Preventing Ransomware Attacks
VerifiedAdded on 2020/02/24
|11
|2578
|35
AI Summary
This assignment analyzes a ransomware attack scenario based on the WannaCry event. It delves into various preventative measures that could have mitigated this attack, including timely software updates (like patching for EternalBlue vulnerabilities), robust anti-malware solutions, and data encryption practices. The analysis emphasizes the importance of proactive cybersecurity measures in safeguarding against such threats.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author Note
Information Security
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
INFORMATION SECURITY
Table of Contents
Part A.............................................................................................................................2
OneLogin Data Breach...............................................................................................2
What was the Problem?..........................................................................................2
Who were affected?................................................................................................3
How the attack was carried out?............................................................................3
What could have been done to prevent the Attack?...............................................4
Part B..............................................................................................................................5
WannaCry Ransomware Cyber Attack......................................................................5
What was the problem?..........................................................................................5
Who were affected and how?.................................................................................6
How was the attack carried out?............................................................................6
What could have been done to prevent the attack?................................................7
References......................................................................................................................8
INFORMATION SECURITY
Table of Contents
Part A.............................................................................................................................2
OneLogin Data Breach...............................................................................................2
What was the Problem?..........................................................................................2
Who were affected?................................................................................................3
How the attack was carried out?............................................................................3
What could have been done to prevent the Attack?...............................................4
Part B..............................................................................................................................5
WannaCry Ransomware Cyber Attack......................................................................5
What was the problem?..........................................................................................5
Who were affected and how?.................................................................................6
How was the attack carried out?............................................................................6
What could have been done to prevent the attack?................................................7
References......................................................................................................................8
2
INFORMATION SECURITY
Part A
OneLogin Data Breach
On May 31 2017 around 2 a.m. PST, it was reported that there has been a data breach
and the data had been compromised in OneLogin, which is an online service that enables
users to login to different websites and apps from single platform. It has headquarters in San
Francisco, which provides single identity management and single sign-on for the application,
which are based on cloud storage ("OneLogin breached, hacker finds cleartext credential
notepads", 2017). It has more than 2000 customer companies in around 44 countries in the
globe with more than 300 app vendors and even more than 70 SaaS (Software as a Service)
providers that is becoming trend for all new companies and the companies, which wants
travel with the technology development.
What was the Problem?
As it provides a single platform for accessing different applications, OneLogin
had to save all the credential information related to their identity and the credentials that is
needed to access any application ("OneLogin breached, hacker finds cleartext credential
notepads", 2017). The intruders or the hackers that hacked the OneLogin server were able to
decrypt the encrypted files in which customer’s very personal credentials and information
were saved in those encrypted files. This led the expose of such crucial information which
can lead to serious damaging to the customer, which may include the bank account details
generally, internet banking. This breach was also given a name, “business-existential threat”.
A personal message was sent to the customers regarding the breach “Customer data was
compromised, including the ability to decrypt encrypted data” including steps that can be
taken to ensure that this breach does not affect for later. However, the problem was that the
crucial and very personal information were stolen and might be used by the intruders to make
INFORMATION SECURITY
Part A
OneLogin Data Breach
On May 31 2017 around 2 a.m. PST, it was reported that there has been a data breach
and the data had been compromised in OneLogin, which is an online service that enables
users to login to different websites and apps from single platform. It has headquarters in San
Francisco, which provides single identity management and single sign-on for the application,
which are based on cloud storage ("OneLogin breached, hacker finds cleartext credential
notepads", 2017). It has more than 2000 customer companies in around 44 countries in the
globe with more than 300 app vendors and even more than 70 SaaS (Software as a Service)
providers that is becoming trend for all new companies and the companies, which wants
travel with the technology development.
What was the Problem?
As it provides a single platform for accessing different applications, OneLogin
had to save all the credential information related to their identity and the credentials that is
needed to access any application ("OneLogin breached, hacker finds cleartext credential
notepads", 2017). The intruders or the hackers that hacked the OneLogin server were able to
decrypt the encrypted files in which customer’s very personal credentials and information
were saved in those encrypted files. This led the expose of such crucial information which
can lead to serious damaging to the customer, which may include the bank account details
generally, internet banking. This breach was also given a name, “business-existential threat”.
A personal message was sent to the customers regarding the breach “Customer data was
compromised, including the ability to decrypt encrypted data” including steps that can be
taken to ensure that this breach does not affect for later. However, the problem was that the
crucial and very personal information were stolen and might be used by the intruders to make
3
INFORMATION SECURITY
intrusion in the other applications. By this intrusion, they were able to manipulate and access
those data and information, as the needed credentials were all pre-available to them after the
breach. In this case hackers were introduced by ‘threat actors’, who have gain access to the
database in which information about the apps, users and many other crucial information were
being saved including the credentials that will give access to those application ("OneLogin
breached, hacker finds cleartext credential notepads", 2017).
Who were affected?
All the customers among those 2000 companies were affected by this intrusion and
thousands of personal account in those companies had to suffer by this data breach.
OneLogin was useful application for accessing many application using one credential and
single platform but at the cost of the security and privacy (Martin, Borah & Palmatier, 2017).
Obviously, the information and data that were being saved was for the organizational purpose
only and certain specific details of the organization related to the business and transactions
made with the contractors and the business partners. This threat caused risks to all the
information that were being saved on the cloud using SaaS application. Certain individuals
were also affected by this intrusion as many individuals used OneLogin for their personal
benefits (Martin & Murphy, 2017). This attack was done on the single database but has
affected globally to the threats and risks of privacy and security of the organization or the
individuals who were using OneLogin application.
How the attack was carried out?
Chief information security officer of OneLogin, Alvaro Hoyos, said that an unknown
intruder was able to gain unauthorized access to the server of the OneLogin that was running
on the United States database. This attack was started by the attempts made by the intruder to
obtain set of AWS keys and used them to get access to AWS API application programming
interface through another service provider other than OneLogin’s server (Spillner, 2017).
INFORMATION SECURITY
intrusion in the other applications. By this intrusion, they were able to manipulate and access
those data and information, as the needed credentials were all pre-available to them after the
breach. In this case hackers were introduced by ‘threat actors’, who have gain access to the
database in which information about the apps, users and many other crucial information were
being saved including the credentials that will give access to those application ("OneLogin
breached, hacker finds cleartext credential notepads", 2017).
Who were affected?
All the customers among those 2000 companies were affected by this intrusion and
thousands of personal account in those companies had to suffer by this data breach.
OneLogin was useful application for accessing many application using one credential and
single platform but at the cost of the security and privacy (Martin, Borah & Palmatier, 2017).
Obviously, the information and data that were being saved was for the organizational purpose
only and certain specific details of the organization related to the business and transactions
made with the contractors and the business partners. This threat caused risks to all the
information that were being saved on the cloud using SaaS application. Certain individuals
were also affected by this intrusion as many individuals used OneLogin for their personal
benefits (Martin & Murphy, 2017). This attack was done on the single database but has
affected globally to the threats and risks of privacy and security of the organization or the
individuals who were using OneLogin application.
How the attack was carried out?
Chief information security officer of OneLogin, Alvaro Hoyos, said that an unknown
intruder was able to gain unauthorized access to the server of the OneLogin that was running
on the United States database. This attack was started by the attempts made by the intruder to
obtain set of AWS keys and used them to get access to AWS API application programming
interface through another service provider other than OneLogin’s server (Spillner, 2017).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
INFORMATION SECURITY
APIs is a technical term or language for the conversation between the applications to
exchange information and APIs allows developer to collect pre-written components of the
software, thus both of them need to work together. The hackers get access to this server and
found coding to decrypt those data, which were encrypted before for the security of those
data. The hackers got access to the database table using these codes, which contains
information and data about the users, applications and various other types of keys. Then they
use other coding to decode the encrypted files and decrypted many files that were saved on
the database.
What could have been done to prevent the Attack?
Measure that could have taken by the organization to avoid this breach is that
OneLogin service provider should have introduced third party for the external security of the
company to make sure that it has adequately mopped up with any of the certain data breach.
All the log management system should be restricted to the SAML-based authentication.
Password should be set auto reset mode based on auto generation of password (Hossain,
Hasan & Skjellum, 2017). This was being implemented after the breach already happened,
whereas OneLogin should have learnt from the previous attack and should have implemented
it before the second intrusion happened.
Measures that individual or organization should be taken to keep them safe can be listed as:
Monitoring leaked credentials of the customers before and after the breach (Cheng,
Liu & Yao, 2017).
Implementation of multi-factor authentication that does not leverage SMS
Deployment of an inline Web Application Firewall
Monitoring leaked credentials of the employees working in the organization
INFORMATION SECURITY
APIs is a technical term or language for the conversation between the applications to
exchange information and APIs allows developer to collect pre-written components of the
software, thus both of them need to work together. The hackers get access to this server and
found coding to decrypt those data, which were encrypted before for the security of those
data. The hackers got access to the database table using these codes, which contains
information and data about the users, applications and various other types of keys. Then they
use other coding to decode the encrypted files and decrypted many files that were saved on
the database.
What could have been done to prevent the Attack?
Measure that could have taken by the organization to avoid this breach is that
OneLogin service provider should have introduced third party for the external security of the
company to make sure that it has adequately mopped up with any of the certain data breach.
All the log management system should be restricted to the SAML-based authentication.
Password should be set auto reset mode based on auto generation of password (Hossain,
Hasan & Skjellum, 2017). This was being implemented after the breach already happened,
whereas OneLogin should have learnt from the previous attack and should have implemented
it before the second intrusion happened.
Measures that individual or organization should be taken to keep them safe can be listed as:
Monitoring leaked credentials of the customers before and after the breach (Cheng,
Liu & Yao, 2017).
Implementation of multi-factor authentication that does not leverage SMS
Deployment of an inline Web Application Firewall
Monitoring leaked credentials of the employees working in the organization
5
INFORMATION SECURITY
Monitoring whether the name of the brand and company names are mentioned or not
in the crack forums (Hutching & Holt, 2017).
Gaining awareness about the credential stuffing tools to ensure that none of the data
into wrong hands.
Part B
WannaCry Ransomware Cyber Attack
Ransomware cyber-attack was one of the biggest data breaches of this century that
causes damages to several computers at global level. Ransomware cyber-attack affected more
than 230,000 computers around the, world in between 12th may and 15th may (Collier, 2017).
The intruders were asking money in the form of Bit Coin Currency in exchange of the anti-
virus, which will decrypt the encrypted files as mentioned in the next paragraph, and thus it
was named as WannaCry Ransomware attack (Martin, Krinoss & Hankin, 2017). It is being
expected that the Ransomware cyber-attack be originated from London when a European
accessed a zip file, which activated the malicious virus and spread across other systems by
using network as a bridge.
What was the problem?
There were mainly two software that were used to make this incident happen, one
which gave them access to the storage files saved in the system, which was stolen from the
U.S. agency and another which was originated by the intruders to encrypt the files.
Technically, the virus encrypts all the files so that a user will not be able to open any file
without the decryption code or any anti-virus, which can only be proposed by the hackers.
Experts in IT found a way to slow down the wrath of this attack but after that, regular updates
were started uploading to the systems, which results in wastage of time only by the attempts
INFORMATION SECURITY
Monitoring whether the name of the brand and company names are mentioned or not
in the crack forums (Hutching & Holt, 2017).
Gaining awareness about the credential stuffing tools to ensure that none of the data
into wrong hands.
Part B
WannaCry Ransomware Cyber Attack
Ransomware cyber-attack was one of the biggest data breaches of this century that
causes damages to several computers at global level. Ransomware cyber-attack affected more
than 230,000 computers around the, world in between 12th may and 15th may (Collier, 2017).
The intruders were asking money in the form of Bit Coin Currency in exchange of the anti-
virus, which will decrypt the encrypted files as mentioned in the next paragraph, and thus it
was named as WannaCry Ransomware attack (Martin, Krinoss & Hankin, 2017). It is being
expected that the Ransomware cyber-attack be originated from London when a European
accessed a zip file, which activated the malicious virus and spread across other systems by
using network as a bridge.
What was the problem?
There were mainly two software that were used to make this incident happen, one
which gave them access to the storage files saved in the system, which was stolen from the
U.S. agency and another which was originated by the intruders to encrypt the files.
Technically, the virus encrypts all the files so that a user will not be able to open any file
without the decryption code or any anti-virus, which can only be proposed by the hackers.
Experts in IT found a way to slow down the wrath of this attack but after that, regular updates
were started uploading to the systems, which results in wastage of time only by the attempts
6
INFORMATION SECURITY
made by researchers. Virus was attacking the systems based on operating systems like
Windows 7, window XP, Server 2003, and Windows 8 (Mohurle & Patil, 2017). It was
reported that the virus was not much effective on the systems that were being operated at
server 2003 or Windows XP, which means hackers were targeting the latest operating
systems. It was also noted that this virus mostly affects the software that were being installed
from black market. This conclusion was drawn from the measurement of the damage done to
the Chinese countries, as almost 70 % of the systems in China are running on the software
that are from black market.
Who were affected and how?
This was a worldwide cyber-attack, which damages several organization including
government federals to various multinational companies. Some of the organization with
advanced IT were able to decrypt the files that were encrypted by them and few were saved
by using common senses like turning systems offline for further access by the virus but
several were affected by this attack (Renaud, 2017). Government, Hospitals, and
multinational companies, of Russia, Japan, China, U.S. and several other countries were
affected by this wide spread cyber-attack. Multi-national automobile companies like Nissan
and Renault had to suffer damages in the production due to this data breach. This virus made
several police stations of China and India to shut down their systems and put the station
offline in manner to stop the spreading of the virus among different systems. Big Electronic
companies and Multinational Courier Companies like Fed Ex and Hitachi reported the
intrusion of this attack. Several hospitals in UK and U.S. reported the same malware affected
their systems which results in delay of several operations and surgeries. Nissan was on the list
of least affected automobile companies as an individual with common sense put their all
systems offline when attack was seems to affecting one system and save the rest of the
INFORMATION SECURITY
made by researchers. Virus was attacking the systems based on operating systems like
Windows 7, window XP, Server 2003, and Windows 8 (Mohurle & Patil, 2017). It was
reported that the virus was not much effective on the systems that were being operated at
server 2003 or Windows XP, which means hackers were targeting the latest operating
systems. It was also noted that this virus mostly affects the software that were being installed
from black market. This conclusion was drawn from the measurement of the damage done to
the Chinese countries, as almost 70 % of the systems in China are running on the software
that are from black market.
Who were affected and how?
This was a worldwide cyber-attack, which damages several organization including
government federals to various multinational companies. Some of the organization with
advanced IT were able to decrypt the files that were encrypted by them and few were saved
by using common senses like turning systems offline for further access by the virus but
several were affected by this attack (Renaud, 2017). Government, Hospitals, and
multinational companies, of Russia, Japan, China, U.S. and several other countries were
affected by this wide spread cyber-attack. Multi-national automobile companies like Nissan
and Renault had to suffer damages in the production due to this data breach. This virus made
several police stations of China and India to shut down their systems and put the station
offline in manner to stop the spreading of the virus among different systems. Big Electronic
companies and Multinational Courier Companies like Fed Ex and Hitachi reported the
intrusion of this attack. Several hospitals in UK and U.S. reported the same malware affected
their systems which results in delay of several operations and surgeries. Nissan was on the list
of least affected automobile companies as an individual with common sense put their all
systems offline when attack was seems to affecting one system and save the rest of the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7
INFORMATION SECURITY
systems from being corrupted by the malicious virus. This virus affected many areas in
Russia and India (Gandhi, 2017).
How was the attack carried out?
IT researchers and the developers explained that attack was initiated at London on 12th
may 2017; virus was injected into the host computer, which is activated after when a
European opened a zip file. Many commands were executed automatically after the activation
of that virus which was programmed by the hackers. Some commands were being executed in
order to deviate the researchers and the experienced IT. After certain hours, it was found that
the virus is executing command to system to connect to an unknown server, which does not
exist at all. The main intention behind this execution of this code was to distract the
researchers for gathering much time to corrupt the files saved in the storage of the system.
The encryption was very tough that no one would be able to decrypt the files without any
anti-virus or decryption coding (Gandhi Krunal, 2017). Access to the files stored in the
storage of the system was gained by using the stolen software, which was in real produced by
the U.S. Agency. This software was named ‘EthernalBlue’, which was used to push the virus
to the storage drive of the system. The hacker named the anti-virus as ‘DoublePulsar’ and
they were offering this anti-virus in exchange of the money in the form of Bit Coin Currency.
What could have been done to prevent the attack?
The preventive measures that could have prevented this ransomware attack can be listed as:
First of all the EthernalBlue software should not have gone viral and exposed
on the internet, which gave access to the hackers to the storage system of
various users.
If the files were encrypted and tokenized earlier this breach would not harm
those files and data.
INFORMATION SECURITY
systems from being corrupted by the malicious virus. This virus affected many areas in
Russia and India (Gandhi, 2017).
How was the attack carried out?
IT researchers and the developers explained that attack was initiated at London on 12th
may 2017; virus was injected into the host computer, which is activated after when a
European opened a zip file. Many commands were executed automatically after the activation
of that virus which was programmed by the hackers. Some commands were being executed in
order to deviate the researchers and the experienced IT. After certain hours, it was found that
the virus is executing command to system to connect to an unknown server, which does not
exist at all. The main intention behind this execution of this code was to distract the
researchers for gathering much time to corrupt the files saved in the storage of the system.
The encryption was very tough that no one would be able to decrypt the files without any
anti-virus or decryption coding (Gandhi Krunal, 2017). Access to the files stored in the
storage of the system was gained by using the stolen software, which was in real produced by
the U.S. Agency. This software was named ‘EthernalBlue’, which was used to push the virus
to the storage drive of the system. The hacker named the anti-virus as ‘DoublePulsar’ and
they were offering this anti-virus in exchange of the money in the form of Bit Coin Currency.
What could have been done to prevent the attack?
The preventive measures that could have prevented this ransomware attack can be listed as:
First of all the EthernalBlue software should not have gone viral and exposed
on the internet, which gave access to the hackers to the storage system of
various users.
If the files were encrypted and tokenized earlier this breach would not harm
those files and data.
8
INFORMATION SECURITY
Original operating system would have provided security patches for the
systems (Mattei, 2017).
Microsoft should have predetermined about such attack and should have
launched the patches much earlier.
Anti-malware software was also the option, which will have not allowed the
third party to access the storage of the system.
INFORMATION SECURITY
Original operating system would have provided security patches for the
systems (Mattei, 2017).
Microsoft should have predetermined about such attack and should have
launched the patches much earlier.
Anti-malware software was also the option, which will have not allowed the
third party to access the storage of the system.
9
INFORMATION SECURITY
References
Cheng, L., Liu, F., & Yao, D. D. (2017). Enterprise data breach: causes, challenges,
prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and
Knowledge Discovery, 7(5).
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Gandhi Krunal, A. Year of Publication: 2017.
Gandhi, K. A. (2017). Survey on Ransomware: A New Era of Cyber Attack. International
Journal of Computer Applications, 168(3).
Hossain, M., Hasan, R., & Skjellum, A. (2017, June). Securing the Internet of Things: A
Meta-Study of Challenges, Approaches, and Open Problems. In Distributed
Computing Systems Workshops (ICDCSW), 2017 IEEE 37th International Conference
on (pp. 220-225). IEEE.
Hutchings, A., & Holt, T. J. (2017). The online stolen data market: disruption and
intervention approaches. Global Crime, 18(1), 11-30.
Martin, G., Kinross, J., & Hankin, C. (2017). Effective cybersecurity is fundamental to
patient safety.
Martin, K. D., & Murphy, P. E. (2017). The role of data privacy in marketing. Journal of the
Academy of Marketing Science, 45(2), 135-155.
Martin, K. D., Borah, A., & Palmatier, R. W. (2017). Data privacy: Effects on customer and
firm performance. Journal of Marketing, 81(1), 36-58.
INFORMATION SECURITY
References
Cheng, L., Liu, F., & Yao, D. D. (2017). Enterprise data breach: causes, challenges,
prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and
Knowledge Discovery, 7(5).
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Gandhi Krunal, A. Year of Publication: 2017.
Gandhi, K. A. (2017). Survey on Ransomware: A New Era of Cyber Attack. International
Journal of Computer Applications, 168(3).
Hossain, M., Hasan, R., & Skjellum, A. (2017, June). Securing the Internet of Things: A
Meta-Study of Challenges, Approaches, and Open Problems. In Distributed
Computing Systems Workshops (ICDCSW), 2017 IEEE 37th International Conference
on (pp. 220-225). IEEE.
Hutchings, A., & Holt, T. J. (2017). The online stolen data market: disruption and
intervention approaches. Global Crime, 18(1), 11-30.
Martin, G., Kinross, J., & Hankin, C. (2017). Effective cybersecurity is fundamental to
patient safety.
Martin, K. D., & Murphy, P. E. (2017). The role of data privacy in marketing. Journal of the
Academy of Marketing Science, 45(2), 135-155.
Martin, K. D., Borah, A., & Palmatier, R. W. (2017). Data privacy: Effects on customer and
firm performance. Journal of Marketing, 81(1), 36-58.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
INFORMATION SECURITY
Mattei, T. A. (2017). Privacy, Confidentiality, and Security of Health Care Information:
Lessons from the Recent WannaCry Cyberattack. World Neurosurgery, 104, 972-974.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack
2017. International Journal, 8(5).
OneLogin (2017). Retrieved 23 August 2017, from https://oag.ca.gov/system/files/Sample
%20Notice_9.pdf
Renaud, K. (2017). It makes you Wanna Cry.
Spillner, J. (2017). Exploiting the Cloud Control Plane for Fun and Profit. arXiv preprint
arXiv:1701.05945.
INFORMATION SECURITY
Mattei, T. A. (2017). Privacy, Confidentiality, and Security of Health Care Information:
Lessons from the Recent WannaCry Cyberattack. World Neurosurgery, 104, 972-974.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack
2017. International Journal, 8(5).
OneLogin (2017). Retrieved 23 August 2017, from https://oag.ca.gov/system/files/Sample
%20Notice_9.pdf
Renaud, K. (2017). It makes you Wanna Cry.
Spillner, J. (2017). Exploiting the Cloud Control Plane for Fun and Profit. arXiv preprint
arXiv:1701.05945.
1 out of 11
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.