Computer Security Breaches And Cyber

1.Search the web for news on computer security breaches that occurred during April-August 2017. Research one such reported incident (Excluding the May 2017 ransomware cyber-attack) . Prepare a report focusing on what the problem was, how and why it occurred and what are the possible solutions.

 

2.Research the May 2017 ransomware cyber-attack on the web and prepare a report focusing on the following questions: What was the problem?

 

 

Introduction

In this report, we have searched about the various computer security breaches and about the major cyber-attacks done by the hackers all over the world. This report consists of two parts, i.e., part A and part B. In part A we have considered Fireball the Chinese malware for the research and in part b we have discussed about the WannaCry cyber-attack that took place in the mid of May this year. In part A, the complete information is discussed about the cyber-attack faced due to the Chinese malware and we have also discussed various important factors like the type of problems that the company faced at that time, reasons responsible for the attack, several possible efforts made by the security agencies for competing with that situation. Talking about the part B, we have discussed the complete information about the WannaCry cyber-attack that took place in the May 2017. The complete description is provided below about what the actual problem was, who was mainly affected by this cyber-attack, how this attack was carried out and what efforts does the security agencies took to cope with the problem at that time.

1.In the first part of the report, I have selected “Fireball” the Chinese malware for my research. In the present year this cyber-attack was reported by the companies all over the world, which had affected approximately two hundred fifty million people. During this cyber-attack it was reported that this malware directly affects or we can say that, targets the browsers present in the system of the user and transforms those browsers into zombies. It was hacked by the hackers by accessing the database of the systems. In this part of the report, the complete information has been discussed below about the various problems being faced by the company, reasons for the cyber-attack as well as about the valuable solutions made by the security engineers of the company at the time of cyber-attack (Check Point Software Technologies Ltd., 2017)

Identification of the problem: In this phase of the report, we will discuss about the problems faced by the people existing all over the world as well as about the problems related to the theft of the personal data of the people by the hackers. At the early stage there was no such relevant information about the cause of the cyber-attack and about the number of system affected by this malware (Bisson, 2017). After several verifications and the steps taken by the security agencies the main functionalities of this malware was described.In this, the malware was having the ability to run any type of code on the infected system of the user and the ability of downloading any other malware for accessing any type of information of the user. This was the major reason that the identity of the customers was put at risk because with the help of personal information the hackers can affect the customers by directly influencing their banking accounts, etc.

Problem occurrence: Firstly, the security agencies had no such strong evidence about the actual problem. Later on it was clear that, this was a task of Rafotech a Beijing based company working in the phase of digital marketing. This company was using the fireball for hacking the system of the users by transforming the browsers into fake browsers along with thetechniques related to the social engineering, i.e., sending and receiving malicious links were the other reason recognized by the security experts of the company. In this process along with the search engines the default home-pages was also transformed to fake ones. Along with this there exists one other major reason, i.e., this malware infected more than two hundred fifty million computers all over the world excluding approximately twenty per cent of the corporate network (Hassan, 2017). Due to this cyber-attack the corporate agencies faced a huge loss in their business across the different countries of the world. Many governance issues had also been faced by the management of the company due to misunderstanding between the shareholders of the company.

Actions for resolving the several issues: As it has been discussed earlier that approximately two hundred fifty million customers all over the world was affected by this and to save them as much as possible by reviewing the browsers as well as the default home pages of the browser. On the existence of some fault users was advised to restore the browsers to default settings. Several advises and personal assistance was given to the customers by the experts of the security agencies for removing the malware from the system. By making an efficient use of the latest technologies and software for protecting the system from malwaretwo different steps was required for both window as well as Mac operating system. For the Window users, they need to uninstall the adware by deleting the programs installed in the control panel of the system and for the Mac operating system firstly they need to locate the application and after locating it they need to delete the file permanently (Morris, 2017). Security experts help the people in making an effective and secure method of accessing their accounts from different locations or sites, etc. By using these two methods the users can easily resolve their problem because more than two hundred fifty million systems was infected by this malware including the maximum shares of the countries like India, Brazil, Mexico, Indonesia and the United States as well.

2.In this part of the report, we will discuss about the cyber-attack took place in the mid of the May 2017. This attack was done by the wannaCry and it infected more than one hundred countries all over the world. This ransomware made the Microsoft operating system computers its target by encrypting the complete data present in the system. This all was done for demanding the ransom payments in Bitcoin cryptocurrency against the recovery of the affected system or we can say that, for the recovery of the data encrypted. According to a survey done by the security agencies approximately two lacs fifty thousand computers all over the world was affected by this WannaCry ransomware attack. Several technical write-ups had been timely released by a number of companies so that the problem can be tackled upto much extent (Wong & Solon, 2017). The main problem of the attack, who was affected by this ransomware, how this attack was carried out and what preventions was made to heal this all these phases are discussed below:

Identification of the problem: This ransomware targets only the computers running on Microsoft windows operating system. In this, the complete data of the Microsoft operating system was being encrypted and for its solution the ransom payments were being demanded by the hackers in the Bitcoin cryptocurrency. This ransomware had affected more than two Lac fifty thousand computers all over the world working on the Microsoft operating system. The problem was caused due to the theft of cyber weapons cache claimed by the national security agency (Hern & Gibbs, 2017). In this ransomware, a malicious software named as WannaCry was being used, which blocks the data of the operating system and demands for an amount for recovering that data.

Who were affected and how:WannaCry hits a large number of companies, industries, hospitals, etc., delivering a variety of services all over the world. The companies or we can say the organizations using the systems working on Microsoft operating system was being affected at a high speed. This ransomware encrypts the complete data of the systemand doesn’t allow the user to access its data and further to this it demands for the money for unblocking the encrypted data and allowing user to access his/her data. In this complete process the ransomware encrypts the whole data with the help of central server and after completing the process of encryption it shows a message on the screen demanding for the money for decrypting those files or data. All this was done through the PDF files, word files, document files, etc., sent through emails or by any other links.

How was the attack carried out: The cyber-attack was done by spreading the malware or we can say the infected files or links through the PDF, word document files, etc. in a hidden manner. This all is done with the help of email being sent from one system to the other. All this is responsible for the cyber- attack done in the mid of May this year. This ransomware disturbed the implementation of the remote desktop protocol in the Microsoft system and it also affected the implementation of server message block which was the main reason that no one was able to access his/ her data. Shadow was the group of the hackers, which shows some evidences indicating the tool used in the malware (Richard, 2017).

Steps taken for the prevention:Various steps were taken by the security agencies for decreasing the impact of the ransomware on the computers affecting the people all over the world. Various patches had been released from time to time by the Microsoft for supporting their operating systems. These patches help the users by protecting them from the cyber-attack. The effect of the virus was becoming slower when an internet security researcher finds a kill switch. Among the various countries, Russia was affected the most by this cyber-attack.

Conclusion

According to this report, we can say that, this attack should be taken as a warning by the world and the security agencies should need to work harder for the safety assistance being provided by them to the people all over the world. This type of ransomware can target the important infrastructures of the countries like railways, airways, nuclear energy, etc. This report shows that; these types of attacks should be taken seriously because they can disturb the complete working of the organizations as well as of the countries across the world. From this we can say that, it is not yet over so each and every person needs to access the network safely.

References

Bisson, D. (2017). Fireball malware's flames infect a quarter of a BILLION computers. Retrieved from https://www.grahamcluley.com/fireball-malwares-flames-touch-a-quarter-of-a-billion-computers/

Check Point Software Technologies Ltd. (2017). FIREBALL – The Chinese Malware of 250 Million Computers Infected. Retrieved from https://web.archive.org/web/20170607155331/https://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-infection/

Hassan, J. (2017). ‘Fireball’ Malware Infected 250 Million Mac and Windows Devices. Retrieved from https://www.hackread.com/fireball-malware-infected-millions-mac-windows-devices/

Hern, A., & Gibbs, S. (2017, May 12). What is WannaCry ransomware and why is it attacking global computers? Retrieved from https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20

Morris, D. (2017). Chinese ‘Fireball’ Malware Infects 250 Million Computers. Retrieved from https://fortune.com/2017/06/03/chinese-fireball-malware-infection/

Richard. (2017, May 23). Global Ransomware Cyber Attack Hits More Than 100 Countries. Retrieved from https://darkwebnews.com/dark-web/cyber-attack-hits-100-countries/

Wong, J., & Solon, O. (2017, May 12). Massive ransomware cyber-attack hits nearly 100 countries around the world. Retrieved from https://www.theguardian.com/technology/2017/may/12/global-cyber-attack-ransomware-nsa-uk-nhs