Computer Security Principles - Assignment

Added on - 24 Feb 2021

  • 9

    Pages

  • 3694

    Words

  • 14

    Views

  • 0

    Downloads

Trusted by +2 million users,
assist thousands of students everyday
Showing pages 1 to 3 of 9 pages
Word Count: 2468ContentsABSTRACT............................................................................................................3INTRODUCTION.............................................................................................................3CASE STUDYThe potential vulnerabilities that have led to the speci ic cyber attack...............................4The type of access rights required to exploit a vulnerability............................................4Entry point of the attack.........................................................................................4The overall low of the cyber-attack conduction...........................................................4The parts of the system that failed...........................................................................4The impact on the assets affected, inancial, reputation, data and third parties.......................5The cyber security principle(s) were affected and in what ways......................................5The type of attacker behind the attack and potential motivations.....................................5The level of technical sophistication required to exploit a vulnerability..............................6The laws affected by the attack and which laws will be complied with in the future...............6Three ethical frameworks to assess the incident from a victim/adversary point of view..........7The Prevention/Detection/Mitigation Techniques..........................................................7CONCLUSION.........................................................................................................8GROUP SUMMARY..................................................................................................8REFERENCES........................................................................................................82
AbstractWith the rapid increasing use of technology, the extensive collection and online storage of data,and the ability to also make online payments, cyber security is integral to protecting ourpersonal data and even our inances. Through our investigation of the 2017 WannaCry attack,we have overviewed possible techniques hackers may have used to break into the systems’ oforganisations and individuals, the way these techniques may have damaged/affected data oforganisations or individuals, the possible motivations behind the attack and how the attack wassolved. Thus, we have learnt possible ways to prevent or reduce the severity of such attacks andways of inding a kill switch to treat these incidents.IntroductionThis report aims to investigate one of the most famous ransomware attacks in history: the May2017 WannaCry attack. This incident is a perfect representation of an active cyber-dependentattack which threatened integrity and availability of data across multiple computer systemsworld-wide,asthis fraudulent attack involved ile manipulation, through encryption, withfurther malicious intentions, if crypto money wasn’t paid to the attackers.In particular, this report will examine the vulnerabilities exploited, the techniques and technicaldegree of these used, as well as the motivators behind the attack. Furthermore, this report willoverview the impact on groups of individuals and various large organisations across differentcountries, the laws violated, in addition to the preventive measures and individuals involved atthe recovery stage of the attack. Moreover, this report will address the ethical morality impliedfrom a victim’s and adversary’s perspective.Given our gained knowledge from the module in conjunction with further online research, thisreport will: assess the effectiveness of the attack, outline how the attack could have caused abigger impact and propose further prevention measures that could have taken place for futurepotential attacks of the same kind. Finally, this report will include the learning outcomes andpersonal indings gained from our research on the case study.3
CaseStudyThepotentialvulnerabilitiesthathaveledtothespeci iccyberattackPotentialvulnerabilitieshighlighted,includethefactthatWannaCrywasabletoaccessorganisations cybersecurity that did not have patches provided by Microsoft or that were ‘usingolder Windows systems that were past their end-of-life’. End-of-life refers to the ‘signi icance inthe production supportability & purchase of soft/hardware products. Some argue that if it hadnot been for the lack of education around the need to update the software this attack could havebeen avoided. It was able to spread through corporate computers as it had a security exploit(EternalBlue).whichresultedinmorethan200,000computersover 150 countries leftdamagedThetypeofaccessrightsrequiredtoexploitavulnerabilityAccess control is a form of sec that manages who and what can view or use resources within acomputing environment it is essential in any business or organisation. The incident began withthe U. S National Security Agency (NSA). The exploit was said to be stolen from someone withinthe agency, However, instead of reporting the event to Microsoft they decided to use it for theirown personal gain and its ‘offensive work’. This means that they used it for ‘operations intendedto project power by the application of force in and through cyberspace’. Eventually, Microsoftcaught the light of the threat and in March 2017, issued a security bulletin ‘MS17-010.EntrypointoftheattackTens of thousands of computers had the Double Pulsar installed into their software meaningthattherewasahighchanceofvulnerability.Thisallowedthe WannaCry code to takeadvantage of the existing infection by Double Pulsar or install it. Once the malware is in thecomputer it checks the “kill switch”. The “kill switch” was a feature in Windows applicationsthat disabled system-wide internet access if the VPN connection suddenly broke off or youdisconnected manually. That way, it protected all the apps without terminating them. If theMalware was unable to detect this switch it would begin to encrypt the data of the computer.This attempts to exploit the SMB (Service Message Block) vulnerability and spread it out(randomly) to thousands of computers, globally.Theoveralllowofthecyber-attackconductionFriday 12 May 2017, the attack commenced. This was down to an exposed vulnerable SMB portrather than email phishing which everyone thought it was in the beginning. As with modernransomware,thepayloaddisplayedamessagetellingtheuserthat their iles had beencompromised and alongside this would demand a sum of ‘US$300 in Bitcoin within three daysor US$600 within seven days’. Once the victim cooperated with these demands, their moneywould be deposited in “wallets” or hardcoded bitcoin addresses. Through these wallets itallowed the perpetrators to remain unknown, making the possibility of getting money backvirtually impossible.ThepartsofthesystemthatfailedThe reign of the WannaCry came to an end after Marcus Hutchins found a ‘kill switch domainhardcoded in the malware’. Hutchins registered a domain name for the DNS sinkhole used, thishelped stop the attack spreading as this worm. The ransomware had only been able to encryptthe computer's iles if it had failed to connect to that domain. This did not help systems that had4
desklib-logo
You’re reading a preview
Preview Documents

To View Complete Document

Become a Desklib Library Member.
Subscribe to our plans

Download This Document