Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Cybersecurity Threats and Prevention Strategies

Verified

Added on 2020/02/24

AI Summary

This assignment delves into the realm of cybersecurity by examining prevalent threats such as phishing attacks, ransomware infections, and data breaches. It emphasizes the importance of understanding these vulnerabilities and provides insights into practical prevention strategies to mitigate risks and protect sensitive information.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SECURITY
Assessment item 2
[Student Name Here]
[Institution’s Name Here]
[Professor’s Name Here]
[Date Here]

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

INFORMATION SECURITY 2
Table of Contents
Part A: DocuSign................................................................................3
The problem.......................................................................................3
How and why.....................................................................................4
Solution..............................................................................................5
Part B: May 2017 Ransomware attack (WannaCry)......................6
The problem.......................................................................................6
Who and how.....................................................................................6
Attack method....................................................................................7
Solution..............................................................................................8
References............................................................................................9

INFORMATION SECURITY 3
Part A: DocuSign
The problem
Across the digital medium, users are faced by many authenticity and integrity problems
because of the pervasive nature of the internet. Moreover, users are forced to operate with
other users who are unknown to them. These outcomes force users to use third party members
to authenticate their operations, a function offered by DocuSign. Now, the company offers
signature services across electronic documents which facilitate business operations among
many other functionalities that require user verification. In essence, users will append
verifiable signatures to the information they send to other users through the DocuSign portal,
a feature that is encrypted with some of the best security protocols. However, this service was
heavily exposed and breached in May (2017), when thousands of customer records were
leaked by intruders (Ribeiro, 2014).
First, two major forms of attack were conducted, the first still unknown based on its access
procedure was the genesis of the problem as it exposed the necessary data to conduct the
second attack. In the first attack, intruders were able to access customer records from
DocuSign communication system. This information included records of names and contact
address (including email). Furthermore, the intruders’ accessed the communication service
used by the customers and the organization. Now, the communication service sent emails to
customers alerting them on the documents they needed to sign as provided by their affiliate
business partners or work members. Therefore, this communication services was the
foundation of the DocuSign service. Nevertheless, the access granted through the first breach
gave the intruders access to the said information which they used to send phishing emails to
the customers, the second form of attack (Mann, 2017).

INFORMATION SECURITY 4
How and why
DocuSign dismissed the attack as it hit the low-level systems which according to them had
minimal confidential data that had zero financial records/information. Moreover, the
organization claims to have alerted its customers of the impending danger after realising the
breach which they also claim helped to contain the problem. However, according to security
experts, the main problem outlined in this attack, was the facilitation made by the
organization in helping the intruders access customers data and systems which were later
used to target them. A serious security violation that targeted customers through legitimate
communication systems. In all the attack was conducted in two steps; first, the attackers
gained access to the company’ servers i.e. the communication system which held both the
details of communication (email address) and the communication facility itself. Thereafter,
the intruders sent customers phishing emails in which each customer was requested to open a
word document in need of their action (signature). Now, this word document when clicked
directed the users to the intruders’ website where their confidential information was requested
(Shu, 2017).
So, why did the attack happen?
Phishing attacks usually target users’ confidential information through duplication or
replication techniques, where malware containing malicious applications or systems are sent
to unsuspecting cyber systems users. In most cases, the targeting is done using
communication channels such as messaging apps and email accounts. The intruders will send
emails or messages to the users who naively click on them as they are disguised as the
legitimate addresses to different functionalities of organizations (). After clicking the links,
the users are sent to false accounts or systems that request, users’ information. In this
incidence, the attack happened due to negligence where the host organization surrendered the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

INFORMATION SECURITY 5
information owned by its customers to intruders. In fact, without the assistance given to the
intruders, the attack would never have happened (Impreva, 2012).
However, the attack did also happen because of the users’ negligence, although filled with
many legitimate procedures that would have tricked any vigilant customer, the attack would
have been avoided using a watchful eye. Nevertheless, the verifiable accounts were used
(DocuSign communication system) which included the company’s logos, communication
details and procedures. Therefore, the users would have only noticed the intrusion after
clicking on the phishing email which then proceeded to ask for confidential information such
as financial records. However, the organization did outline that the attack was a failed attempt
as no users financial details were acquired (Mann, 2017).
Solution
Targeting customer through phishing attacks can only be solved by user sensitization, this
solution happens to be the most effective countermeasure as it prevents all attacks
irrespective of the procedure used. Furthermore, it improves the chances of other technical
solutions such as firewalls, access control and anti-malware firmware. Therefore, in the first
solution (sensitization), the users are familiarised with the attack procedures used by the
intruders where emails, messages and adware (pop-ups) are sent to users who click on them
either intentionally or unintentionally. After clicking on the said content they are directed to
the target systems. Therefore, by having this knowledge the users can be vigilant and avoid
any material or link that directs and request any confidential information. Moreover, users
should never provide information in any system unless it's completely verified (Parno, Kuo,
& Perrig, 2008).
Technically, the solutions start with simple anti-malware applications that root out the
phishing malware which provides the first line of defence. Today’s anti-virus systems will
alert the users in case their system is compromised more so, by unverifiable links or

INFORMATION SECURITY 6
addresses. Secondly, we have access procedures and securing of end points which in this
instance should have been done by DocuSign as they were the root of the problem. As an
organization, DocuSign should re-evaluate its security procedures and policies as they were
heavily compromised to grant the intruders access. In the future, they should have multiple
access control procedures to limit illegal access to their systems (Jain & Jinwala, 2015).
Part B: May 2017 Ransomware attack (WannaCry)
Ransomware represents malware attacks that target users’ information by placing systems on
lockdown unless ransom payments are made. In essence, the user will fail to access their files
and system as a disruption message is displayed on their computer screens requesting for the
payment. Intruders using this form of attack will threaten to expose the said information to
the public or destroy it which based on the value of the content will arguably push the user to
pay the demanded amount. Similarly, the attack at hand was conducted to extort users,
however, in this case, the affected came from different parts of the world an extensive
intrusion that compromised global functionalities (Emling, 2017).
The problem
According to cyber security experts, the May attack signalled the biggest cyber-attack in
history as millions of users were affected worldwide by a new and revolutionary ransomware.
Now, at the start of the intrusion, 100 countries were affected, an outcome that originated in
the United States where the country’s cyber weapons were accessed by a rogue cyber hack
team. This team gained access to a vital vulnerability in Windows system which propelled the
attack across the world, but with heavy intrusions in the countries of Russia and England
(News, 2017).
Who and how
Starting with Russia and England, the attack targeted different institutions and organizations
which nearly crippled the services offered by the public sectors. In England for instance, the

INFORMATION SECURITY 7
health industry was compromised as both employees and patients were unable to access
service records through the NHS (National Health system) system. To the employees, they
found ransom notes across their screens requesting for $300 payment so as to access their
files. Subsequently, the patients also faced the same outcome with some failing to access vital
medical procedures including surgeries as their medical records were unavailable for
consultation (Islaim, 2017).
However, Russia was the most hit as outlined by the multifaceted attacks that claimed
casualties in different sectors of the country. To start with, the malware compromised the
public sector by affecting several ministries of the country and including a state owned
Railway Company. Furthermore, the attack also took down private organizations in the field
of banking. In addition to this, the ransomware did also affect other countries such as Egypt,
China and Spain where again the same outcome was experienced (Emling, 2017).
Attack method
Ransomware represents a group of malware attacks that compromise the system to demand
payments or resources and like any other form of malware attacks, they will execute their
attacks through the vulnerabilities exhibited in cyber systems. Similarly, the WannaCry
targeted cyber systems through the vulnerabilities exposed by Windows systems. However,
unlike other common attacks, the WannaCry intrusion was fuelled by serious operational
procedures as developed by the National Security Agency (NSA) of the United States. Now,
the NSA is known to have several cyber weapons tools which they store for national security
procedures. In this case, the vulnerability at hand was known as EternalBlue and it affected
Windows networking procedures through its messaging block i.e. SMB. In all, the SMB is an
application protocol that resides within the application layer of the TCP/IP model where it
facilitates communication of machines in networks (EMC, 2016).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

INFORMATION SECURITY 8
SMB will allow users to access files within networks where computers read and write files
through the protocol. Moreover, the same protocol will enable computers to request services
within networks. It’s therefore, through this procedure that the vulnerability at hand worked.
In the attack, the vulnerability was used to access the target machines which were remotely
activated using an SMB handshake. After the access, the payload holding the ransomware
program was loaded and activated into the target machine. On activation, the program started
scanning for other networks connected to the infected machine and un-secured connections
were used to spread the payload even further. Now, it is through this self-replicating
procedure that the malware was able to successfully infect many machines across the globe
(Islaim, 2017).
Solution
WannaCry utilised a serious vulnerability in Windows systems which gave unsolicited access
to users systems through the networks they were connected to such as the internet. However,
prior to accessing the said vulnerability (EternalBlue), the machines connected to the
networks needed to have unsecured access ports for the intruders to deliver the payload which
subsequently targeted the said vulnerability. Therefore, the first step or method that would
have been used to prevent the attack was to secure the access systems of networks. This
outcome would have been done using several access procedures including access control and
firewalls. These procedures would have limited the attacks by isolating the networks access
ports (Burgess, 2017).
Secondly, the vulnerability at hand should have been identified by the developers and users
alike. The users through their security checks should have assessed the operating systems for
any technical glitches which would have been used to develop a solution. Therefore, the
attack was propelled by a poor security procedures/policies that failed to identify the threats
facing the cyber system. Furthermore, the manufacturer failed to develop a competent system

INFORMATION SECURITY 9
which affected millions of users worldwide, a common occurrence today as developers are
more focused on product deployment as compared to security. Therefore, the first line of
defence to the attack should have been secure systems as developed by the product developer
including inbuilt firewall systems (Burgess, 2017).
References
Burgess. (2017). Everything you need to know about EternalBlue – the NSA exploit linked to
Petya. . Wired, Retrieved 24 August, 2017, from:
http://www.wired.co.uk/article/what-is-eternal-blue-exploit-vulnerability-patch.
EMC. (2016). Preventing a ransomware disastor. EMC, Retrieved 24 August, 2017, from:
https://www.google.com/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwiwgd
WRi_DVAhWIK8AKHdA9BKEQFggqMAA&url=https%3A%2F%2Fmozy.com
%2Fsystem%2Fresource.
Emling, S. (2017). Ransomware Attack Wreaks Havoc Globally. AARP, Retrieved 24
August, 2017, from: http://www.aarp.org/money/scams-fraud/info-2017/how-to-
protect-against-ransomware-fd.html.
Impreva. (2012). Phishing made easy: Time to rethink your prevention strategy? HACKER
INTELLIGENCE INITIATIVE, Retrieved 28 August, 2017, from:
https://www.imperva.com/docs/Imperva-HII-phishing-made-easy.pdf.
Islaim, A. O. (2017). SMB Exploited: WannaCry Use of "EternalBlue". Fire eye, Retrieved
24 August, 2017, from: https://www.fireeye.com/blog/threat-research/2017/05/smb-
exploited-wannacry-use-of-eternalblue.html.
Jain, A., & Jinwala, D. (2015). Preventing Phishing Attacks: A Novel Approach.
International Journal of Computer Applications , Retrieved 28 August, 2017, from:
http://research.ijcaonline.org/volume121/number14/pxc3904521.pdf.
Mann, S. (2017). DocuSign Was Hacked, but It's Not That Bad. Inc Security, Retrieved 28
August, 2017, from: https://www.inc.com/sonya-mann/docusign-hacked-emails.html.
News, B. (2017). Massive ransomware infection hits computers in 99 countries. Technology,
Retrieved 24 August, 2017, from: http://www.bbc.com/news/technology-39901382.
Parno, B., Kuo, C., & Perrig, A. (2008). Phoolproof Phishing Prevention. Retrieved 28
August, 2017, from:
http://www.netsec.ethz.ch/publications/papers/parno_kuo_perrig_phoolproof.pdf.
Ribeiro, J. (2014). Digital signature service DocuSign hacked, users hit with malicious
emails. PC world, Retrieved 28 August, 2017, from:

INFORMATION SECURITY 10
http://www.pcworld.com/article/3196902/security/digital-signature-service-docusign-
hacked-and-email-addresses-stolen.html.
Shu, C. (2017). DocuSign confirms customer email addresses were stolen and used in
phishing campaign. Tech crunch, Retrieved 28 August, 2017, from:
https://techcrunch.com/2017/05/15/docusign-confirms-customer-emails-were-stolen-
and-used-in-phishing-campaign/.

1 out of 10

+13062052269

info@desklib.com

Cybersecurity Threats and Prevention Strategies

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Ransomware Attacks and Cybersecurity

WannaCry Ransomware Attack Analysis

San Zaw and Vasupongayya 2019

WannaCry Ransomware Attack Analysis

Social Engineering Threats and Mitigation

Cybersecurity Issues at JK Company