IT Security Management
Added on 2022-11-28
12 Pages2958 Words324 Views
Materials Science and Engineering
|
|
|
Running head: IT SECURITY MANAGEMENT
IT SECURITY MANAGEMENT
Name of the Student
Name of the University
Author Note:
IT SECURITY MANAGEMENT
Name of the Student
Name of the University
Author Note:
IT SECURITY MANAGEMENT1
Table of Contents
Part 1- Researching Network Attacks.........................................................................2
Part 2- Researching about GitHub DDOS Attack.........................................................5
Answer to Question 1.............................................................................................. 5
Answer to Question 2.............................................................................................. 5
Answer to Question 3.............................................................................................. 5
Answer to Question 4.............................................................................................. 6
Answer to Question 5.............................................................................................. 6
Answer to Question 6.............................................................................................. 7
Answer to Question 7.............................................................................................. 7
Part 3- CASE STUDY: How cyber-criminals targeted QLD law firm with social
engineering................................................................................................................ 9
References............................................................................................................... 11
Table of Contents
Part 1- Researching Network Attacks.........................................................................2
Part 2- Researching about GitHub DDOS Attack.........................................................5
Answer to Question 1.............................................................................................. 5
Answer to Question 2.............................................................................................. 5
Answer to Question 3.............................................................................................. 5
Answer to Question 4.............................................................................................. 6
Answer to Question 5.............................................................................................. 6
Answer to Question 6.............................................................................................. 7
Answer to Question 7.............................................................................................. 7
Part 3- CASE STUDY: How cyber-criminals targeted QLD law firm with social
engineering................................................................................................................ 9
References............................................................................................................... 11
IT SECURITY MANAGEMENT2
Part 1- Researching Network Attacks
Name of the Attack WannaCry Ransomware Attack
Type of Attack Ransomware Attack
Dates of Attack 12th May 2017
Organization Affected UK National Health Services (NHS),
FedEx, Telefonica (Spain Largest
Telecommunication organization),
Russia Internal Ministry.
In china, around 40,000 firms were
affected [6].
How did it work and what it did: WannaCry is known to be ransomware or
extortive malware that aims to encrypt files, disk and locks various computer [4].
The malware aims to make a demand of around 300 to 600 dollars, which needs to
be paid in the form of bitcoin cash in three for decrypting the file. WannaCry
spreads by the help of server message block protocol which operates between
port number 445 and 139. It is mainly needed for establishing communication with
the file system over the given network [2]. As soon as, it is successfully installed,
WannaCry ransomware mainly scans and propagate for various risk in device.
WannaCry aims to check whether if backdoors like DoublePuslar have previously
affected the machine. In between DoublePuslar and External Blue, it mainly tends
to exploit SMB vulnerability that is completed made by Shadow broker hacking
group [5]. The working mechanism of WannaCry Attack has been described below:
Attacker makes use of yet to be confirmed for finding the initial attack
vector.
WannaCry aims to encrypt the files of victim machine by making of AES-128
cipher, deleting the shadow for various copies [1]. It aims to display a
ransom note for making a request of around 300 dollars and 600 dollars in
the form of bitcoin.
In the beginning stage of connecting nodes that are Tor.exe is mainly used
by wanna decryptor. Exe. The Tor node is connected back to the attacker
Part 1- Researching Network Attacks
Name of the Attack WannaCry Ransomware Attack
Type of Attack Ransomware Attack
Dates of Attack 12th May 2017
Organization Affected UK National Health Services (NHS),
FedEx, Telefonica (Spain Largest
Telecommunication organization),
Russia Internal Ministry.
In china, around 40,000 firms were
affected [6].
How did it work and what it did: WannaCry is known to be ransomware or
extortive malware that aims to encrypt files, disk and locks various computer [4].
The malware aims to make a demand of around 300 to 600 dollars, which needs to
be paid in the form of bitcoin cash in three for decrypting the file. WannaCry
spreads by the help of server message block protocol which operates between
port number 445 and 139. It is mainly needed for establishing communication with
the file system over the given network [2]. As soon as, it is successfully installed,
WannaCry ransomware mainly scans and propagate for various risk in device.
WannaCry aims to check whether if backdoors like DoublePuslar have previously
affected the machine. In between DoublePuslar and External Blue, it mainly tends
to exploit SMB vulnerability that is completed made by Shadow broker hacking
group [5]. The working mechanism of WannaCry Attack has been described below:
Attacker makes use of yet to be confirmed for finding the initial attack
vector.
WannaCry aims to encrypt the files of victim machine by making of AES-128
cipher, deleting the shadow for various copies [1]. It aims to display a
ransom note for making a request of around 300 dollars and 600 dollars in
the form of bitcoin.
In the beginning stage of connecting nodes that are Tor.exe is mainly used
by wanna decryptor. Exe. The Tor node is connected back to the attacker
IT SECURITY MANAGEMENT3
which makes it very much difficult for keeping a track.
IP address of the given infected system is completed checked so that IP
address works same for same subnet, which is scanned for any kind of
vulnerable machine [3]. It is mainly connected to the port 445 TCP.
As soon as the given machine is establishingsuccessful connection, then all
the data concerning payload is completely transferred.
Global Impact of WannaCry Ransomware Attack:
Around 30-40 publicly organization named organization were completely
impacted by this ransomware attack. Some of most suitable examples are Russian
Interior Ministry, Spain biggest telecommunication organization Telefonica and
lastly FedEx [6]. The whole of the UK National healthcare services was badly hit
with 16 out 47 NHS trust. After the attack, routine surgery, and appointment of
doctors where being canceled for service providers. Russia was badly hit by this
attack among all the countries.
Mitigation Options: Organization around the globe will help it mitigating the overall
risk, which is achieved by following the given steps:
Global needs to ensure that vulnerability management is merely inclusive of
robust and mature level enterprise programs.
Organization needs to have back for any kind of critical data which is stored
in the system.
Organization needs to align both timeline and its procedure for system
restoration of backups. It is mainly done so that they can have a business
continuity plan.
There is a need for review of incident response for organization along with
disaster preparedness plan so that they can make verification of adequate
address for the given ransomware event [2].
There is a need for implementing an endpoint monitoring that gives the
team visibility for any kind of malicious behavior that occurs at various
level.
Organization needs to ensure that they have a proper security training
awareness program in proper place.
There is a need for maintaining effective incident response plan so that it
which makes it very much difficult for keeping a track.
IP address of the given infected system is completed checked so that IP
address works same for same subnet, which is scanned for any kind of
vulnerable machine [3]. It is mainly connected to the port 445 TCP.
As soon as the given machine is establishingsuccessful connection, then all
the data concerning payload is completely transferred.
Global Impact of WannaCry Ransomware Attack:
Around 30-40 publicly organization named organization were completely
impacted by this ransomware attack. Some of most suitable examples are Russian
Interior Ministry, Spain biggest telecommunication organization Telefonica and
lastly FedEx [6]. The whole of the UK National healthcare services was badly hit
with 16 out 47 NHS trust. After the attack, routine surgery, and appointment of
doctors where being canceled for service providers. Russia was badly hit by this
attack among all the countries.
Mitigation Options: Organization around the globe will help it mitigating the overall
risk, which is achieved by following the given steps:
Global needs to ensure that vulnerability management is merely inclusive of
robust and mature level enterprise programs.
Organization needs to have back for any kind of critical data which is stored
in the system.
Organization needs to align both timeline and its procedure for system
restoration of backups. It is mainly done so that they can have a business
continuity plan.
There is a need for review of incident response for organization along with
disaster preparedness plan so that they can make verification of adequate
address for the given ransomware event [2].
There is a need for implementing an endpoint monitoring that gives the
team visibility for any kind of malicious behavior that occurs at various
level.
Organization needs to ensure that they have a proper security training
awareness program in proper place.
There is a need for maintaining effective incident response plan so that it
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Assignment On Risk Mitigation and Security Planlg...
|14
|2958
|38
WannaCry Ransomware Attack 2017: Target, Working, Damage, Detectionlg...
|10
|2236
|76
Understanding Ransomware Attack and Fence Register in Operating Systemlg...
|16
|3404
|318
ITC595 Information Securitylg...
|12
|2472
|132
This vulnerability allows the attackerslg...
|21
|1135
|15
DDOS and Ransomware - Deskliblg...
|4
|739
|285