Information Security: Detailed Report on Two Cyberattacks
VerifiedAdded on 2020/03/01
|10
|2567
|129
Report
AI Summary
This report provides a detailed analysis of two significant cyberattacks: the Gmail phishing scam and the WannaCry ransomware. Part A focuses on the Gmail attack, outlining the problem, the affected parties, the attack methodology, and preventive measures. The attack exploited a third-party application to gain access to user accounts and spread spam through contact lists. Part B delves into the WannaCry ransomware attack, discussing its global impact, targets, the method of infection via the EternalBlue exploit, and preventative strategies like updating operating systems and blocking the 445 port. The report emphasizes the importance of user vigilance, security patches, and proactive measures to mitigate the risks associated with such cyber threats.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: INFORMATION SECURITY
INFORMATION SECURITY
Name of the Student
Name of the University
Author Note
INFORMATION SECURITY
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2INFORMATION SECURITY
Table of Contents
Part A...............................................................................................................................................3
What was the problem?...............................................................................................................3
Who were affected and how?......................................................................................................3
How was the attack carried out?..................................................................................................3
What could have been done to prevent the attack?......................................................................4
References........................................................................................................................................6
Part B...............................................................................................................................................7
What was the problem?...............................................................................................................7
Who were affected and how?......................................................................................................7
How as the attack carried out?.....................................................................................................8
What could have been done to prevent the attack?......................................................................9
References......................................................................................................................................10
Table of Contents
Part A...............................................................................................................................................3
What was the problem?...............................................................................................................3
Who were affected and how?......................................................................................................3
How was the attack carried out?..................................................................................................3
What could have been done to prevent the attack?......................................................................4
References........................................................................................................................................6
Part B...............................................................................................................................................7
What was the problem?...............................................................................................................7
Who were affected and how?......................................................................................................7
How as the attack carried out?.....................................................................................................8
What could have been done to prevent the attack?......................................................................9
References......................................................................................................................................10
3INFORMATION SECURITY
Part A
What was the problem?
Gmail users were the main target in this attack, which was done in a sophisticated
phishing scam that was seeking to gain the overall access of the account of the user with the help
of a third party application. The attack was designed and propagated in such a ways that to the
common user it would have been very difficult to judge the attack and prevent them from the
scam (Paté‐Cornell et al., 2017). The email was made is such a way that it looked like they were
from a trusted contact of the user. The main notification that was circulated in the mail was a
Google Doc file. The overall aspect of the attack was to encrypt the files and in order to decrypt
the files random was asked. It had affected some of the very critical areas the effect as well as the
after affect was considered as a huge mess in the history of cyber-attacks.
Who were affected and how?
The main target of the attack was the user of the Gmail account and its related services.
People now a day are very much familiar with the concept of the internet and when it comes to
mail related aspect the Gmail prospective is very much playing a vital role. The user of the
Gmail isaffected when they receive a mail from the attacker about sharing a Google doc files
application which would be helpful in managing the account of the user. If the user falls into the
trip it would gain access of the account and on the other hand the list of people in the contact list
of the user would also be affected in the process and would be indirectly affected by the protocol.
How was the attack carried out?
As stated earlier the main target of the attack was the Gmail user. The attack was a
sophisticated phishing scam with the main intention of gaining access of the account of the user.
Part A
What was the problem?
Gmail users were the main target in this attack, which was done in a sophisticated
phishing scam that was seeking to gain the overall access of the account of the user with the help
of a third party application. The attack was designed and propagated in such a ways that to the
common user it would have been very difficult to judge the attack and prevent them from the
scam (Paté‐Cornell et al., 2017). The email was made is such a way that it looked like they were
from a trusted contact of the user. The main notification that was circulated in the mail was a
Google Doc file. The overall aspect of the attack was to encrypt the files and in order to decrypt
the files random was asked. It had affected some of the very critical areas the effect as well as the
after affect was considered as a huge mess in the history of cyber-attacks.
Who were affected and how?
The main target of the attack was the user of the Gmail account and its related services.
People now a day are very much familiar with the concept of the internet and when it comes to
mail related aspect the Gmail prospective is very much playing a vital role. The user of the
Gmail isaffected when they receive a mail from the attacker about sharing a Google doc files
application which would be helpful in managing the account of the user. If the user falls into the
trip it would gain access of the account and on the other hand the list of people in the contact list
of the user would also be affected in the process and would be indirectly affected by the protocol.
How was the attack carried out?
As stated earlier the main target of the attack was the Gmail user. The attack was a
sophisticated phishing scam with the main intention of gaining access of the account of the user.
4INFORMATION SECURITY
The main access point of the attack was that the user received a mail from the intended attacker.
The mail was constructed in such a way that the user would automatically think of it being
authenticated mail and get involved in the attack. The mail comprised and notified the user that
they want to share a Google Doc file with them. Ones the user clicked the link which is provided
to them it led them to Google security real page where the user was prompted to allow a fake
Google Doc application. This application was not intended to manage the account (Gmail
account) of the user (Liang et ., 2017). Actually it was not actually a Google Doc file requesting
access: it was a rogue web application with the name which was same, if green light was given
by the unsuspecting marks, and then it would directly ransack the contact list and send out more
spams like this. One more affect was that one’s permission was given to the access the software
would immediately spam out the same message to all the people in the contact list bypassing the
two factor authentication if the user had set that in the respective accounts.
What could have been done to prevent the attack?
In this scenario it can be stated that attackers can be distinguished into two categories as
1. Active Attackers
2. Passive Attackers
The active attacker’s role is to get the information of the user and use them in context of
something which can be beneficial for the attackers.
The passive attacker’s role is also to get the information of the user but without altering the
information.
Active attackers can be detected because it is usually accompanied with change or alteration
of the information but on the other hand passive attackers are very much difficult to detect
The main access point of the attack was that the user received a mail from the intended attacker.
The mail was constructed in such a way that the user would automatically think of it being
authenticated mail and get involved in the attack. The mail comprised and notified the user that
they want to share a Google Doc file with them. Ones the user clicked the link which is provided
to them it led them to Google security real page where the user was prompted to allow a fake
Google Doc application. This application was not intended to manage the account (Gmail
account) of the user (Liang et ., 2017). Actually it was not actually a Google Doc file requesting
access: it was a rogue web application with the name which was same, if green light was given
by the unsuspecting marks, and then it would directly ransack the contact list and send out more
spams like this. One more affect was that one’s permission was given to the access the software
would immediately spam out the same message to all the people in the contact list bypassing the
two factor authentication if the user had set that in the respective accounts.
What could have been done to prevent the attack?
In this scenario it can be stated that attackers can be distinguished into two categories as
1. Active Attackers
2. Passive Attackers
The active attacker’s role is to get the information of the user and use them in context of
something which can be beneficial for the attackers.
The passive attacker’s role is also to get the information of the user but without altering the
information.
Active attackers can be detected because it is usually accompanied with change or alteration
of the information but on the other hand passive attackers are very much difficult to detect
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
5INFORMATION SECURITY
because they hardly change any information, they just receive the information and use them for
their personal benefit (Ryder, 2016).
In this case the attackers are the Active attackers who can be detected easily if the user. If a
particular use has fallen in the trap there are steps that can be used in order to prevent the attack.
The user has to go the Google permission account page and ideally remove all the access
privileges for the evil Google Doc account (Marsh, 2017). On the other hand it does not appear
at this point that there can be a malware payload included with the message received by the user
but it can be considered that there are chances of having it. What can be made clear is that this
message is spreading like a wildfire and the attackers are going to harvest a list of account in
order to procure a future attack. Google has implemented few updates on the system through
safe browsing and the team which is involved in controlling such abuse is still working in order
to prevent such attacks in the near future. Fake pages are also removed in order to decrease the
risk of the attack (Alazab & Broadhurst, 2017).
In order to protect the users Google has implemented a protection scheme through a
combination of automatic and manual section including removing the fake applications and
pages (Ryder, 2016). The company was able to stop the campaign in within an hour or so. With
regards to the user, the user does not have to take any more action regarding the event; the main
aspect of the event was the third party application still if the user wants to use the third party
application they can have access to them by visiting Google Security Checkup (Khosla & Dubey,
2016).
because they hardly change any information, they just receive the information and use them for
their personal benefit (Ryder, 2016).
In this case the attackers are the Active attackers who can be detected easily if the user. If a
particular use has fallen in the trap there are steps that can be used in order to prevent the attack.
The user has to go the Google permission account page and ideally remove all the access
privileges for the evil Google Doc account (Marsh, 2017). On the other hand it does not appear
at this point that there can be a malware payload included with the message received by the user
but it can be considered that there are chances of having it. What can be made clear is that this
message is spreading like a wildfire and the attackers are going to harvest a list of account in
order to procure a future attack. Google has implemented few updates on the system through
safe browsing and the team which is involved in controlling such abuse is still working in order
to prevent such attacks in the near future. Fake pages are also removed in order to decrease the
risk of the attack (Alazab & Broadhurst, 2017).
In order to protect the users Google has implemented a protection scheme through a
combination of automatic and manual section including removing the fake applications and
pages (Ryder, 2016). The company was able to stop the campaign in within an hour or so. With
regards to the user, the user does not have to take any more action regarding the event; the main
aspect of the event was the third party application still if the user wants to use the third party
application they can have access to them by visiting Google Security Checkup (Khosla & Dubey,
2016).
6INFORMATION SECURITY
References
Alazab, M., & Broadhurst, R. (2017). An Analysis of the Nature of Spam as Cybercrime. In
Cyber-Physical Security (pp. 251-266). Springer International Publishing.
Khosla, P., & Dubey, P. (2016). Survey Paper on Cyber Crime: A Threat to National Security.
IITM Journal of Management and IT, 7(1), 62-65.
Liang, G., Weller, S. R., Zhao, J., Luo, F., & Dong, Z. Y. (2017). The 2015 ukraine blackout:
Implications for false data injection attacks. IEEE Transactions on Power Systems, 32(4),
3317-3318.
Marsh, D. (2017). Are Ethical Hackers the Best Solution for Combating the Growing World of
Cyber-Crime? (Doctoral dissertation, University Honors College, Middle Tennessee State
University).
Paté‐Cornell, M., Kuypers, M., Smith, M., & Keller, P. (2017). Cyber Risk Management for
Critical Infrastructure: A Risk Analysis Model and Three Case Studies. Risk Analysis.
Ryder, N. (2016). Cyber crime and terrorist financing.
References
Alazab, M., & Broadhurst, R. (2017). An Analysis of the Nature of Spam as Cybercrime. In
Cyber-Physical Security (pp. 251-266). Springer International Publishing.
Khosla, P., & Dubey, P. (2016). Survey Paper on Cyber Crime: A Threat to National Security.
IITM Journal of Management and IT, 7(1), 62-65.
Liang, G., Weller, S. R., Zhao, J., Luo, F., & Dong, Z. Y. (2017). The 2015 ukraine blackout:
Implications for false data injection attacks. IEEE Transactions on Power Systems, 32(4),
3317-3318.
Marsh, D. (2017). Are Ethical Hackers the Best Solution for Combating the Growing World of
Cyber-Crime? (Doctoral dissertation, University Honors College, Middle Tennessee State
University).
Paté‐Cornell, M., Kuypers, M., Smith, M., & Keller, P. (2017). Cyber Risk Management for
Critical Infrastructure: A Risk Analysis Model and Three Case Studies. Risk Analysis.
Ryder, N. (2016). Cyber crime and terrorist financing.
7INFORMATION SECURITY
Part B
What was the problem?
WannaCry is mainly a global cyber-attack which was mainly initiated in order to target
the computer system which mainly runs on window based operating system. However the
numbers of casualties were less related to Windows 7. This was mainly a virus. The main
intention of the attack was that the virus would encrypt all the files and other information in the
computer system and then it would directly ask for ransom in order to decrypt the files in the
computer system (Morehouse et al., 2017). The ransom was asked in the form of Bit coin Crypto
currency. It was estimated that the virus had infected in more than 230000 computers all over the
world in nearly 150 countries across the globe. The virus had also affected some of the most
notable organizations across the globe. According to the web security researchers it was found
that the process could have been slowed down by registering a domain name, which can be
founded out from inside the code of the virus. The virus was considered to be a network worm
which had the ability to transport itself and it mainly used EthernalBlue exploit in the window
system to gain the access over it. The files which were encrypted with the virus usually displayed
a random note from the creator demanding Bitcoin random. Microsoft created security patches
for the entire window version in the market and some emergency security patches were released
the next day of the attack for the computer running on window 7 and window 8 (Nayak, Mishra
& Ram, 2016).
Who were affected and how?
The victims of the attack range were huge. The hospitals were the most critical victims
of the case. In a number of hospitals the radiology machines broadcasted the wannaCry massage
Part B
What was the problem?
WannaCry is mainly a global cyber-attack which was mainly initiated in order to target
the computer system which mainly runs on window based operating system. However the
numbers of casualties were less related to Windows 7. This was mainly a virus. The main
intention of the attack was that the virus would encrypt all the files and other information in the
computer system and then it would directly ask for ransom in order to decrypt the files in the
computer system (Morehouse et al., 2017). The ransom was asked in the form of Bit coin Crypto
currency. It was estimated that the virus had infected in more than 230000 computers all over the
world in nearly 150 countries across the globe. The virus had also affected some of the most
notable organizations across the globe. According to the web security researchers it was found
that the process could have been slowed down by registering a domain name, which can be
founded out from inside the code of the virus. The virus was considered to be a network worm
which had the ability to transport itself and it mainly used EthernalBlue exploit in the window
system to gain the access over it. The files which were encrypted with the virus usually displayed
a random note from the creator demanding Bitcoin random. Microsoft created security patches
for the entire window version in the market and some emergency security patches were released
the next day of the attack for the computer running on window 7 and window 8 (Nayak, Mishra
& Ram, 2016).
Who were affected and how?
The victims of the attack range were huge. The hospitals were the most critical victims
of the case. In a number of hospitals the radiology machines broadcasted the wannaCry massage
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8INFORMATION SECURITY
and in many hospitals there were delay in surgery procedures, cancellation of appointment and a
huge mess was created in this field. FedEx a package delivery company had stated that they had
to delay the delivery of their packages due to the attack (Babu & Sasankar, 2017). The virus also
affected the telecom providers, interior ministry and the Russian railways system. There was no
count on how many systems were attacked and how much damage was made in the scenario. In
some cases the attack just made some impact just as in the case of Hitachi, it was stated that the
attack was from a virus but the causalities were kept at a minimum range which could not
produce too much of harm in respect to the organization (Komar et al., 2016). Media online a
company which deals with the digital display in Singapore shopping mall was also one of the
victims of the WannaCry attack. The affect of the attack was that the kiosks in the two mall
which was under their operation starting showing the ransom pop up window. This is very
awkward from the point of view of the company because it was directly effecting the impression
of the company with regards to the attack that took the entire globe into a confusing scenario.
How as the attack carried out?
The attack was initiated by a European by opening a compressed zip file. The attack
needed some modification before it can be produced over the network and the harm can be
produced. There were many steps involved in the process in order to procure into the network
system of the internet (Michael, 2017). The command in the coding ordered the virus to create a
contact with a website. On the other hand the link was inaccessible because there were no such
code but it went unnoticeable for a few hours. This helped it to gain time to infect all the other
computing system through the help of the network. After the rooting scheme it instructed the
system code to check the file sharing of the computer system. In order to know the system in-
depth it used a preprocessed tool named EthernalBlue (Nayak, Mishra & Ram, 2016).This
and in many hospitals there were delay in surgery procedures, cancellation of appointment and a
huge mess was created in this field. FedEx a package delivery company had stated that they had
to delay the delivery of their packages due to the attack (Babu & Sasankar, 2017). The virus also
affected the telecom providers, interior ministry and the Russian railways system. There was no
count on how many systems were attacked and how much damage was made in the scenario. In
some cases the attack just made some impact just as in the case of Hitachi, it was stated that the
attack was from a virus but the causalities were kept at a minimum range which could not
produce too much of harm in respect to the organization (Komar et al., 2016). Media online a
company which deals with the digital display in Singapore shopping mall was also one of the
victims of the WannaCry attack. The affect of the attack was that the kiosks in the two mall
which was under their operation starting showing the ransom pop up window. This is very
awkward from the point of view of the company because it was directly effecting the impression
of the company with regards to the attack that took the entire globe into a confusing scenario.
How as the attack carried out?
The attack was initiated by a European by opening a compressed zip file. The attack
needed some modification before it can be produced over the network and the harm can be
produced. There were many steps involved in the process in order to procure into the network
system of the internet (Michael, 2017). The command in the coding ordered the virus to create a
contact with a website. On the other hand the link was inaccessible because there were no such
code but it went unnoticeable for a few hours. This helped it to gain time to infect all the other
computing system through the help of the network. After the rooting scheme it instructed the
system code to check the file sharing of the computer system. In order to know the system in-
depth it used a preprocessed tool named EthernalBlue (Nayak, Mishra & Ram, 2016).This
9INFORMATION SECURITY
software was stolen from the National Security Agency of the United States and as result of
which it was leaked online and its result was affecting many areas. With the use of the software
EthernalBlue the virus exploited the loophole in the coding of the window operating system
(Renaud, 2017).
What could have been done to prevent the attack?
In order to safe a system from such a virus there can be many steps. The operating
system should be kept updated all the time with the installation of the most recent security
patches. The window update option should be kept on all the time. A ransomware blocker should
be kept active all the time in the window operating system since the window operating system
are mostly the victims in this case. The 445 port should be blocked if the operating system has
not been installed in the system (Pei et al., 2016).
There can be many advantages that can be included in the field of internet access but on
the other hand there can be many disadvantages as well. The user should be extra conscious
about the fake aspect carried out over the internet which is merely used by the attackers in order
to achieve their individual goals (Nayak, Mishra & Ram, 2016). The individual company is
implementing much security aspect in every sphere of internet technology so that the user can be
free from any threat like activity.
software was stolen from the National Security Agency of the United States and as result of
which it was leaked online and its result was affecting many areas. With the use of the software
EthernalBlue the virus exploited the loophole in the coding of the window operating system
(Renaud, 2017).
What could have been done to prevent the attack?
In order to safe a system from such a virus there can be many steps. The operating
system should be kept updated all the time with the installation of the most recent security
patches. The window update option should be kept on all the time. A ransomware blocker should
be kept active all the time in the window operating system since the window operating system
are mostly the victims in this case. The 445 port should be blocked if the operating system has
not been installed in the system (Pei et al., 2016).
There can be many advantages that can be included in the field of internet access but on
the other hand there can be many disadvantages as well. The user should be extra conscious
about the fake aspect carried out over the internet which is merely used by the attackers in order
to achieve their individual goals (Nayak, Mishra & Ram, 2016). The individual company is
implementing much security aspect in every sphere of internet technology so that the user can be
free from any threat like activity.
10INFORMATION SECURITY
References
Babu, C. M., & Sasankar, A. B. (2017). Intrusion Detection Systems for Mobile Ad-Hoc
Networks. International Journal, 5(5).
Komar, M., Sachenko, A., Kochan, V., & Skumin, T. (2016, April). Increasing the resistance of
computer systems towards virus attacks. In Electronics and Nanotechnology (ELNANO),
2016 IEEE 36th International Conference on (pp. 388-390). IEEE.
Michael, D. (2017). Virus Wanna Cry là gì và phòng tránh?| Michael Duy.
Morehouse, M. A., Lovecký, T., Read, H., & Woodman, M. (2017). Quantify? or, Wanna Cry?
Integrating Methods Training in the IR Classroom. International Studies Perspectives,
18(2), 225-245.
Nayak, P. K., Mishra, D., & Ram, S. (2016). Attack of malicious objects in computer network
under antivirus and quarantine defence. International Journal of Applied Engineering
Research, 11(9), 6250-6253.
Pei, Y., Pei, H., Liang, X., & Zhu, M. (2016). Optimal control of a computer virus model with
network attacks. Communications in Mathematical Biology and Neuroscience, 2016,
Article-ID.
Renaud, K. (2017). It makes you Wanna Cry.
References
Babu, C. M., & Sasankar, A. B. (2017). Intrusion Detection Systems for Mobile Ad-Hoc
Networks. International Journal, 5(5).
Komar, M., Sachenko, A., Kochan, V., & Skumin, T. (2016, April). Increasing the resistance of
computer systems towards virus attacks. In Electronics and Nanotechnology (ELNANO),
2016 IEEE 36th International Conference on (pp. 388-390). IEEE.
Michael, D. (2017). Virus Wanna Cry là gì và phòng tránh?| Michael Duy.
Morehouse, M. A., Lovecký, T., Read, H., & Woodman, M. (2017). Quantify? or, Wanna Cry?
Integrating Methods Training in the IR Classroom. International Studies Perspectives,
18(2), 225-245.
Nayak, P. K., Mishra, D., & Ram, S. (2016). Attack of malicious objects in computer network
under antivirus and quarantine defence. International Journal of Applied Engineering
Research, 11(9), 6250-6253.
Pei, Y., Pei, H., Liang, X., & Zhu, M. (2016). Optimal control of a computer virus model with
network attacks. Communications in Mathematical Biology and Neuroscience, 2016,
Article-ID.
Renaud, K. (2017). It makes you Wanna Cry.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.