Analysis of Cyber Attacks: Targeted Attacks, Ransomware, and Tools

Verified

Added on 2020/10/01

AI Summary

This report provides an in-depth analysis of cyber attacks, with a specific focus on targeted attacks and ransomware. It begins by defining cyber attacks and categorizing them, highlighting the motives and techniques employed by attackers. The report then delves into targeted attacks, explaining their characteristics and stages, including examples like spear phishing and advanced persistent threats. A recent incident involving a ransomware attack on a hospital in Düsseldorf, Germany, is examined in detail, including the tools and techniques used, such as a vulnerability in a Citrix VPN system (CVE-2019-19781). The report discusses the motivations behind cyber attacks, particularly the financial gain through ransomware, and the increasing prevalence of these attacks. The tools and technologies involved in the attacks, such as Citrix Gateway, are also explored, providing a comprehensive overview of the threat landscape.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Contents
Cyber Attacks:..............................................................................................................................................1
Targeted Attacks:........................................................................................................................................1
Recent incident of cyber attack:...................................................................................................................2
Motivates or Reasons:.............................................................................................................................2
Ransomware attack.....................................................................................................................................3
Tools/Techniques of occurred attack..........................................................................................................4
Cyber Attacks:
Cyber attack is an intentional exploitation of computer; technology related organizations as well as
networks. Utilization of malicious code in order to alter computer code, data or logic that results in
turbulent affects which leads to data loss and force cyber crimes like information and identity
personating. It’s a kind of attack that is launched from single or multiple computers against many
networks or computers. We can categorize cyber attacks into two distinct types.
 Attacker’s goal is to disable targeted network or make it offline
 Attacker’s goal is to achieve the data access of targeted computer including admin privileges.
In accordance to Practical Law Company Whitepaper, cyber attack is a type of attack occurred through a
computer against to a computer, website or single computer that compromises integrity, confidentiality
and availability of computer along with the data stored in it. Cyber attacks take form of computer crime
that is generally is a criminal activity in which the target source is the computer or network or the crime
place. Here the point of notice is that the cyber attacks have a motive to compromise that specific targeted
system so that the attacker achieves something related to the information stored in the computer or the
entire access over the specific system. Cyber criminals use multiple composite methods in order to
circumvent the detection as steal very silently into corporate networks for stealing rational property or
grasp the files for ransom. Their related threats are encrypted in order elude the detection.
Targeted Attacks:
These attacks are related to those attacks that are modeled at specific organizations, services and
individuals in order to achieve technical, private and institutional data and other logical resources for
preserving or financial gain. In this type of attack is divided due to the fact that attacker has their
particular interest in the business or they are being paid for targeting the victim. For generating attack
base take months in order to find foremost route to directly convey the exploit towards the targeted
systems or users. This type of attack is much more troublesome and dangerous as compared to the
untargeted ones because it’s been adapted to attack particular systems, processes and individuals
present at workplace or sometimes at the home. Targeted attacks becoming sophisticated enough
because they undergoes from diverse stages. Few are mentioned here.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Spear Phishing: Emails are send to the targeted individuals which includes an attachment along with
malicious software or provided a link which leads towards the installation of that malicious software.
Botnet Attacks: Situating a botnet for delivering DDOS Distributed Denial of Service attack, this expands
the malware that is used in eavesdropping over the network of user or utilized to launch web phishing
attack. These botnets are always works under control of botmaster.
Advanced Persistent Threat: It is one of the type of targeted attack that is obtained over a specific entity
and occurred continuously and intently through various ways for achieving access to the target.
Advance Persistent Attacks are classified into two categories:
 Attacks that are launched by using public servers and websites over the internet.
 Attacks against the user by using social engineering of the targeted users by sending them
malicious programs.
Example: targeted email attacks.
Some other types of targeted attacks are Intrusion, CyberEspionage, Elimination of traces of activity and
Internal spread Attack.
Recent incident of cyber attack:
On 10th September 2020, in Düsseldorf city of Germany, a major hospital has become target of
ransomware attack. The IT system of Düsseldorf University’s clinic is crashed moderately along the
entire week. Women died who need to admit urgently in the hospital but she has to be taken to another
city for her treatment due to this reason.
Details of the incident: An underated DopplePaymer ransomware has crashed the operational systems at
one of the major hospital present in North Rhine-Westphalia that is a popular state of Düsseldorf. The
reason behind this crash is the failure of critical systems becomes the reason of delayed emergency
treatment which further results in the death of one patient. It is probably the first case of cyber crime ever
that related to the physical casualty.
Deadly attack: In accordance to German authorities, this DoppelPaymer ransomware turbulent the IT
systems of Düsseldorf University’ Clinic by infecting 30servers present in the network. The operators of
ransomware left with an extortion note having details of the attacker to contact but doesn’t contain any
demand of tactile ransom.
 Loss and damage: Doctors were unable to access data and start the treatment of patient about an
hour due to the reason of system crash. This unfortunate delay leads to the dead of one patient
who required emergency treatment and this patient was being taken to another city for the
treatment.
 Additionally the attack that targets Heinrich Heine University is affiliated with Düsseldorf
University Clinic.
 The concerned authorities contacted the operators of ransomware and told them the entire
situation occurs from that attack. Then later on the attackers decided to backoff by withdrawing
the extortion attempt and give a digital key in order to decrypt the data.
Motivates or Reasons:
There is one major reasons behind the occurrence of this ransomware attack.

To gain money: The attackers make it crystal clear that they will release the data once they get the
ransom in form of Bitcoin or money once the attack take place.
Other reasons amy include:
 Universally low performance of network: The attack is launched in order to block the resources
of the victim system that eventually decrease the level of system performance and detain to the
network.
 Revenge: In this kind, the attacker who are having low technical skills in their profession and
doesn’t proved themselves capable enough, are become very frustrated and hence launches the
attack as a reaction perceived inequity.
 Economical profit: This is one of the extremely treacherous attack and tough to terminate. These
attacks are mostly concern of corporations and acquire good experience and high level technical
skills.
Ransomware attack
Ransomware becomes profitable technique for cyber criminals. No business has become resistant
from ransomware threat.
When a system becomes affected by ransomware attack then I will be a flustering and challenging
situation in order to manage it. If once a malware infects machine then I will attack particular files or
either the whole hard drive and lock you out from your own personal data. Ransomware is increasing
rapidly about 750 percent in the last year.
 Cybercrime related damages are anticipate to reach nearly $6 trillion till the year 2021.
 One best way to stop this ransomware is to be proactive through implementing preventing
techniques at the initial stage.
 Every type of ransomware share a mutual objective. This goal is to lock your hard drive
and encrypts your every files and then demands money in order to access your data.
 Ransomware is one from multiple malware types or malicious software which utilizes
encryption in order to hold your data for the purpose of ransom.
 It is a kind of malware which often target both technical weaknesses and human through
striving to refuse the organization about the availability of their major sensitive data and
systems.
 The attacks on the cyber security spans from malware by locking the system to entire
encryption of files and resources till the ransom are paid.
 A perpetrator utilizes a phishing attack or some other form of hijacking in order to achieve
access of entry into the computer system.
 One way for ransomware to gets into your computer is though email attachments that you
download accidently. If the system is infected with ransomware once then the virus
encrypts your files and prevents the access.
 Hacker makes it very clear that the data that is stolen will be provided back to the victim if
the victim pays a ransom.

 The victims are demanded to pay ransom in form of Bitcoins. Once the ransom is paid then
the cyber criminals release the data and send a key for encrypted files.
https://phoenixnap.com/blog/preventing-detecting-ransomware-attacks
Tools/Techniques of occurred attack
Ransomware attack is one of the kinds of cyber attacks. The technique used in order to launch
ransomware attack in Düsseldorf University’s clinic is through a flaw that was present in a Citrix VPN
system, this attack is penetrated from here.
The IT operations of hospitals are remains affected and patients are remains unable to admit that brought
in by the ambulances.
Cyber security agency of Germany, the Federal Officer for Information security called up the systems of
hospital. The chief Arne Schönbohm said that the Citrix flaw has known for about December 2019 and
called over healthcare facilities and tell to not delay the security upgrades.
Nearly about 30servers were targeted in this attack that exploits a widely used commercial add-on
software.
The hackers entry point in this attack was a vulnerable Citrix VPN CVE-2019-19781 appliance.
Tool/Technology:
Citrix Gateway
Citrix Gateway is a full SSL VPN solution that authenticates users access to the network resources. Along
with both full tunnel VPN and options for clientless VPN, application can be access by users and data
deployed on premises or in the environment of cloud.
Problem Description:
An identified vulnerability Citrix Application Delivery Controller (ADC) that is generally known as
NetScalar ADC and the Citrix Gateway known as NetScalar Gateway that is if exploited then it allows
unauthorized attacker for performing random execution of code.
Customer’s requirement
Utilization of this problem over unmitigated appliances has been noticed. Citrix forcefully needs affected
customers in order to urgently upgrade towards a fix build or either apply the given mitigation that
equally applies to Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP deployments. Those customers
who decide to urgently implement the mitigation are required to upgrade every vulnerable appliances to a
fixed build of appliance over the earliest schedule.