................................................................................2
OneLogin Security Breach.............................................................................................2
Who were affected?................................................................................................2
How the Attack was carried out?...........................................................................2
What could have been done to prevent the Attack?...............................................2
Part B..............................................................................................................................2
Ransomware Cyber Attack........................................................................................2
What was the problem?..........................................................................................2
Who were affected and how?.................................................................................2
How was the attack carried out?............................................................................2
What could have been done to prevent the attack?................................................2
References......................................................................................................................3
COMPUTER SECURITY BREACHES
Table of Contents
Part A.............................................................................................................................2
OneLogin Security Breach.............................................................................................2
Who were affected?................................................................................................2
How the Attack was carried out?...........................................................................2
What could have been done to prevent the Attack?...............................................2
Part B..............................................................................................................................2
Ransomware Cyber Attack........................................................................................2
What was the problem?..........................................................................................2
Who were affected and how?.................................................................................2
How was the attack carried out?............................................................................2
What could have been done to prevent the attack?................................................2
References......................................................................................................................3
2
COMPUTER SECURITY BREACHES
Part A
OneLogin Security Breach
OneLogin provides a single password platform for the users to access multiple
application and website using single password. Technically OneLogin saves the credentials of
different websites and allow user to access them by using single password that is for
OneLogin and then it submit the credentials to those websites. This is a paid service,
generally used by the organization and its employees. OneLogin has more than 2000
organizations as their customers who are spread among 44 countries ("OneLogin breached,
hacker finds cleartext credential notepads", 2017). This covers passwords for more than 300
applications including 70 SaaS (Software-as-a Service) service providers. SaaS is a cloud
computing application. Nowadays cloud computing applications are becoming trend in the
organizations in order to enhancing the performance of the organization. Cloud computing
like SaaS, IaaS, and PaaS are comprised of different applications, which needed more than
one credentials. This led to the need of system like the one OneLogin is offering to the users.
What was the problem?
The problem was that the information that was saved in the server of the OneLogin
and that server was reported to be breached. Although, the files were encrypted but even that
there is possibility that the hackers who can breach the server, they could also decrypt those
files. No doubt, the credentials saved by the OneLogin were very personal and could let
unauthorized users to manipulate those data by accessing the websites. Those files were
saved in the form of table for all the users and properly encrypted, but OneLogin had also
reported that the intruders or hackers might have got access to those files by using decryption
codes ("OneLogin breached, hacker finds cleartext credential notepads", 2017). This
COMPUTER SECURITY BREACHES
Part A
OneLogin Security Breach
OneLogin provides a single password platform for the users to access multiple
application and website using single password. Technically OneLogin saves the credentials of
different websites and allow user to access them by using single password that is for
OneLogin and then it submit the credentials to those websites. This is a paid service,
generally used by the organization and its employees. OneLogin has more than 2000
organizations as their customers who are spread among 44 countries ("OneLogin breached,
hacker finds cleartext credential notepads", 2017). This covers passwords for more than 300
applications including 70 SaaS (Software-as-a Service) service providers. SaaS is a cloud
computing application. Nowadays cloud computing applications are becoming trend in the
organizations in order to enhancing the performance of the organization. Cloud computing
like SaaS, IaaS, and PaaS are comprised of different applications, which needed more than
one credentials. This led to the need of system like the one OneLogin is offering to the users.
What was the problem?
The problem was that the information that was saved in the server of the OneLogin
and that server was reported to be breached. Although, the files were encrypted but even that
there is possibility that the hackers who can breach the server, they could also decrypt those
files. No doubt, the credentials saved by the OneLogin were very personal and could let
unauthorized users to manipulate those data by accessing the websites. Those files were
saved in the form of table for all the users and properly encrypted, but OneLogin had also
reported that the intruders or hackers might have got access to those files by using decryption
codes ("OneLogin breached, hacker finds cleartext credential notepads", 2017). This
3
COMPUTER SECURITY BREACHES
information includes banking details, transaction details made between the stakeholders and
the partners of various organizations twitter passwords and many more personal and sensitive
information. Any organization or individual may have to suffer a great loss by loosing such
important credentials. OneLogin security was breached last year also but even that the service
providers were not able to keep these information secure.
Who were affected?
This data breach affected all the customers of OneLogin service providers, which
includes more than 2000 companies and millions of the customers. OneLogin was very loyal
to the customers from the beginning but continuous data breaches forcing the individuals to
be not reliable on this service ("OneLogin breached, hacker finds cleartext credential
notepads", 2017). In this new world of technology everyone is moving forward towards the
digital world, means almost each and every industry and organization are implementing the
cloud computing for their operations and OneLogin is supporting the users by giving access
to those application in better and easy manner. The data and information that were being
saved on the OneLogin about the organization were also informed by the service provider
that their data have also been compromised. This intrusion has affected the reputation of this
service provider after the second data breach (Martin, Borah & Palmatier, 2017). Previously,
organizations were completely relied on this service but now they do not want to be the
customer of OneLogin. Various individuals were also taking benefit of this service by
keeping their social media and other mail’s credential saved at OneLogin including the bank
account details and other very personal information. They were also affected by this breach.
How the Attack was carried out?
An external unauthorized user gets access to the server of the OneLogin by using
AWS API (communication language between the applications) application programming. It
was being estimated that the intruders targeted the database of the U.S. from where the
COMPUTER SECURITY BREACHES
information includes banking details, transaction details made between the stakeholders and
the partners of various organizations twitter passwords and many more personal and sensitive
information. Any organization or individual may have to suffer a great loss by loosing such
important credentials. OneLogin security was breached last year also but even that the service
providers were not able to keep these information secure.
Who were affected?
This data breach affected all the customers of OneLogin service providers, which
includes more than 2000 companies and millions of the customers. OneLogin was very loyal
to the customers from the beginning but continuous data breaches forcing the individuals to
be not reliable on this service ("OneLogin breached, hacker finds cleartext credential
notepads", 2017). In this new world of technology everyone is moving forward towards the
digital world, means almost each and every industry and organization are implementing the
cloud computing for their operations and OneLogin is supporting the users by giving access
to those application in better and easy manner. The data and information that were being
saved on the OneLogin about the organization were also informed by the service provider
that their data have also been compromised. This intrusion has affected the reputation of this
service provider after the second data breach (Martin, Borah & Palmatier, 2017). Previously,
organizations were completely relied on this service but now they do not want to be the
customer of OneLogin. Various individuals were also taking benefit of this service by
keeping their social media and other mail’s credential saved at OneLogin including the bank
account details and other very personal information. They were also affected by this breach.
How the Attack was carried out?
An external unauthorized user gets access to the server of the OneLogin by using
AWS API (communication language between the applications) application programming. It
was being estimated that the intruders targeted the database of the U.S. from where the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
COMPUTER SECURITY BREACHES
security breach has been estimated to be started. The hacker used AWS language keys to get
access to the servers through another service provider, which was other than OneLogin’s
server interface (Martin, Borah & Palmatier, 2017). Technically, APIs is a language that is
being used for the conversation between more than one application to exchange data and
information. APIs allows the developer to collect and save pre-written components of the
software, so prewritten codes and the APIs both need to work together. The hackers found a
way to implement this language to get access to the server and actual coding to decrypt the
encrypted files. Those data were saved in the notepad format, which was in the hand of the
intruders or hackers. Precaution was provided to the files before uploading to the server by
encrypting those files but it can buy only some time, so the OneLogin had sent letters to its
users to change their credentials in order to protect the information that has been sold out
already.
What could have been done to prevent the Attack?
There are various precautions which could have prevented this security breach,
implementing by both the customers and the OneLogin service providers. Firstly, from the
customer side it can be said that organization or an individual should not have completely
relied on the service provider and should have kept the very very personal data to themselves.
OneLogin side it can be said that it should have learned from the past attack and improved its
security in more advanced manner (Hossain, Hasan & Skjellum, 2017). Cyber security is a
precaution that should do by keeping in mind the futures threats not the present threats. The
Log management that OneLogin was using to keep the files saved should be restricted to the
SAML- based authentication. If OneLogin had provided the users with an option of auto
changing password, means the password that it was saving should be changed in certain
interval of time could not have let it happen, after that, the hackers would have left with
nothing (Cheng, Liu & Yao, 2017).
COMPUTER SECURITY BREACHES
security breach has been estimated to be started. The hacker used AWS language keys to get
access to the servers through another service provider, which was other than OneLogin’s
server interface (Martin, Borah & Palmatier, 2017). Technically, APIs is a language that is
being used for the conversation between more than one application to exchange data and
information. APIs allows the developer to collect and save pre-written components of the
software, so prewritten codes and the APIs both need to work together. The hackers found a
way to implement this language to get access to the server and actual coding to decrypt the
encrypted files. Those data were saved in the notepad format, which was in the hand of the
intruders or hackers. Precaution was provided to the files before uploading to the server by
encrypting those files but it can buy only some time, so the OneLogin had sent letters to its
users to change their credentials in order to protect the information that has been sold out
already.
What could have been done to prevent the Attack?
There are various precautions which could have prevented this security breach,
implementing by both the customers and the OneLogin service providers. Firstly, from the
customer side it can be said that organization or an individual should not have completely
relied on the service provider and should have kept the very very personal data to themselves.
OneLogin side it can be said that it should have learned from the past attack and improved its
security in more advanced manner (Hossain, Hasan & Skjellum, 2017). Cyber security is a
precaution that should do by keeping in mind the futures threats not the present threats. The
Log management that OneLogin was using to keep the files saved should be restricted to the
SAML- based authentication. If OneLogin had provided the users with an option of auto
changing password, means the password that it was saving should be changed in certain
interval of time could not have let it happen, after that, the hackers would have left with
nothing (Cheng, Liu & Yao, 2017).
5
COMPUTER SECURITY BREACHES
Part B
Ransomware Cyber Attack
This was a chin cyber attack, which was increasing rapidly into the systems of the
global computers. This attack was started during the duration of 12th May to 15th May 2017
(O’Dowd, 2017). It was named WannaCry Ransomware, as the intruders were manipulating
the coding as mentioned below and asking money in-exchange of the ant-virus named
‘double-pulsar’ in the form of Bit Coin Currency (Mohurle & Patil, 2017). This attack was
communicable that it was travelling, spreading and expanding to the whole world by using
internet as the medium. It was not reported actually but approximately 230, 3000 computers
among 150 countries were affected by this intrusion.
What was the problem?
Computer users with enabled internet were not able to access their files related to the
personal business operations. For the access to those files users had to pay ransom in big
amount to the hackers. The malicious virus that was being spread among the computers were
technically, encrypting the files with certain unknown coding, which in result blocking the
users to access those files (Pascariu, Barbu & Bacivarov, 2017). Few IT experts somehow got
a way to encrypt those files but after doing systems online, it was being again affected by that
virus with an update. However, few of them were able to decrypt the files without paying
ransom to the hackers but most of them had to pay by the fear of losing all the documents
related to the organizational operations. This malicious virus was attacking the systems,
which were not upgraded and running on the pirated software. Virus was coded in order to
affect the mostly used operating systems like Windows 7, Windows 8, Server and Windows
XP, as these operating systems were more popular and were applicable in all the
organizations, hackers targeted that software.
COMPUTER SECURITY BREACHES
Part B
Ransomware Cyber Attack
This was a chin cyber attack, which was increasing rapidly into the systems of the
global computers. This attack was started during the duration of 12th May to 15th May 2017
(O’Dowd, 2017). It was named WannaCry Ransomware, as the intruders were manipulating
the coding as mentioned below and asking money in-exchange of the ant-virus named
‘double-pulsar’ in the form of Bit Coin Currency (Mohurle & Patil, 2017). This attack was
communicable that it was travelling, spreading and expanding to the whole world by using
internet as the medium. It was not reported actually but approximately 230, 3000 computers
among 150 countries were affected by this intrusion.
What was the problem?
Computer users with enabled internet were not able to access their files related to the
personal business operations. For the access to those files users had to pay ransom in big
amount to the hackers. The malicious virus that was being spread among the computers were
technically, encrypting the files with certain unknown coding, which in result blocking the
users to access those files (Pascariu, Barbu & Bacivarov, 2017). Few IT experts somehow got
a way to encrypt those files but after doing systems online, it was being again affected by that
virus with an update. However, few of them were able to decrypt the files without paying
ransom to the hackers but most of them had to pay by the fear of losing all the documents
related to the organizational operations. This malicious virus was attacking the systems,
which were not upgraded and running on the pirated software. Virus was coded in order to
affect the mostly used operating systems like Windows 7, Windows 8, Server and Windows
XP, as these operating systems were more popular and were applicable in all the
organizations, hackers targeted that software.
6
COMPUTER SECURITY BREACHES
Who were affected and how?
These causes severe damage in the world and damaged many computers globally.
Most damaged computers were reported in the Chinese university, as most of the users were
using operating system that were bought from the black market and being operated on the
pirated operating systems (Collier, 2017). As reported, more than 100,000 computers were
damaged by this malicious virus attack. Most of the hospitals and UK and US were also
targeted, which resulted in several delay operations and surgeries and other management
activities. This breached affected mainly the big corporations but also make very common
persons suffered. Several federals had been also targeted like Indian and Chinese police
whose systems were left not other than dust after this malicious virus attacked those systems
(Millard, 2017). However, Indian police stopped the spreading of this breach by sending their
systems offline. Automobiles big corporations like Hitachi, Renault were also not safe from
this attack; they had also become the prey and had to pay to the intruders or because of the
intruders. Russia’s all the big industries including, telecommunication and several others
sectors.
How was the attack carried out?
It was being estimated that the attack was started at the London when a European
citizen accessed a zip file on 12th May 2017. The virus uses that system as the host and
coding let that malicious virus operate systems automatically and connected to the internet.
Firstly the coding were programmed in a manner that any IT expert thinks that the virus was
trying to get access to the website which was in real nowhere on the internet (Ehrenfeld,
2017). This was coded to manipulate the experts and gather more time for other coding. The
primary software to make this happen was ‘EternalBlue’, which was in real, registered
software created by the U.S. Agency for their espionage process. This was stolen and
exposed to the market which was available online free. The intruders used this software to get
COMPUTER SECURITY BREACHES
Who were affected and how?
These causes severe damage in the world and damaged many computers globally.
Most damaged computers were reported in the Chinese university, as most of the users were
using operating system that were bought from the black market and being operated on the
pirated operating systems (Collier, 2017). As reported, more than 100,000 computers were
damaged by this malicious virus attack. Most of the hospitals and UK and US were also
targeted, which resulted in several delay operations and surgeries and other management
activities. This breached affected mainly the big corporations but also make very common
persons suffered. Several federals had been also targeted like Indian and Chinese police
whose systems were left not other than dust after this malicious virus attacked those systems
(Millard, 2017). However, Indian police stopped the spreading of this breach by sending their
systems offline. Automobiles big corporations like Hitachi, Renault were also not safe from
this attack; they had also become the prey and had to pay to the intruders or because of the
intruders. Russia’s all the big industries including, telecommunication and several others
sectors.
How was the attack carried out?
It was being estimated that the attack was started at the London when a European
citizen accessed a zip file on 12th May 2017. The virus uses that system as the host and
coding let that malicious virus operate systems automatically and connected to the internet.
Firstly the coding were programmed in a manner that any IT expert thinks that the virus was
trying to get access to the website which was in real nowhere on the internet (Ehrenfeld,
2017). This was coded to manipulate the experts and gather more time for other coding. The
primary software to make this happen was ‘EternalBlue’, which was in real, registered
software created by the U.S. Agency for their espionage process. This was stolen and
exposed to the market which was available online free. The intruders used this software to get
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
COMPUTER SECURITY BREACHES
access to the storage system of the computers and additional coding was made to encrypt the
files (Gandhi, 2017). This encryption was new of its kind and unknown to the experts, which
implies the intruders to ask ransom in-exchange of the decryption-coding anti-virus named
‘Double Pulsar’.
What could have been done to prevent the attack?
Following are the precautions that could have stopped this unwanted and
unauthorized incident to take place and harm this much population.
If the users were using the original operating system and their updated versions, it
could not have let this malicious virus to make such a big damage (Gandhi, 2017). Computer
system should always be kept at auto-update mode, in order to check for new updates and
update the software whenever gets an internet connection. U.S. agency created that software
which was the primary medium for this event; they should have warned the universe about
this software and should have informed about the precautions that could have stopped it
(Martin, Kinross, 2017). Microsoft was launching security patches after the attack, which
they should have made available before the attack regarding such intrusions.
COMPUTER SECURITY BREACHES
access to the storage system of the computers and additional coding was made to encrypt the
files (Gandhi, 2017). This encryption was new of its kind and unknown to the experts, which
implies the intruders to ask ransom in-exchange of the decryption-coding anti-virus named
‘Double Pulsar’.
What could have been done to prevent the attack?
Following are the precautions that could have stopped this unwanted and
unauthorized incident to take place and harm this much population.
If the users were using the original operating system and their updated versions, it
could not have let this malicious virus to make such a big damage (Gandhi, 2017). Computer
system should always be kept at auto-update mode, in order to check for new updates and
update the software whenever gets an internet connection. U.S. agency created that software
which was the primary medium for this event; they should have warned the universe about
this software and should have informed about the precautions that could have stopped it
(Martin, Kinross, 2017). Microsoft was launching security patches after the attack, which
they should have made available before the attack regarding such intrusions.
8
COMPUTER SECURITY BREACHES
References
Cheng, L., Liu, F., & Yao, D. D. (2017). Enterprise data breach: causes, challenges,
prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and
Knowledge Discovery, 7(5).
Ehrenfeld, J. M. (2017). WannaCry, Cybersecurity and Health Information Technology: A
Time to Act. Journal of Medical Systems, 41(7), 104.
Gandhi, K. A. (2017). Survey on Ransomware: A New Era of Cyber Attack. International
Journal of Computer Applications, 168(3).
Hossain, M., Hasan, R., & Skjellum, A. (2017, June). Securing the Internet of Things: A
Meta-Study of Challenges, Approaches, and Open Problems. In Distributed
Computing Systems Workshops (ICDCSW), 2017 IEEE 37th International Conference
on (pp. 220-225). IEEE.
Hutchings, A., & Holt, T. J. (2017). The online stolen data market: disruption and
intervention approaches. Global Crime, 18(1), 11-30.
Martin, G., Kinross, J., & Hankin, C. (2017). Effective cybersecurity is fundamental to
patient safety.
Martin, K. D., & Murphy, P. E. (2017). The role of data privacy in marketing. Journal of the
Academy of Marketing Science, 45(2), 135-155.
Martin, K. D., Borah, A., & Palmatier, R. W. (2017). Data privacy: Effects on customer and
firm performance. Journal of Marketing, 81(1), 36-58.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack
2017. International Journal, 8(5).
COMPUTER SECURITY BREACHES
References
Cheng, L., Liu, F., & Yao, D. D. (2017). Enterprise data breach: causes, challenges,
prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and
Knowledge Discovery, 7(5).
Ehrenfeld, J. M. (2017). WannaCry, Cybersecurity and Health Information Technology: A
Time to Act. Journal of Medical Systems, 41(7), 104.
Gandhi, K. A. (2017). Survey on Ransomware: A New Era of Cyber Attack. International
Journal of Computer Applications, 168(3).
Hossain, M., Hasan, R., & Skjellum, A. (2017, June). Securing the Internet of Things: A
Meta-Study of Challenges, Approaches, and Open Problems. In Distributed
Computing Systems Workshops (ICDCSW), 2017 IEEE 37th International Conference
on (pp. 220-225). IEEE.
Hutchings, A., & Holt, T. J. (2017). The online stolen data market: disruption and
intervention approaches. Global Crime, 18(1), 11-30.
Martin, G., Kinross, J., & Hankin, C. (2017). Effective cybersecurity is fundamental to
patient safety.
Martin, K. D., & Murphy, P. E. (2017). The role of data privacy in marketing. Journal of the
Academy of Marketing Science, 45(2), 135-155.
Martin, K. D., Borah, A., & Palmatier, R. W. (2017). Data privacy: Effects on customer and
firm performance. Journal of Marketing, 81(1), 36-58.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack
2017. International Journal, 8(5).
9
COMPUTER SECURITY BREACHES
O’Dowd, A. (2017). Major global cyber-attack hits NHS and delays treatment.
OneLogin (2017). Retrieved 23 August 2017, from https://oag.ca.gov/system/files/Sample
%20Notice_9.pdf
PASCARIU, C., BARBU, I. D., & BACIVAROV, (2017) I. C. Investigative Analysis and
Technical Overview of Ransomware Based Attacks. Case Study: WannaCry.
Spillner, J. (2017). Exploiting the Cloud Control Plane for Fun and Profit. arXiv preprint
arXiv:1701.05945.
Collier, R. (2017). NHS ransomware attack spreads worldwide.
COMPUTER SECURITY BREACHES
O’Dowd, A. (2017). Major global cyber-attack hits NHS and delays treatment.
OneLogin (2017). Retrieved 23 August 2017, from https://oag.ca.gov/system/files/Sample
%20Notice_9.pdf
PASCARIU, C., BARBU, I. D., & BACIVAROV, (2017) I. C. Investigative Analysis and
Technical Overview of Ransomware Based Attacks. Case Study: WannaCry.
Spillner, J. (2017). Exploiting the Cloud Control Plane for Fun and Profit. arXiv preprint
arXiv:1701.05945.
Collier, R. (2017). NHS ransomware attack spreads worldwide.
1 out of 10
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.