Information Security Report: OU Security Breach and WannaCry Attack

Verified

Added on 2020/03/04

AI Summary

This report provides a comprehensive analysis of two significant information security incidents: the University of Oklahoma (OU) data breach and the WannaCry ransomware attack. Part A examines the OU data breach, which occurred due to lax security measures on the university's file-sharing system, leading to the accidental release of thousands of student records, violating FERPA. It details the affected parties, the attack's execution, and preventive measures such as improved training, encryption, intrusion detection, and regular system assessments. Part B focuses on the WannaCry ransomware attack, a global cyberattack that encrypted computer files and demanded ransom, impacting numerous organizations and countries. The analysis covers the attack's spread, affected entities (including the NHS, FedEx, and various universities), the attack's methodology (exploiting the EternalBlue vulnerability), and potential preventive measures like patching vulnerabilities, implementing kill switches, and promoting robust cybersecurity practices.

Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
INFORMATION SECURITY
Table of Contents
Part A.........................................................................................................................................2
What was the problem?......................................................................................................2
Who were affected and how?.............................................................................................2
How was the attack carried out?........................................................................................3
What could have been done to prevent the attack?............................................................3
References..............................................................................................................................4
Part B..........................................................................................................................................5
What was the problem?......................................................................................................5
Who were affected and how?.............................................................................................6
How was the attack carried out?........................................................................................7
What could have been done to prevent the attack?............................................................8
References..............................................................................................................................8

2
INFORMATION SECURITY
Part A
What was the problem?
The University of Oklahoma (OU) had had a security breach on June 14, 2017. It had
accidently released thousands of records concerning its students from 2012. The breach
occurred from the campus file sharing system. The act prompted a violation in the federal
law. The OU Daily found the data breach. The daily shared with the vice president that the
breach had occurred (Ablon et al., 2016). The vice president reported that the OU
Information Technology (IT) department had known the breach long before and were
working to secure the files that had been breached. Though the IT team had not found any
evidence that there had been a breach in the system but they had looked into the matter as
how the files and been made accessible to individuals who have even claimed that they had
downloaded them (Kwon & Han, 2017). The Daily did not suggest that there had been an
outside breach in the security but they rather stated that the lax security measure of the server
made the users to access educational records, which was not allowed. Among the 29,000
records disclosed there were many instances that showed that personal and sensitive
information related to the students of the university were disclosed. Such disclosure of record
violated the Family Educational Rights and Privacy Act (FERPA) that helped the students to
control the sharing of their personal details. The education board said that the files were
disclosed unintentionally. Thus, the FERPA was not violated as such offence can make the
federal funding of the university to be pulled away (Young, 2014).
Who were affected and how?
The security breach in the system of the university prompted thousands of university
to be affected. The possible risk was the fact of personal information falling into the wrong
hands. Information of more than 29,000 students of the university had been leaked. The

3
INFORMATION SECURITY
information consisted of personal details, financial status and social security number. The
system was immediately shut down once the files were found to be accessible by any one.
However, universities have a directory information file which stores limited information on
the students on the university (Kuo & Varki, 2014). Violation of any kind of law would have
made the organization to fall into the trap FERPA.
How was the attack carried out?
The attack was not something, which had to be carried out by an outsider. The
security breach was made from inside. The files are to be kept safe on the university’s server
and to be made accessible to the person with the correct access credentials. The IT
department of the University overlooked this fact. They found that someone on the inside
made the files public. The files were made available to anyone using the University’s email
system. The OU had changed their server from SharePoint to the Cloud Servers (Federgreen
& Sachs, 2015). They university was aware of which file were to be made public for the
students. A single button click on the ou.edu email website would lead the user to the cloud
server used by the university: Delve. Delve is a network operated platform that shows the
user what they are working on or what the other students are working on. Anyone with an OU
email file server is liable to get access to Delve. On searching the keywords in the search bar,
the files would be made available to the user. Four spreadsheets containing financial
information from the classes of 2012 - 2013, 2013 - 2014, 2014 - 2015 and 2015 - 2016. All
types of financial information related to the student and the grades he or she had relieved
during the time were exposed. For the 500 international students of the University their Visa
details were also exposed in the breach.
What could have been done to prevent the attack?
To remove such data breaches to occur in the university to occur the university the
following can be followed:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
INFORMATION SECURITY
 Providing training to the insiders who work in the IT department so that mistakes related
to the data breaches can occur less.
 Using encryption on the files that are being stored in the server of the organization.
 Intrusion detection in the system and measures to prevent them from happening is
essential for the organization to follow (Gao, Zhong & Mei, 2015).
 Using proper content filtering techniques on the files saved in the system can help in
reducing data breaches. Using such filtering methods can help in stopping data to be
exploited by the drive by downloaders.
 Regular assessment of the vulnerability of the server system should be done. It would be
better for the security of the systems if the checking were done on a weekly basis.
 The IT department should comprehensively do security patching on a regular basis. The
most common mistake done by the IT workers is to turn the security patch updater off
(Gray, 2015).
 The university should setup a system monitor program to check the behavior of the
insiders. This helps in blocking of the university’s sensitive information from being
shown to the common people.
 Many of the data breaches occur due to the theft of the informations. To have a remote
secure backup device for the system files is effective in times of despair.
 Create an effective cyber risk plan for the organization, which can be followed during the
event of a security breach.
References
Ablon, L., Heaton, P., Lavery, D., & Romanosky, S. (2016). Data Theft Victims, and Their
Response to Breach Notifications.
Federgreen, W. R., & Sachs, F. E. (2015). U.S. Patent Application No. 14/618,434.

5
INFORMATION SECURITY
Gao, X., Zhong, W., & Mei, S. (2015). Security investment and information sharing under an
alternative security breach probability function. Information Systems Frontiers, 17(2),
423-438.
Gray, M. F. (2015). U.S. Patent No. D746,305. Washington, DC: U.S. Patent and Trademark
Office.
Kuo, H. C., & Varki, S. (2014). Are Firms Perceived As Safer After an Information Breach?.
ACR North American Advances.
Kwon, S. M., & Han, C. H. (2017). Empirical Investigation on Information Breach Effect on
the Market Value of the Firm: Focused on Source and Long Term Performance.
Journal of Society for e-Business Studies, 21(2).
Young, E. (2014). Educational privacy in the online classroom: FERPA, MOOCs, and the big
data conundrum. Harv. JL & Tech., 28, 549.
Part B
What was the problem?
During the period of 12th of May 2017 and 15th of May 2017, a global scale cyber-
attack was initiated targeting computers running Windows based operating systems. The
virus was named WannaCry ransom ware (Chakravartula, & Lakshmi, 2017). The virus
would encrypt all the files of the computer system it attacked and then would ask for ransom
for decryption in the form of Bit coin Crypto currency. On the first day of the attack, the virus
had infected more than 230,000 computers in around 150 countries across the globe. The
virus had affected many notable organizations across the globe. Web security researchers
found that the process could be slowed down by registering a domain name, which was found
inside the code of the virus (Wirth, 2017). However, newer versions started to come out

6
INFORMATION SECURITY
which was deprived of such a kill switch. Many researchers found ways to decrypt certain
files without paying any ransom. Microsoft created security patches for all the windows
versions in the market, some emergency security patches were released the next for
computers running on Windows 7 and Windows 8. The older version of Windows like
Windows XP and server 3003 were the ones to get affected first. However, the number of
casualties were less related to Windows 7. The virus was considered a network worm, which
had the ability to transport itself, and used EthernalBlue exploit in Windows systems to gain
access (Renaud, 2017). The files encrypted by the virus displayed a ransom note from the
creators demanding Bit coin ransom. Once it gained access it used DoublePulsar to install in
the computers system and execute a copy of the virus.
Who were affected and how?
The most notable Wannacry victims are:
 National Health Service, UK: The WannaCry virus had forced delays in surgery,
appointment cancellation, hit the hospital and a huge mess was created in the hospital.
 US hospitals: There was no count on how many hospitals were attacked but a serious
number of hospitals showed that the radiology machines broadcasted the WannaCry
message (Mohurle & Patil, 2017).
 FedEx: The logistics company reported that they had to delay the delivery of the packages
due to the ransom ware attack.
 Nissan: When Nissan was attacked, it shut down all the factories to avoid further spread
of the virus.
 Russia: The WannaCry virus hit all Telecom providers, interior ministry and the Russian
railway system. There was no count on how many systems were attacked but there was a
lot of damage caused.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
INFORMATION SECURITY
 Police in India: Andhra Pradesh in India reported mostly 25% of the police computers
were affected. The systems were taken offline to prevent data loss.
 Chinese Universities: The WannaCry virus affected more than 100,000 university
computers across china. This was because about 70% of the software’s used in China are
from the black market. There are no updates provided for such bootlegged software’s and
OS’s.
 Hitachi: The Japanese organization reported that it had faced attack from the virus but the
casualties were kept at minimum.
 Chinese Police: The Chinese Public Security Bureau had been affected by the virus and
even forced a police station to go offline.
 Renault: Among all other victims Renault also reported being attacked by the virus but
the casualties were not reported by the organization.
How was the attack carried out?
The first attack was done in the form of injection around 8:24am of London time on
12th of May 2017. A European opened a compressed zip, which initiated the WannaCry
virus. The first initiation needed some housekeeping on the part of the virus to be performed
before it could replicate over the network. A command in the coding told the virus to contact
an obscure website (Martin, Kinross & Hankin, 2017). The link was inaccessible as it did not
exist and the code told it to carry on with the attack. This step was to become the kill switch
of the virus but it would be unnoticeable for a few hours. This provided it time to infect all
other computers through the help of network. After rooting itself into the system the code
then told the virus to check the file sharing system of the computer. To know the system
better the virus used an already constructed spying tool named EternalBlue. The software was
stolen from the National Security Agency of US and was leaked online. With the help of this
software, the virus exploited the loophole in the coding of the Windows system. The loophole

8
INFORMATION SECURITY
allowed the virus to spread itself using the file sharing property like dropboxes and shared
drives without taking permission from the user. It took some time and then the initial attack
virus spread using the file sharing system (Kuner et al., 2017). Spain’s Telefónica was the
first company to announce the attack of the WannaCry virus. After lunch on the same day a
computer analyst fund the kill switch in the virus code and went to the website. He bought the
domain and activated it. This caused the virus to visit the website whenever it would start
attacking a computer. This caused the virus to fallout.
What could have been done to prevent the attack?
To safeguard one’s self from such ransom ware virus, one should follow the following
steps:
 To keep the Windows based OS updated at all time.
 To turn on the Windows Update option on their system.
 To install an active ransom ware blocker in their system.
 To block the port 445 for better security if the OS patches has not been installed in the
system (Collier, 2017).
 To keep out an eye for all the updates that are being launched.
References
Chakravartula, R. N., & Lakshmi, V. N. (2017). Combating Malware with Whitelisting in
IoT-based Medical Devices. International Journal of Computer Applications, 167(8).
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Kuner, C., Svantesson, D. J. B., H Cate, F., Lynskey, O., & Millard, C. (2017). The rise of
cybersecurity and its impact on data protection. International Data Privacy Law, 7(2),
73-75.

9
INFORMATION SECURITY
Martin, G., Kinross, J., & Hankin, C. (2017). Effective cybersecurity is fundamental to
patient safety.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack
2017. International Journal, 8(5).
Renaud, K. (2017). It makes you Wanna Cry.
Wirth, A. (2017). It's Time for Belts and Suspenders. Biomedical Instrumentation &
Technology, 51(4), 341-345.