Coit20263 Information Security Management- Cyber Assessment Answers
Part 1:
Search the web for news on computer security breaches that occurred during April-August 2017. Research one such reported incident (Excluding the May 2017 ransomware cyber-attack) .
Prepare a report focusing on what the problem was, how and why it occurred and what are the possible solutions.
Part 2:
Research the May 2017 ransomware cyber-attack on the web and prepare a report focusing on the following questions:
a. What was the problem?
b. Who were affected and how?
c. How was the attack carried out?
d. What could have been done to prevent the attack?
Answers
Part 1
In the month of July this year it was reported that Italy’s number one bank UniCredit has become a victim to a major cyber-attack leading to breach of around 400 thousand bank account’s data. Loan and biographical data of 400 thousand clients were stolen from the banking security. The process of intruding into the system started around mid-June and carried on in July till it was discovered on 25th of the same month (Edward & Sirletti, 2017).In a statement given to media by Francesco Confuorti, chief executive officer of Advantage Financial SA, it has been said that “It’s the first time when an Italian bank has been attacked and massive investments will be needed in order to prevent the loss of confidence. Also this case will lead to Italian banks reviewing their IT systems”
The attackers successfully gained the unauthorized access to UniCredit customer’s accounts with the help of an outside company which was employed by the bank. While conducting checks, banks IT department learned about the anomalies that some members of the external business partner were gaining unauthorized access to client’s personal data (Edward & Sirletti, 2017). The spokesperson at UniCredit told that they feared along with personal information, hackers might have taken client’s international bank account numbers which is also known as IBANs (Coffman, 2017).
The reason for this kind of cyber-attack took place is the huge amount of data with a complicated IT landscape which makes it tough to see if a breach is occurring. Hackers nowadays are creative and don’t let anyone any indication so it becomes hard to root out them who could be buried deep under the networks and might be operating for months undiscovered (Nathan, 2017).
Discovering the attack and hackers, Unicredit immediately blocked them, sealed the breaches made and upgraded the systems (Edward & Sirletti, 2017). This was not the first time when bank accounts were penetrated. In January 2016 millions of customers of HSBC were locked out of UK accounts when some malicious code paralyzed its website. 80 Ukraine banks were compromised in a global ransom-ware attack in June 2017. Any material damage doesn’t occur with these attacks neither for the client not for the bank (Ramon & Ray, 2017).
As the possible solutions to these problems, UniCredit has invested approx. 2.4 billion euros to strengthen its systems against every possible malicious threat. UniCredit has already started an audit and also planning to file a report. UniCredit is taking every possible step to upgrade and strengthen its IT systems and digital infrastructure, while making sure to keep a track of adjusting requirements (Coffman, 2017).
Italian Bank’s Association and central bank are checking the situation with the help of an emergency response team which was created in order to strengthen financial cyber security. These experts are even preparing against each possible attack that may hit in the coming months. The key point of distress is to secure the data against all kind of cyber-attack as criminals may damage the database and leave it unusable which will result in no track of customer’s money or data (Yagoda, 2017).
The other measures which could be taken by these banks are by charting own bank data life cycle. It should be carefully watched that how the data is collected, stored and accessed and if any kind of data is sensitive it should be additionally protected (Hafner, 2016). The data which need to be accessed on regular basis must have a vigilant access and the other data which need not to be accessed must be transferred to a location with little or no external access. Disposition of the data which is no longer required must also be done securely (Hafner, 2016).
Performing a security check on monthly basis can also be effective. An experienced data risk security advisor must be appointed in order to calculate any risks to data which will help in revealing weak areas and can be taken care of timely. Management must make sure that all those recommendations have been followed and making progress. Information security and technology are two different things and expecting single team to perform both duties is not advisable. An information security officer must be appointed who can report to management to sustain momentum and visibility as the safety program evolves (Kerner, 2017).
Every employee of the organization must be educated on the points of exposure to threats and how to protect these threats and in any such case to inform the concerned person. Monthly reminders must be the duty of ISO so that it becomes a routine for employees to be alert. Exposure to social media inside the banks must be very limited or be completely aborted as risks are bound to oversharing on social media, for example if an engineer posts about her experience with specific routers, firewalls and OS, she is unknowingly mapping the network for potential attacker (Nathan, 2017).
Business passwords must be changed several times in a year and it should be a good combination of numbers, letters, lowercase and capitals. Intruders, similar to all other hunters will try attacking its weakest prey. All the security processes must be so strong that hackers have to look for some other victim.
Part 2
a) A massive cyber-attack occurred worldwide in the afternoon hours on 12th May 2017 which is now referred to as ‘Wannacry’. Wannacry in the form of some malicious code got spread around the world and impacted more than 200 thousand computers across 150 countries. National Health Service in UK was particularly hit resulting in various hospitals and doctors surgeries to operate at reduced capacity (Talos, 2017).
b) More than thousands of companies were affected by this ransom-ware out of which only 30-40 companies were publicly named. China and Russia were affected the most; probably the reason is high percentage of legacy software. Some of the examples are FedEx, Russian Interior Ministry and Spain’s major telecommunications company Telefonica. National Health Service in UK suffered majorly as 16 out of 47 NHS were impacted and appointed surgeries had to be cancelled until the recovery. China reported more than 35,000 organizations that were impacted which included hundreds of academic institutions (Mimoso, 2017).
A car manufacturing company Renault halted its production across various sites in order to prevent the spread of the ransom ware. Nissan in UK also stopped its production after being informed that Wannacry has affected few systems of them (Talos, 2017).
Figure 1: Distribution of attacks
c) The attack was carried out in order to make ransom money by encrypting disks, files and several other important data on system with a password or private key. The hackers demanded a whooping amount of somewhere between $300-600 in form of bitcoins in return of the password to decrypt the files. The amount was to be paid off within three days from the date demand was made, otherwise ransom would be doubled (Joshua, 2017).
The attacking vector has still not been confirmed though few statements have been made such as use of phishing mail, use of Server Message Block Protocol to get spread using ports 445 and 139 which are commonly used for communication on Windows. Once the virus was installed hackers searched for the vulnerable devices and planned a back door entry through the Eternal Blue and Double pulsar (Goel, Mark & Scott, 2017).
AES-128 cypher was used to encrypt user’s files and deleting shadow copies. After which a ransom note of demanding bitcoin valuing 4300-600 was displayed on the computer screens. For connecting back to the attacker, hackers used Tor.exe which made it extreme difficult to track the hackers. After connection was made IP address was scanned for the infected machine including all the IP addresses under same subnet. The more vulnerable devices were found though these subnets and exploitation was carried out.
The attack came to a halt when a 22 year old “Malware Tech” fortunately spotted a bug in the code that acted effectively as a “kill-switch’’. This kill-switch allowed the user to shut down the software much before it could do any harm to the system (Lucian, 2017).
d) The substantial reason that this ransom-ware was so impactful is the ignorance. It has been stated that in April 2016 US NSA hoarded a series of “cyber weapons” which can be used to gain an admission to any user’s system around the globe. After that a hacking group linked to Russian agencies “The Shadow Brokers” acquired these weapons and released them in public which was named as “Eternal Blue”. Eternal Blue was ignored at that time and only few people patched their computers to deal with Eternal Blue vulnerability (Leyden, 2017).
The second reason involved in this case is age of the computers. The susceptibility was in a belittled form of the SMB protocol which is only being used in older computers. As the systems related to legacy are much vulnerable to these kinds of attacks it is very crucial either to isolate these systems or to modernize them. Organizations consisting of various legacy systems must isolate their systems from each other as well (Joshua, 2017).
Access to cyber intelligence is important for every organization and government institution in order to know the alternations in the danger land along with an understanding of their exposure. This is the one way to remain one step ahead of hackers knowing the danger and staying safe. In case organizations have known the circumstances they would have already gone for the higher priority Eternal Blue patching.
Maintaining backup of the data on the daily basis by aligning some timeline or procedures to restore backup data according to the business continuity plan of the organization is a major risk mitigation consideration. Review the association's occurrence reaction and calamity readiness intends to confirm that they can easily address restoration from a ransom-ware occasion.
Endpoint Monitoring should be practiced at each level of the organization so that any malicious activity, if occurring, would be monitored and can be solved at that level. A team must be built in order to install a security awareness training program in the organization and aware every one of the possible threats that could be coming. Also an operative organization incident response plan must be uphold which is tested regularly and dignified for efficiency against ransom ware, along with a regular update to the plan against current cyber-crimes (Kerner, 2017).
Filtering Emails is another safety option to be taken as filtering extensions in the mails will prevent a ton of malicious attacks, for example Locky. While downloading any attachment from unknown user it must be checked and reviewed manually. Settings must be done in order to block installations of attachments automatically and rather a security transfer option must be opted which can prevent harbor malicious software to turn in.
In case any changes to the file extensions are noticed company must disconnect all external storage and network connections immediately. Systems must be turned off and IT teams must be informed.
References
Edward, R., & Sirletti, S. (2017, July). Hackers Breach 400,000 UniCredit Bank Accounts for Data. Bloomberg. Retrieved from https://www.bloomberg.com/news/articles.
Kerner, S. (2017, Feb 7). Sentry MBA Uses Credential Stuffing To Hack Sites. p. 8.
Coffman, H. (2017). The 414 Gang Strikes Again. Time. p. 75.
Nathan, J. (2017). At Microsoft, Interlopers Sound Off on Security. The New York Times. Retrieved from https://www.timesonline.co.uk.
Ramon, Y., & Ray, H. (2017). The Growing Hacking Threat to Websites: An Ongoing Commitment to Web Application Security. The Journal of the Frost & Sullivan. 13(3-4), 147-148
Yagoda, K. (2017). The Hacker Crackdown. McLean, Virginia. IndyPublish.com. p. 61.
Hafner, H. (2016). Attacks on Computers: Congressional Hearings and Pending Legislation. IEEE Symposium on Security and Privacy. . p. 180.
Talos, S. (2017, May 15). The Verge: UK hospitals hit with massive ransom ware attack. Retrieved from https://www.theverge.com/2017/5/12/15630354/nhs-hospitals-ransomware-hack-wannacrybitcoin.
Mimoso, L. (2017). Telefonica. Retrived from https://www.telefonica.com/en/web/press-office/-/cibersecurity-incident,
Joshua, T. (2017). New York Times. Retrived from
https://www.nytimes.com/interactive/2017/05/12/world/europe/wannacryransomware-map.html?_r=1.
Goel, D., Mark, H., & Scott, U. (2017). Troy Hunt blog. Retrieved from https://www.troyhunt.com/everything-you-need-to-know-about-the-wannacryptransomware
Lucian, K. (2017). Non-Zero Sum Games and Survivable Malware. IEEE Systems, Man and Cybernetics Society Information Assurance Workshop. pp. 24–29.
Leyden, T. (2017). Malicious Cryptography: Exposing Cryptovirology. Wiley. ISBN 0-7645-4975-8.
Chang, Y. (2016). Cybercrime in the Greater China Region: Regulatory Responses and Crime Prevention Across the Taiwan Strait. Edward Elgar Publishing. ISBN 9780857936684.
Buy Coit20263 Information Security Management- Cyber Assessment Answers Online
Talk to our expert to get the help with Coit20263 Information Security Management- Cyber Assessment Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.
