MN604 IT Security Management: Analyzing Security Breaches & Solutions

Verified

Added on 2023/06/11

AI Summary

This report provides a detailed analysis of information security management, focusing on network attacks and the WannaCry ransomware incident. It begins by examining Distributed Denial of Service (DDoS) attacks, using the case study of Boston Children's Hospital to illustrate how these attacks work, their impact, and potential mitigation strategies. The report then delves into the WannaCry ransomware attack, discussing its propagation, impact on organizations, and the roles of incident response planning, disaster recovery planning, and business continuity planning. Furthermore, it offers practical steps to protect personal computers from WannaCry and similar attacks, highlighting lessons learned from the incident. The report concludes with a memo addressing organizational security breaches, recommending improved security policies and contractor oversight to prevent future incidents. The report emphasizes the importance of proactive security measures, incident response planning, and continuous monitoring to safeguard against evolving cyber threats. Desklib offers similar solved assignments and resources for students.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
INFORMATION SECURITY MANAGEMENT
Part 1: Network Attacks
Name of attack: Distributed Denial of Service Attack or DDoS
Type of attack: Computer Network Attacks
Dates of attacks: March 20, 2014 and February 28, 2018
Computers / Organizations affected: Distributed Denial of Service attacks on the GitHub
Website and Distributed Denial of Service Attacks on
the Boston Children's Hospital
How it works and what it did:
The Denial of Service attacks or DoS attack is the specific cyber attack, where the attacker seeks into
the machine for making it completely unavailable to the respective users by significantly disrupting all
the services of any host that is connected to the connection of Internet. The DDoS attack or
distributed denial of service is the specific incoming traffic that is eventually flooded with the victim
that is originating from several sources. Hence, it makes it absolutely impossible ins topping this
attack by means of blocking any single source.
The Denial of Service or DoS attack is subsequently considered as one of the most deadly weapons,
which is being utilized for the purpose of attacking several companies as well as networks in
computer. The provided case study in this particular account is the specific and popular case study of
the Boston Children’s Hospital. The hospital was substantially attacked by the DDoS or Distributed
Denial of Service attack within the year of 2014 [1]. This Denial of Service or DoS attack is the attack,
which makes information or data completely unavailable to all the intended hosts and available to
unauthorized users. There can be various strategies as well as methods for carrying out these types
of DoS attacks. The major works of these DoS attacks are the entering into the network of victim and
get significant access of network of the victim. This DoS attack even makes this network unavailable
for the rest of the clients. This network is eventually made unavailable with the help of several
numbers of IP packets. The next method, which the hacker could attack any victim by utilizing DoS or
Denial of Service attack is simply by making various loopholes and thus making this network
absolutely unstable. There are various other denial of service attacks, which are majorly carried out
within the level of application and thus disturbing the normal functionality of this service. All of these
attacks significantly had crashed the Wen Browser, email application or media player [1].
The specific attack that took place within the popular Boston Children’s Hospital was a type of denial

2
INFORMATION SECURITY MANAGEMENT
of service attack. This attack was taken place in three distinct strikes. On March 20 in the year 2014,
the specific information technology group of this Boston Hospital received a threatening message
over their Twitter account. This message was solely related to this case for the case of child custody
of a particular 15 years old girl, who had been diagnosed by the protective services of Massachusetts.
This particular message, which was received by the hospital, was regarding return of the girl to her
family only after making various activities against these clinicians [1]. These attackers who had sent
the message even posted some of the personal and confidential information that involved email
address, home address contact number and many more about some of these people that were
involved.
The very first phase of this attack occurred on April 2014. Within this Strike 1 of the DDoS attack, all
the attackers had attacked the respective external website of this hospital.
The next phase of this attack occurred once again in one week. It is eventually considered as the
attack of Strike 2 of this hospital. The attack that involved the fragmented of TCP, reflection flood of
DNS, and all floods that are out of the state.
Within the attack of strike 3 of this Distributed Denial of Service, all of these attacks were at their
peaks. This third attack was significantly four times more dangerous than the second attack. All the
attackers utilized emails of spear phishing for the purpose of luring all the recipients to click on their
links or to open the attachments. This had helped attacker in granting major access to their network
behind the antivirus or firewall in this hospital.
Mitigation options:
When the hospital management knew regarding the threat, they became extremely conscious. The
typical team of management of this famous Boston Children’s Hospital initiated the typical team of
response that is multi disciplinary. This team quickly accessed all the services, which are likely to be
compromised or to be lost when this hospital has lost their respective internet connection. The
incorrect thing, which this hospital made, was that they had not undertaken any preventive measure
before this attack of the DoS or denial of services. Three distinct impacts were recognized by this
team.
They did not have the ability for routing prescriptions electronically for all the pharmacies.
There were email downtimes for each and every department that were the one and only serious
procedure for all of their functionalities.

3
INFORMATION SECURITY MANAGEMENT
They did not have the ability for accessing the remote Electronic Health Records or EHR within the
server.
This hospital summons a response team that is emergency; for properly mitigating as well as using
the scrubbing centre of Radware to significantly handle the higher rates of the Distributed Denial of
Service attacks.
Since there were no such specific way of the attack of distributed denial of service. This is the system
which sub divides the specific system in protocol, volumetric and finally application attacks.
References:
[1]"DDoS Case Study: DDoS Attack Mitigation Boston Children’s Hospital", Security.radware.com,
2018. [Online]. Available: https://security.radware.com/ddos-experts-insider/ert-case-studies/
boston-childrens-hospital-ddos-mitigation-case-study/. [Accessed: 01-June- 2018].

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
INFORMATION SECURITY MANAGEMENT
Part 2: Wanna Cry Ransomware Attack
Question 1: How it works and what it did?
In May 2017, the WannaCry ransomware attacked more than 230000 computers were
affected in 150 countries [2]. The hackers encrypted the files and demanded for 300 dollars to
decrypt them. Later they increased their demand to 600 dollars. The major affected area was
National Health Service in Britain.
Question 2: How this attack is propagated?
More than 230000 computers were affected in 150 countries. The hackers of the WannaCry
attack executed this attack by means of exploitation of the vulnerabilities of EternalBlue in the
operating system of OS [4]. This WannaCryRansonware attack impacted many leading organizations
in various countries. The entire cyber world was shaken due to this.
Question 3: Impact of this attack on the operation of an organization and their mitigations
The major impact of the WannaCry ransomware was done by the cyber weapon, stolen from
NSA. It eventually instructed every employee for not opening any file and not logging in for two
specific hours [1]. Moreover, this attack affected the NHS hospital’s computer systems by blocking
every file with the help of encryption. The demanded for 300 dollars for this attack.
Every company, who has the chance of facing WannaCry ransomware must install antivirus
software within their systems for detecting malware [10]. This would stop the hackers in hacking the
data and prevent the hackers from entering into the system.
Question 4: Duty of the Incident Response Planning, DR Planning, BCP
The team of incident response planning is the most efficient for helping the companies in
response of the incidents for having three important functions. CSIRT or Computer Security
Incidence Response Team should be present within the company with experts for public
communication and legal matters [7]. This CSIRT comprises of a group, which helps in executing
technical aspects for the plan if incidence response. All the team members are majorly responsible
to detect, eradicate the various cyber incidents as well as the containment of all cyber attacks.
The team for DR is the major factor for disaster recovery for the business continuity efforts.
For the purpose of disaster recovery, CIO of the company should be involved with a senior manager
of information technology [11]. Various attacks could be mitigated within the help of DR planning.

5
INFORMATION SECURITY MANAGEMENT
BCP involves every essential function, which is required within any business for the proper
identification of processes and also for maintaining and sustaining the systems [9]. BCP is effective
for any type of cyber attack or natural disaster.
Question 5: What steps can you take to protect your own PC or laptop computer from WannaCry
attack and other attacks?
For the protection of the system from the attacks of WannaCry ransomware, the specific
user requires keeping each and every application and software, which could be included within the
upgraded system [5]. The ransomware of WannaCry is not feasible for attacking any system that
comprises of the upgraded software. The typical operating system within every system must be kept
up to date. This user, who is utilizing the computer system or laptop, antivirus software must be
present for the proper detection any type of vulnerability within their system. Any type of suspicious
activity is detected by this software [8]. Avast antivirus is one of the most significant software that
could be utilized to control the network traffic by typical connection parameters.
Question 6: Lessons learned from this malware incident
The various lessons that could be learnt from this WannaCry ransomware attack is that each
and every organization must utilize several preventive measures for the prevention of the
ransomware attack for removal of these attacks in system [6]. All these companies should always
protect the systems from these attacks of ransomware. There must be good software of anti
malware and antivirus to protect all their system from these attacks.
Question 7: Whom to contact if Australian Business faces this type of attack?
When this specific type of attack occurs within the Australian business, they should contact
the team of ACSC or Australian Cyber Security Centre at first. This ACSC is the government agency,
which helps in bringing all the abilities of cyber security [3]. The particular organization must
implement DR Planning or disaster recovery planning and IPR or incident response planning for the
purpose that the company never faces any further attacks within their business.

6
INFORMATION SECURITY MANAGEMENT
Part 3: Memo of Case Study
MEMO
To:
From:
Date:
Subject: Significant discussion regarding serious situations of the organization and highlighting the
major breaches, which include ITSec recommendations
The organizational auditor is searching for the countless situations of information securities within
all of their procedures. This particular organization was lacking in coordination of security policies as
well as each and every policy that was involved within the company and was not properly followed.
A specific contractor of the organization has requested for the TMS server address on the phone.
This auditor has also found that this administrator had given the respective server address to the
contractor since this contractor was eventually up grading the system of server. This typical fact
might be bringing a significant problem within the company in near future that is solely related to
browser data breaching or even denial of service or DoS data breaching [10]. This organization might
be losing all of their data for this reason.
The most suitable and significant recommendation or suggestion that this auditor could give to the
organization is keeping proper look or track over each and every activity, which the contractor of
server is following.
Hence, it could be clearly mentioned that this data was stolen for sure by this contractor, who was
recruited for the perfect up gradation of their system of network [6]. This organization requires
proper system management for the breaching of data so that this company can mitigate them easily.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
INFORMATION SECURITY MANAGEMENT
References
[1] Mohurle, Savita, and ManishaPatil. "A brief study of wannacry threat: Ransomware attack
2017." International Journal 8, no. 5 (2017).
[2] Berr, J. "‘WannaCry’Ransomware Attack Losses Could Reach $4 Billion." CBS News 16 (2017).
[3] J. Fruhlinger, "What is WannaCryransomware, how does it infect, and who was
responsible?", CSO Online, 2018. [Online]. Available:
https://www.csoonline.com/article/3227906/ransomware/what-is-wannacry-ransomware-how-
does-it-infect-and-who-was-responsible.html. [Accessed: 01-June- 2018].
[4] Hasan, Mosin, NileshPrajapati, and SafvanVohara. "Case study on social engineering techniques
for persuasion." arXiv preprint arXiv:1006.3848 (2010).
[5] Kvedar, Derek, Michael Nettis, and Steven P. Fulton. "The use of formal social engineering
techniques to identify weaknesses during a computer vulnerability competition." Journal of
Computing Sciences in Colleges 26, no. 2 (2010): 80-87.
[6] Von Solms, Rossouw, and Johan Van Niekerk. "From information security to cyber
security." computers & security38 (2013): 97-102.
[7] Wang, Wenye, and Zhuo Lu. "Cyber security in the smart grid: Survey and challenges." Computer
Networks 57, no. 5 (2013): 1344-1371.
[8] Hahn, Adam, Aditya Ashok, Siddharth Sridhar, and Manimaran Govindarasu. "Cyber-physical
security testbeds: Architecture, application, and evaluation for smart grid." IEEE Transactions on
Smart Grid 4, no. 2 (2013): 847-855.
[9] Amin, Saurabh, Xavier Litrico, Shankar Sastry, and Alexandre M. Bayen. "Cyber security of water
SCADA systems—Part I: Analysis and experimentation of stealthy deception attacks." IEEE
Transactions on Control Systems Technology 21, no. 5 (2013): 1963-1970.
[10] Elmaghraby, Adel S., and Michael M. Losavio. "Cyber security challenges in Smart Cities: Safety,
security and privacy." Journal of advanced research 5, no. 4 (2014): 491-497.
[11] Dunn Cavelty, Myriam. "From cyber-bombs to political fallout: Threat representations with an
impact in the cyber-security discourse." International Studies Review 15, no. 1 (2013): 105-122.
[12] Sou, Kin Cheong, Henrik Sandberg, and Karl Henrik Johansson. "On the exact solution to a smart
grid cyber-security analysis problem." IEEE Transactions on Smart Grid4, no. 2 (2013): 856-865.