Analysis of ACSC Case Study: Malware Attacks on Web Hosting Providers

Verified

Added on 2022/09/14

AI Summary

This case study analyzes the ACSC report on malicious activities targeting web hosting providers, focusing on malware like 'Ghost' and RID hijacking techniques. It explores the tools, techniques, and procedures (TTPs) used by attackers, including initial access methods, privilege escalation, and post-exploitation activities such as cryptocurrency mining, SEO manipulation, and denial-of-service attacks. The analysis compares the incident with the Verizon Data Breach report, highlighting the technical and business impacts on affected organizations, including data breaches and loss of customer trust. The study also details potential mitigation strategies for both hosting providers and their customers, such as updating operating systems, implementing application whitelisting, resetting credentials, and monitoring website modifications. The ACSC's recommendations emphasize the importance of enhanced security measures, employee training, and the adoption of web shell adaptations to safeguard against future attacks. This comprehensive overview provides valuable insights into the vulnerabilities and protective measures within the web hosting ecosystem.

Running head: ACSC CASE STUDY AND DISCUSSION
MALWARE AFFECTING WEB HOSTING PROVIDERS
[Enter Name of Student:]
[Enter Name of the University:]
[Author Note:]

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1ACSC CASE STUDY AND DISCUSSION
ACSC threat lifecycle and MITRE ATTACK framework –
The MITRE ATTACK framework can be defined as a global framework of knowledge,
technologies and techniques which are adopted by any organization for the development of any
threat models and other methodologies in any government sector or private sector, especially in
the cyber security service and product communities. The framework thus developed provides
solution for the various cyber security threats and also effectively develops a cyber-security
protocol. The case study provided here depicts the various unidentified malwares and threats that
have been recently been found compromising the web hosting providers across the various
organizations (Franke and Brynielsson 2014). The Australian Cyber Security Centre (ACSC) has
investigated this matter of web hosting providers and a malware named as ‘Ghost’ is found out to
be making the remote access tools to make significant modifications in the networks which
might affect the organizations. The ACSC has also provided various tools and techniques of the
Ghost variant and the Rid hijacking tools and techniques have also been discussed. The
procedures that were involved in this case included crypto currency mining, advertising and also
the modification of search engine optimization (SEO). This resulted in the activation of Denial of
Services (DoS) using a tool which is known as fork bomb binary, in many organizations and the
ACSC has conducted this study in order to find out the threats and association of it with the
MITRE ATTACK framework. The ACSC has also stated certain mitigation strategies and
techniques which might reduce the chances of such attack.
Relevance of the incident to that of Verizon Data Breach report –
The Verizon Data Breach report is an annual publication on the various kinds of
information security incidents especially the cases of data breaches in many organization by

2ACSC CASE STUDY AND DISCUSSION
which the organizations are affected in many terms. The data breach report is published every
year by compiling data from various sources and the most common types of breaches described
here is denial of service, inside threats and crime wares that affect the operation of the
organizations over the internet (Bambauer 2013). The ACSC report however deal with the
threats and breaches occurring in the web hosting providers and can be compared similar to that
of the Verizon data Breach report. However, the entities are more vividly described in the
Verizon Report as compared to ACSC. The ACSC also deals with only the data breach cases
occurred in the Australian companies in order to make the Australian online platform to make a
more secure place, but the Verizon Data Breach report deals with the breaches of over 95
countries. The motivation and capabilities of the attackers include the data breach of various web
hosting providers due to the fact of older version of operating system and not using the web
shells properly (Sabillon, Cavaller and Cano 2016). The attackers may implement the Denial of
Service attack in the organizations and thus affect the performance of the entire organizations.
The Ghost malware is one of the examples of the capabilities of the attackers which can affect
the victim’s anti-virus system and thus invading into the victim’s system.
Impact in both technical and business terms –
The incident has several impacts in the organizations that affects technological and
business perspectives of the companies. The technical impacts may be considered to be more
devastating in terms of operation of the company in the internet platform. The hosting providers
were mainly affected due to the attacks and Denial of Service, and thus web hosting platform and
servers were affected due to this attack. The companies also got affected in terms of business
aspects, as because the Ghost and RID hijacking denies the service of the companies and as a
result the clients get refused of the services (Criswell, Dautenhahn and Adve 2014). The

3ACSC CASE STUDY AND DISCUSSION
customer’s important credentials and data might be stored in the web hosting providers and thus
the confidentiality and integrity of these data might be lost due to such attacks. The attacks on
the host might also cause the loss or unavailability of the data in the websites by which the
business aspects of the companies might get affected. The fact that the operating system was not
an updated one and this gave the attackers more privilege to attack or breach the networks or
servers (Sittig and Singh 2016). The business aspects of the companies which might get affected
due to the attacks also include the loss of customer faith in the web hosting providers and thus
affects the entire business plans and infrastructure of the affected company.
Potential mitigations for the attacks –
The mitigations for this type of attacks has been investigated by the ACSC and various
flaws and faults in the network architecture of the companies as well as the current softwares that
the affected companies uses. One of the main factors is using the old operating systems and thus
the ACSC recommends the use of updated operating systems and also to upgrade the security
features of the existing framework of the companies. The potential mitigation also include the
implementation of application whitelisting in the companies and the affected companies should
also reset all their credentials in order to avoid the use of the data of the user’s in an unethical
manner (Team 2015). The ACSC also recommends the affected companies to adopt the web
shell adaptation such as implementing anti-virus solutions to the organizations which will help in
the protection of the important credentials. The mitigation techniques should also be adopted by
the customers such as the website modification monitoring and resetting the credentials such as
their individual passwords and certificates. The customers should also regularly monitor their
websites in order to ensure that no unauthorised access is granted to any personal and in the
existing framework all the web applications and plugins that are not needed should be replaced

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4ACSC CASE STUDY AND DISCUSSION
or disabled (Wangen 2015). The ACSC also recommends certain mitigation techniques, by
which the customers as well as the organizations might protect their data and websites. Thus the
ACSC investigation also includes the fact that the people working in such infrastructures should
be better trained and equipped.

5ACSC CASE STUDY AND DISCUSSION
References
Bambauer, D.E., 2013. Ghost in the Network. U. Pa. L. Rev., 162, p.1011.
Criswell, J., Dautenhahn, N. and Adve, V., 2014, February. Virtual ghost: Protecting applications
from hostile operating systems. In ACM SIGPLAN Notices (Vol. 49, No. 4, pp. 81-96). ACM.
Franke, U. and Brynielsson, J., 2014. Cyber situational awareness–a systematic review of the
literature. Computers & Security, 46, pp.18-31.
Nelms, T., Perdisci, R., Antonakakis, M. and Ahamad, M., 2015. Webwitness: Investigating,
categorizing, and mitigating malware download paths. In 24th {USENIX} Security Symposium
({USENIX} Security 15) (pp. 1025-1040).
Sabillon, R., Cavaller, V. and Cano, J., 2016. National cyber security strategies: global trends in
cyberspace. International Journal of Computer Science and Software Engineering, 5(5), p.67.
Sittig, D.F. and Singh, H., 2016. A socio-technical approach to preventing, mitigating, and
recovering from ransomware attacks. Applied clinical informatics, 7(02), pp.624-632.
Team, V.R., 2015. 2015 data breach investigations report.
Wangen, G., 2015. The role of malware in reported cyber espionage: A review of the impact and
mechanism. Information, 6(2), pp.183-211.