1 CYBER SECURITY Table of Contents 1. Introduction............................................................................................................................2 2. Discussion..............................................................................................................................2 2.1 Occurrence of the WannaCry Ransomware Attack.........................................................2 2.2 Modus Operandi of the Attacker......................................................................................4 3. Conclusion..............................................................................................................................6 References..................................................................................................................................8
2 CYBER SECURITY 1. Introduction Computer or cyber security could be referred to as proper protection or security of the inter-linked systems, which include software, confidential data and even hardware from any kind of cyber-attack (Von Solms & Van Niekerk, 2013). For the computing context, this type of security consists of physical security as well as cyber security. Both of these are being utilized by the enterprises for the core purpose of protecting against all types of the unauthorized as well as unauthenticated accessing towards the data centres as well as any other computerized system (Wang & Lu, 2013). This following report will be outlining a brief discussion on the popular data breach of WannaCry ransomware attack that took place in the year of 2017 and more than 300000 computers were infected. 2. Discussion 2.1 Occurrence of the WannaCry Ransomware Attack This Wanna Cry ransom ware attack was one of the popular attacks that took place in May of 2017 with the help of the most popular ransom ware crypto worm, called WannaCry. The duration continued for 4 days. This particular worm targeted several systems, which were running the OS for Microsoft Windows after data encryption as well as wanting subsequent ransom as a demand (WannaCry Ransomware. 2017). The attackers demanded ransom payment in the crypto currency of Bitcoin. The WannaCry ransomware attack eventually propagated via Eternal Blue, which is an exploit that was being developed by the United States NSA or National Security Agency towards every old system of Microsoft Windows. Eternal Blue was being stolen as well as leaked by the attackers’ group, who referred to them as The Shadow Brokers, only some months earlier than the attack.
3 CYBER SECURITY As soon as Microsoft released the patches previously for closing the exploitation, it was being noted that maximum spreading of WannaCry ransomware attack occurred from those organizations that either did not apply the patches or they were utilizing the old systems of Microsoft Windows of previous models. The ransomware of WannaCry even undertook subsequent benefit to install the backdoors within the infected system (Buczak & Guven, 2015). This attack was being stopped in few days of eventual discovery for the emergency patch that was being released by the Microsoft Windows. A major discovery of the kill switches, which effectively prevented every victimized system from allowing to spread the crypto worm any further. An estimation was made that more than two lakh computer systems were being affected within one hundred and fifty countries. The total monetary damages ranged from 100 of millions to almost billion dollars (Hahn et al., 2013). The respective security expert eventually estimated that the attack had started from the country of North Korea as well as agencies, who are working for that particular country from the primary evaluation of crypto worm.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4 CYBER SECURITY Figure 1: Message Displayed on WannaCry Ransomware Attack (Source: WannaCry Ransomware. 2017) In the month of December of 2017, three countries of Australia, United Kingdom and the United States eventually asserted that the country of North Korea was found culprit for this attack. The new variants of this Wanna Cry ransom ware eventually forced TSMC or Taiwan Semiconductor Manufacturing Company for shutting down their numerous factories of chip fabrication temporarily during the year of 2018 (Elmaghraby & Losavio, 2014). The respective virus was being spread to more than ten thousand machines within the most advanced facilities of Taiwan Semiconductor Manufacturing Company. WannaCry ramsonware attack eventually hampered that information security of the entire computer industry in the world. Information security, which is effectively designed for maintaining the CIA or confidentiality, integrity and even availability of confidential data. Maintenance of respective CIA is extremely important since it ensures security is maintained without much
5 CYBER SECURITY complexity (Cherdantseva et al., 2016). However, in this particular attack, the CIA of customers’ data was being maintained. 2.2 Modus Operandi of the Attacker WannaCry is a ransom ware crypto worm, which had eventually targeted all systems, which were running the operating system of Microsoft Window after data encryption and demanding for a ransom payment in terms of Bitcoin. This worm is termed as WannaCrypt, WannaDecryptor, WanaCryptor 2.0 and WanaDecryptor 2.0. This is eventually considered as a work of network as it even involves the transport mechanisms for spreading itself in an automatic manner (Wells et al., 2014). The respective transport code then scans for all types of vulnerable system before utilizing the exploit of Eternal Blue and gaining access. The attackers then utilized the tool of Double Pulsar for installation as well as execution of the copy of the transport codes. They had created the versions of WannaCry of 0, 1 and 2 with the help of Microsoft Visual C++ of version 6.0. The Eternal Blue is the major exploit for SMB or Server Message Block of the Windows’ protocol that was being released by group of hackers, Shadow Brokers. Microsoft discovered the threat and then they then issued a security based bulletin of MS 17 010 that comprised of the details for flaws, before announcing that the patches were being released for each and every version of Windows (Abawajy, 2014). They even ensured that this security bulletin is supported by the several versions of Windows Vista, Windows 10, 8, Server 2008, Server 2016, 7, Server 2008 R2 and even Server 2012.
6 CYBER SECURITY Figure 2: Operation of WannaCry Ransomware (Source: Wells et al., 2014) The Shadow Brokers even released a backdoor tool of Double Pulsar on 2017, which helped the security researchers to report that there existed thousands of computer systems that had Double Pulsar installed within them. It was easier for them to stop the attack in this manner. The reports even made an estimation that the number of the infected systems can increase to hundred thousand (Cavelty, 2014). The code of WannaCry could even undertake benefits from the existing infection of Double Pulsar and even installation to itself. As soon as it was being executed, the respective malware of WannaCry at first checked the specific domain name, called kill switch; when it was not being found, the ransomware encrypted the data of the computer systems. This particular malware then also attempted to subsequently exploit the vulnerability so that they are able to spread out to the other computer systems over the Internet and majorly on the systems over a same network.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7 CYBER SECURITY Similar to the other ransomware attacks, the specific payload displayed a message, which informed the users about files having encrypted. The group of The Shadow Brokers demanded for a payment of either three hundred US dollars in terms of Bitcoin in 3 days or six hundred US dollars in 7 days. They provided 3 hard coded wallets or addresses of Bitcoin that were required to be utilized for receiving the victims’ payments (WannaCry Ransomware 2017). The balances and transactions of these transactions were being publicly accessible even by the wallet owners of crypto currency. The WannaCry attack took place on 12thMay 2017, Friday with a major evidence that pointed towards the initial infection occurred in Asia. It was not given priority and was considered as mere phishing. Within 24 hours, the code infected 230000 systems in the entire world. Until today, the group of hackers, who had initiated the attack, known as the Shadow Brokers are uncaught. 3. Conclusion Therefore, conclusion could be drawn that there are numerous data breaches in the world, which took place due to lack of cyber protection. The main purpose of this cyber security is helping to get prevention from the cyber attacks, identity theft and even data breach as well as could even measure in the management of risks. When the respective company comprises of a stronger sense of security for their networks or even the efficient IR planning, they have the ability to prevent or even mitigate the attacks. There exist several kinds of threats for cyber security, which include ransomware, malware, phishing and social engineering attack. This above given report has clearly demonstrated a clear description of the WannaCry ransomware attack with relevant details. Modus operandi of the ransomware attack is well described in this report.
8 CYBER SECURITY References Abawajy,J.(2014).Userpreferenceofcybersecurityawarenessdelivery methods.Behaviour & Information Technology,33(3), 237-248. Buczak, A. L., & Guven, E. (2015). A survey of data mining and machine learning methods forcybersecurityintrusiondetection.IEEECommunicationsSurveys& Tutorials,18(2), 1153-1176. Cavelty, M. D. (2014). Breaking the cyber-security dilemma: Aligning security needs and removing vulnerabilities.Science and engineering ethics,20(3), 701-715. Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016).AreviewofcybersecurityriskassessmentmethodsforSCADA systems.Computers & security,56, 1-27. Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities: Safety, security and privacy.Journal of advanced research,5(4), 491-497. Hahn, A., Ashok, A., Sridhar, S., & Govindarasu, M. (2013). Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid.IEEE Transactions on Smart Grid,4(2), 847-855. VonSolms,R.,&VanNiekerk,J.(2013).Frominformationsecuritytocyber security.computers & security,38, 97-102. Wang,W.,&Lu,Z.(2013).Cybersecurityinthesmartgrid:Surveyand challenges.Computer networks,57(5), 1344-1371. WannaCryRansomware.(2017).[online].Accessedfrom https://www.csoonline.com/article/3227906/what-is-wannacry-ransomware-how- does-it-infect-and-who-was-responsible.html[Accessed on 02 July 2019].
9 CYBER SECURITY Wells, L. J., Camelio, J. A., Williams, C. B., & White, J. (2014). Cyber-physical security challenges in manufacturing systems.Manufacturing Letters,2(2), 74-77.