Computer Security Breaches – April-August 2017

Questions:

1.Search the web for news on Computer Security Breaches that occurred during April-August 2017. Research one such reported incident . Prepare a report focusing on what the problem was, how and why it occurred and what are the possible solutions.

2.Research the May 2017 ransomware cyber-attack on the web and prepare a report.

Cyber-attack is an unethical act by the hackers assigned by states, individuals or groups that targets to destroy or damage the metadata secured in a computer system or in an infrastructure by means of malicious software, ransomware- a specific type, which claims money to unblock access to a system. Petya is one such ransomware, encrypting data on Microsoft-Windows systems.[1] This report elaborates the global cyber-attack, in reference to the news searched on the web, from the newspaper site ‘THE GUARDIAN’,[2] caused and provides possible solutions to the same.

Petya, the ransomware encrypts the system data, blocks the access to the boot record, and demands a ransom in means of bit-coin, a digital key that reboots access to the system. Either the victims pay the ransom or afford loosing the valuable information.[3] Initially, this malware was discovered in March 2016.  Numerous forms of the malware were seen propagating to systems based on Microsoft-Windows through infected E-mail attachments. Specific differences were noted in this malware compared to the others, a later form of it being launched with a secondary attachment affecting administrative booting. A recent global Cyber-attack using a variant of Petya originated on 27 June 2017, targeting Ukraine and Russia mainly. Kaspersky lab reported traces of infections in other affected regions including France, Germany, Italy, Poland and the United Kingdom and United States. Although, this malware affected internal networks, researchers from US pharmaceutical organization Merck, shipping company from Danish and Rosnoft – a Russian oil company, discovered it to be a masked cyber offense against Ukraine.[4] Almost, more than 80 companies were targeted for damage including the national bank of Ukraine as well as distorted all the utilities in power offices, air-ports and public transport medium.[5]

This scary ransomware has a mode of operation that is field of discussion. Petya uses the actual computed information from within the transmitted data that holds enough potential to infect the master booting system known as the Master Boot Record (MBR), ornately writing the windows boot-loader and then triggers a restart in the system. The next time one reboots the system, the formatted data executes itself. This encrypts the main file holder system and following that the ransom-demanding message is displayed in a pop-up, the payment mode being in bit-coin as mentioned previously, amounting to $300. During this processing, the windows file scanner system generates a text on-screen indicating the ongoing repair of the different hard-drive system.[6] The original computation required the system-victim to grant administrative advantages. In this context, another variant of the malware, Mischa was attached with data or the initial text, in a situation Petya was unable to install in earlier versions with an attached PDF file.

Ransomware Cyber-Attack – May 2017

The ‘not- Petya’  version used for the 2017 cyber attack, is a rapid spread across organizations following one affected system.[7] This ransomware yet again found a medium specifically the Eternal-Blue, which is a collection of data in sequence in form of syntaxes that in an offensive way takes advantage of a vulnerability of a software, in this case, Microsoft-Windows and generates control over one’s system or through the availability of administrative tools. This malware is capable of using various techniques to spread across systems obtaining passwords and using passwords linked with PSExec for code run on other LAN connections. This ransomware cannot omit its changes. Researchers announced this was not launched with the intention to generate profit, rather, focused on the widespread of the same to cause rapid damages and the media-attention.

As mitigation, researchers and analysts took several measures across the globe claiming the discovery of ways to possibly, stop the process of encryption.[8] Kaspersky lap for an instance, offered help suggesting that the lab’s security software was now developed to detect and limit the malware. Various Anti-Virus companies claim their software can provide protection against this malware infection, especially, Symantec products with the updated version 20170627.009. Installation of March’s Critical Patch provides a defensive action against the vulnerable Windows feature and promises to offer guard towards future attacks with variant tools.[9]

Another innovation regarding the solution for this attack was helpful in either ways. The process firstly asks the immediate shut down of the system as soon as the appearance of the ‘chkdsk’ pop-up and a proposed analyst creating read-only files bearing the label ‘perfc’ or ‘perfc.dat’ in the Windows file system can prevent the effect of the formatted data by limiting the execution. The provider, Posteo, suspended the E-mail address already on the Ransom windows therefore restricting the infected the users to make the payment.

Conclusion  

Based on the various analyses, provided by researchers from diverse backgrounds it is concluded that it definitely not a moneymaking source rather, it is designed for the widespread effect across countries and systems encrypting important component files of a system. The ransomware infects the major file system of a computer and remains stagnant for an hour, it is advisable, while the rebooting takes place, to switch it off to prevent the files from getting encrypted. The person behind the attack disguised the malware as a ransomware with a pure intention of being destructive especially, to Ukraine government.

Petya Ransomware

The first half of this year witnessed unusual amounts of cyber security breaches. One such chaotic ransomware release was the WannaCry Crypto-worm, targeting the systems based on Microsoft Windows Operation.[10] This report provides an insight to the attack, its relevant details and possible mitigations discovered.

This ransomware crucially encrypted files and demanded money in crypto-currency format, the use of bit-coins involved. Crypto-currency is a digital set-up involving payments in form of bit-coins, which is the used currency. The attack initiated on a Friday, 12 May 2017, this initial outbreak continued from 12 May to 15 May 2017.[11]  Within the commencement of 24 hours, a report showing the results, generated only to highlight, 230,000 computers infected over 150 countries. This ransomware in particular used the flaw of Microsoft, which was long discovered by National Security Agency (NSA), was used for its offensive activities and was leaked by hackers to widely spread the malware to block access to files. The malware disguises as software, informing the user that the files have been encrypted with a warning of their deletion if the required payment is not made. Advance information about the procedures to buy the software and henceforth, the destination to send the ransom to is provided. Analysts refer to this as a ‘worm’ as it has a transport phenomenon or mechanism to gradually spread and infect a system automatically. This code of access scans the data system with characteristic vulnerability particularly as mentioned previously, Eternal-Blue to gain control on the file system. On 19 May 2017, it was informed that the hackers made an attempt an attack using a variant of this ransomware, Mirai for a distributed attack. 

Europol estimated due to the campaign of this ransomware around 200,000 computer systems over 150 countries approximately were infected.[12] Kaspersky lab investigated about the four most affected countries- Russia, Ukraine, India and Taiwan. An adverse effect on the National Hospital Services (NHS) was witnessed, in England and Scotland. Various public utilities amounting to 70,000 devices inclusive of computers, MRI-scanners, blood storage refrigerators and possible range of theatrical equipments.[13] Many non-crucial emergencies were turned-off, ambulances connected to NHS services were reverted even of Wales and Ireland. Production procedures took a pause in the Nissan Motor Manufacturing UK in Tyne &Wear, England after their system-infections. Another on the list was Renault to halt its production in various sites to avoid the spreading of the ransomware.[14] Organization using not-update of Microsoft operating system were adversely affected, especially, the ones with the older version of XP, since no security patches were released since April 2014 in relevance. Cyber risk configured by Cyence charted an economic loss of 44 billion while others estimated it to be hundreds of millions. A sum of $130,634.77 involving around 327 payments was recorded regarding the ransom.

Not-Petya Ransomware

WannaCry evidently initiated its attack in Asia. Gaining access to systems through SMB, it rapidly spread in multiple networks. On execution the malware first scans the ‘killSwitch’ domain, the absence of the same helped the software to encrypt file system. The ransom demanded was $300 bit-coins within three days or a lump sum of $600 in seven days. Destined web addresses were provided where the money was to be sent, ‘wallets’, by the victims.[15] The virus execution process can be precisely fragmented into three parts- firstly, the payload (mssecsvc.exe): this is the spread file, encrypting the main file system and executes malicious behavior. Secondly, the ransom program (taskche.exe): the program itself containing an encrypted public key, the decrypted version being retained by the attacker, which encrypts both the sub-private and public key and saves it. The AES key encrypts the file contents to be saved as M2, which is further encrypted with the sub-public key and saved as M1. This merged version has an added header ‘WANNACRY’. Lastly, the ransom program-(@[email protected]): this platform demands for the money in bit-coins with the addresses[16].

A tech security researcher, Marcus Hutchins from England, successfully developed a vaccine to this known as ‘Kill-Switch’, a registered domain, effectively reduced the spread of the infection pausing the breakout. This shuts down the software. This was included in the code of the ransomware to prevent its propagation in quarantined systems. However, not a help for the already-infected ones, it helped severely in limiting its spread especially in North America and Asia. Within four days, several security experts claimed to stop the spread with newly designed updates, among which universities of London and Boston reported, their pay-break system has the potential to stop the infection. Each encrypted file uses AES key, to decrypt the RSA sub-private key was required.[17] The discovery of the tool, WannaKey potentially retrieves the required key especially in the Windows XP domain. Another approach was ‘WannaKiwi’ for Windows 7 and 2008 R2. 

Conclusion  

On analysis, it is certain to conclude that the scale of attacks and the exposed vulnerabilities ranged to the enforcement of new updates available for Windows. For self-protection, it is advisable to avoid any suspicious sites and to keep the system in use updated. Lastly, strict restriction on paying the ransom and encourage the hackers. Prevention is certainly prior to the offered antidote.

References:

Aurangzeb, Sana, et al. “Ransomware: A Survey and Trends.” Journal of Information Assurance & Security 6.2 (2017).

Operation of Petya Ransomware

Collier, Roger. “NHS ransomware attack spreads worldwide.” (2017): E786-E787.           

Edwards, Benjamin, et al. “Strategic aspects of cyberattack, attribution, and blame.” Proceedings of the National Academy of Sciences (2017): 201700442.

Gandhi Krunal, A. “Year of Publication: 2017.”

Gordon, William J., Adam Fairhall, and Adam Landman. “Threats to Information Security—Public Health Implications.” New England Journal of Medicine (2017).

Guo, Ziyang, et al. “Optimal linear cyber-attack on remote state estimation.” IEEE Transactions on Control of Network Systems 4.1 (2017): 4-13.

Hammill, Ashley. The rise and wrath of ransomware and what it means for society. Diss. Utica College, 2017.

Knobel, Andres. “Technology and online beneficial ownership registries: easier to create companies and better at preventing financial crimes.” (2017).

Martin, Guy, James Kinross, and Chris Hankin. “Effective cybersecurity is fundamental to patient safety.” (2017): j2375.

Mattei, Tobias A. “Privacy, Confidentiality, and Security of Health Care Information: Lessons from the Recent WannaCry Cyberattack.” World Neurosurgery 104 (2017): 972-974.

Mohurle, Savita, and Manisha Patil. “A brief study of Wannacry Threat: Ransomware Attack 2017.” International Journal 8.5 (2017).

Naved, Hamid. “CYBER ATTACKS, ESPIONAGE AND INTRUSIONS: THE LAW GOVERNING THE NEW GLOBAL FRONTLINES.”

O’Dowd, Adrian. “NHS patient data security is to be tightened after cyberattack.” (2017): j3412.

Richardson, Ronny, and Max North. “Ransomware: Evolution, Mitigation and Prevention.” International Management Review 13.1 (2017): 10.

Shackelford, Scott. “Exploring the ‘Shared Responsibility’of Cyber Peace: Should Cybersecurity Be a Human Right?.” (2017).

Shoukry, Yasser, et al. “Secure state estimation for cyber physical systems under sensor attacks: a satisfiability modulo theory approach.” IEEE Transactions on Automatic Control (2017).

Solon O and Hern A, ‘Petya’ Ransomware Attack: What Is It And How Can It Be Stopped?’ (the Guardian, 2017) <https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how> accessed 24 August 201

Aurangzeb, Sana, et al. “Ransomware: A Survey and Trends.” Journal of Information Assurance & Security 6.2 (2017).

Olivia Solon and Alex Hern, ‘Petya’ Ransomware Attack: What Is It And How Can It Be Stopped?’ (the Guardian, 2017) <https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how> accessed 24 August 2017.

Hammill, Ashley. The rise and wrath of ransomware and what it means for society. Diss. Utica College, 2017.

Edwards, Benjamin, et al. “Strategic aspects of cyberattack, attribution, and blame.” Proceedings of the National Academy of Sciences (2017): 201700442.                                                                                                                                        

Gordon, William J., Adam Fairhall, and Adam Landman. “Threats to Information Security—Public Health Implications.” New England Journal of Medicine (2017).

Guo, Ziyang, et al. “Optimal linear cyber-attack on remote state estimation.” IEEE Transactions on Control of Network Systems 4.1 (2017): 4-13.

Naved, Hamid. “CYBER ATTACKS, ESPIONAGE AND INTRUSIONS: THE LAW GOVERNING THE NEW GLOBAL FRONTLINES.”

Richardson, Ronny, and Max North. “Ransomware: Evolution, Mitigation and Prevention.” International Management Review 13.1 (2017): 10

Shackelford, Scott. “Exploring the ‘Shared Responsibility’of Cyber Peace: Should Cybersecurity Be a Human Right?.” (2017).

Shoukry, Yasser, et al. “Secure state estimation for cyber physical systems under sensor attacks: a satisfiability modulo theory approach.” IEEE Transactions on Automatic Control (2017).

Martin, Guy, James Kinross, and Chris Hankin. “Effective cybersecurity is fundamental to patient safety.” (2017): j2375.

O’Dowd, Adrian. “NHS patient data security is to be tightened after cyberattack.” (2017): j3412.

Collier, Roger. “NHS ransomware attack spreads worldwide.” (2017): E786-E787.            

Mattei, Tobias A. “Privacy, Confidentiality, and Security of Health Care Information: Lessons from the Recent WannaCry Cyberattack.” World Neurosurgery 104 (2017): 972-974.

Gandhi Krunal, A. “Year of Publication: 2017.”

Mohurle, Savita, and Manisha Patil. “A brief study of Wannacry Threat: Ransomware Attack 2017.” International Journal 8.5 (2017).

Knobel, Andres. “Technology and online beneficial ownership registries: easier to create companies and better at preventing financial crimes.” (2017).