Discuss about the Cybersecurity Controls and Digital Manufacturing.
A most concerned web link that was discovered in May 4, 2017 was the data breach of the Gmail Accounts across many regions around the world (Kreutz et al., 2017). This data breach mainly involved displaying of passwords, messages that were private and also other data that were sensitive from various sites that includes services like Uber, OKCupid and FitBit.
The problem rose from a famous company CloudBleed that provides Security Services for Internet, distributed domain name server services and also provided delivery network that provided network to Gmail (Solic et al., 2017). The attack was named as CloudBleed as it aroused from CloudFlare. The virus that was detected was similar to that of famous HeartBleed virus that was discovered in 2015 but was more serious in terms of data leakage. When request came to CloudFlare, random pieces of memory were returned from unsafe servers.
Moreover, one more serious issue rose from this condition. The search engines were caching the information that was leaked. CloudFlare hosts content typically from different sites on same server. This created another main issue regarding the data breach (LN, Wibowo & Wells, 2017). A request that is made to one unsafe site reveals the information of other site that is not related to the site of CloudFlare. For an instance, it someone visited a Uber.com page, a piece of memory that was made previous from another site was displayed on the page. That means someone else’s password is displayed in some other’s site. Tavis Ormandy, Google bug hunter discovered the issue first on February 17.
How the problem occurred and why
The problem arose when CloudFlare modified and determined the web pages when some clients clicked the site. When the data was sent to server, the server failed to determine the data properly and distribute some parts of memory bouncing over the design that was made to keep the information secure (Corrêa, Enembreck & Silla, 2017). The design that the server bounced into was called as buffer. The memory that was bounced might have some secret numbers or passwords or some private messages. Ormandy discovered this issue by aiming a bunch of load data at the servers of CloudFlare. This process of aiming bunch of junk data at some server is known as fuzzing. He discovered the issue because he got back some responses that had data from the memory. He was then sure that the sensitive data that returned could be duplicated by someone.
Google started searching the web to get an idea about the information that had been breached (Birje et al., 2017). They came with a conclusion that 161 such domains that were unique had cached by search engines and all the data was cleaned up.
Security researchers of Google, Natalie Silvanovich consider that the data breach would lead to severe impact on the reputation of the website. The CloudFlare was continuously trying to erase the bug from the server but that would also take some time.
The bug received bu the users came as inbox email to the users. The email showed an attached doc file showing “GDocs” or “Google Docs” which seemed as a valid contact to the users. The users were asked to check the attack file. The users were taken to the security page which was a real Google page and users were inquired to give permission to use the email account of the user. The worst factor was that bug sent contacts of all the user that were affected to a single user that falls in the trap, making hundred of copies of the credentials.
The strategy that was used was a common one, but the worm that came through was very dangerous causing devastation among the millions of users (Will et al., 2017). The wicked link looked exceptionally trustworthy and realistic and the email that was received in the inbox of the clients also looked as if it came from real users and the data needed to login was the Google’s real login credentials.
The vulnerability that was detected lasts only for an hour. Google said that they were able to disable the affected accounts and updated the users regarding this vulnerability. The NBC news stated that the bug has not affected even 0.1 percent of the Gmail users that is approximately around 1 million among the 1billion users.
It was not possible to suspect the victims behind this vulnerability. Having a control on the Gmail account of the user, hackers can get hold of all the personal data of the user that is sent or received in their email. The consequences that can happen from this is that hackers can reset the passwords and get hold of the users account.
Possible solutions that are possible
The malicious email that was received by the user seemed as a real copy of message from a trusted user or a trusted site (Fowler, 2017). The mail was sent to a email address ([email protected]) that was fake and the email address of the user was provided in the BCC section.
It is suggested that if someone receives a mail from Gmail with mailinator.com, they are to report that mail as phishing, which is provided in the down arrow beside the reply button. Click the “Report phising” and then delete the mail. If the malicious link is clicked by mistake, then permission should not be granted when GDocs app asks the permission for.
If then also someone falls under this scam, then the victim is suggested to go to their Google connected sites console and invalidate the access to Google Docs and change your password. It is suggested to invalidate any applications that are in the list which are not recognizable.
Case Study on Ransomware Cyber-Attack
On 12th May, 2017 Friday evening, the ransomware attack took place which was named as WannaCry. This ransomware attack infected nearly one-fourth of the million computers (Choi, Scott & LeClair, 2017). A ransomware attack had begun from the breaking of cyber weapons that was linked with the US government which has faltered the hospitals of England and spread over many countries over the world. The latest of all the upcoming attacks is the WannaCry attack. The process of this attack does not include stealing or copying of personal data. They holds on the data hostage and demands for a compensation of money.
The ransomware spread over South America and United States by that Friday evening and made its attack as stated by the security researchers Malware Hunter Team (Paté?Cornell et al., 2017). The attack was made in a scattered way rather than making it as comparatively small over a targeted area. This attack was not particularly for particularly large institutions or companies. Those who got this worm were under their attack.
The security researchers of the Kaspersky Lab have registered more than 45,000 attacks that were held in approximately 99 countries which include Russia, Ukraine, UK, Egypt, Italy, China and India. Major companies of telecommunications were affected in Spain.
This procedure became active on 14th April with the help of a group known as Shadow Brokers. This Shadow Broker had robbed a cache of cyber weapon from NSA. There was some uncertainty about the group extending its scale of hacking.
Spam email – A malignant attachment to the emails is the most familiar way of getting the ransomware into a machine of the user (Glavach, LaSalle-DeSantis & Zimmerman, 2017). Very large volumes of spam campaigns are mostly used in ransomware attack and techniques of social engineering are used to fraud the users for trusting them (Collier, 2017). For an instance, an email that states an attachment regarding a missing delivery of a company delivering parcel comes to the user. The common attachments that are been used are: .xls, .xlsx, .doc, .docm, .docx, .lnk, .js, .ppt and many more extensions. These files are mainly archive file that comes as .zip or .rar.
The other way of ramsomware attack is using of Exploit Kits (EK). This Exploit Kits are the tools that are used by the criminals for identifying the accountabilities and also determine which machine is not patched.
This EKs method uses website that have already been hacked and to them a small amount of affected code is added with the website code (Mohurle & Patil, 2017). When a user clicks on this website, they are directly taken to the server of the hacker that manages the Exploit Kits. More than ten thousand real websites are negotiated by this method of EK. In some of the cases, negotiating is not done by the websites. In place of that advertisement are displayed that have malicious codes in them. This process is known as Malvertising. If the user does not patch their system regularly, EK has a way to find an account and to exploit it.
How was the attack carried out?
The ramsomware starts its work by attacking to the machine, and execute the files. The connection to Criminal’s Command and Control Server (C&C) and sending data regarding the host is done once the user runs the executable file or other infected files (Young & Yung, 2017). The connection that is established is called C2 traffic or call home. HTTP and standard port 80 and HTTPS protocols and post 443 are mainly used in this method.
The data that are sent by the ransomware is usually IP addresses, details regarding operating system, permission for accessing account and the details regarding geographical areas (Pope, 2017). Hackers may use these data to make more number of attacks. The ransomware has privileges on the admin domain.
The C&C sends the encryption key that are needed to encrypt the files that are in the machine as soon as they receives the data. This process is done in two parts (Copeland, 2017). First the machine is infected and then the encryption is done. To keep the keys secret, this method is applied. Without the encryption keys, it is not possible to decrypt the files.
After receiving the encryption keys, the ramsomware starts to decrypt the file and concentrates on the local files. Then after on all the removable devices such as external hard drives or USBs and get access on all the network location that includes the network shares and mapped drives. To get on all the files may take hours, even days depending on all the volume of the size of the file and can stop only when the user turns of the system or it has finished working.
The files on which the ransomware attack creates a ransom note. These notes are send in formats such as .txt, . png, .html to make sure that the user opens the files. The note is saved on the desktop of the user machine and it also changes the image of the background of the desktop.
Some parts of the ramsomware create a payload that is secondary to the machine after the encryption is done. The ransomware is mainly noticeable and destructive. The second payload is normally hidden to user and they are undetected on machine of the user. The payload that is secondary is mainly designed to steal the passwords and usernames. The final step of the ransomware is to erase itself from the machine. This process is done so that the user does not get to know about the ransomware attack had occurred. The system of the user is left with corrupted files and the note that is generated by the ransomware. These files of ramsomware are not usually removed by antivirus.
The other names of ramsomware are CryptoDefense, CryptoWall or CryptoLocker. This attack is one of the main broad and harmful threats that are faced in present days. It take the files of the system or the network they have targeted, encrypts the files and demands money to unlock those files.
What could have been done to prevent the attack?
It is not possible to protect the system from the ramsomware attack. The following processes are to be done while a client faces an attack of ransomware:
- Before shutting down the system, the users are suggested to take a picture of the system memory. This will help to get know the vector of the ransomware and as well as cryptograph the materials that are needed to decrypt data.
- To stop the further spread of ransomware and stop the damage of the data, it is advised to shut down the system.
- All emails should be recalled that carries ramsomware files to prevent the system.
- Network accesses are blocked so that the command and control servers that are used by ransomware are identified.
Birje, M. N., Challagidad, P. S., Goudar, R. H., & Tapale, M. T. (2017). Cloud computing review: concepts, technology, challenges and security. International Journal of Cloud Computing, 6(1), 32-57.
Choi, K. S., Scott, T. M., & LeClair, D. P. (2017). Ransomware against police: diagnosis of risk factors via application of cyber-routine activities theory. International Journal of Forensic Science & Pathology.
Clarke, R., & Youngstein, T. (2017). Cyberattack on Britain’s National Health Service—A Wake-up Call for Modern Medicine. New England Journal of Medicine.
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Copeland, M. (2017). Cybersecurity: How Security Vulnerabilities Affect Your Business. In Cyber Security on Azure (pp. 3-31). Apress, Berkeley, CA.
Corrêa, D. G., Enembreck, F., & Silla, C. N. (2017, May). An investigation of the hoeffding adaptive tree for the problem of network intrusion detection. In Neural Networks (IJCNN), 2017 International Joint Conference on (pp. 4065-4072). IEEE.
Fowler, K. (2016). Data Breach Preparation and Response: Breaches are Certain, Impact is Not. Syngress.
Glavach, D., LaSalle-DeSantis, J., & Zimmerman, S. (2017). Applying and Assessing Cybersecurity Controls for Direct Digital Manufacturing (DDM) Systems. In Cybersecurity for Industry 4.0 (pp. 173-194). Springer International Publishing.
Kreutz, D., Esteves-Verissimo, P., Magalhaes, C., & Ramos, F. (2017). The KISS principle in Software-Defined Networking: An architecture for Keeping It Simple and Secure. arXiv preprint arXiv:1702.04294.
LN, P. B., Wibowo, S., & Wells, M. (2017, June). Data Security and Privacy on the Cloud: Driving to the Next Era of Technology with Confidence. In International Conference on Mobile and Wireless Technology (pp. 203-212). Springer, Singapore.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5).
Paté?Cornell, M., Kuypers, M., Smith, M., & Keller, P. (2017). Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies. Risk Analysis.
Pope, J. (2017). Ransomware: Minimizing the Risks. Innovations in clinical neuroscience, 13(11-12), 37.
Solic, K., Ocevcic, H., Fosic, I., Horvat, I., Vukovic, M., & Ramljak, T. (2017, May). Towards overall information security and privacy (IS&P) taxonomy. In Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2017 40th International Convention on (pp. 1298-1301). IEEE.
Will, M. A., Garae, J., Tan, Y. S., Scoon, C., & Ko, R. K. (2017, April). Returning Control of Data to Users with a Personal Information Crunch-A Position Paper. In Cloud Computing Research and Innovation (ICCCRI), 2017 International Conference on (pp. 23-32). IEEE.
Young, A. L., & Yung, M. (2017). Cryptovirology: The birth, neglect, and explosion of ransomware. Communications of the ACM, 60(7), 24-26.