ITC595 Information Security

Problem Description

One of the recent computer security breaches that have been reported is of Missouri-based health care provider Blue Spring Family Care. It has been reported that the Protected Health Information (PHI) of 44,979 patients has been exposed as an outcome of the attack. The systems were infected with a variety of malware including ransomware. The Blue Spring Family Care reported that their computer vendor had detected the ransomware on May 12; however, it was later detected that a variety of other malware were also installed in the systems of the provider. The viruses and other malware enabled the hackers and attackers with the ability to gain control and access to the entire system of Blue Spring Family Care including the Protected Health Information of its patients (Davis, 2018).

The data sets that were impacted as an outcome of the attack included social security numbers of the patients, driver’s license number & details of the patients, demographic information covering date of birth & contact address, disability codes, and medical diagnosis of the patients (Barth, 2018).

How & why it occurred

There was a ransomware that was detected and reported by the management of the Blue Spring Family Care on May 12, 2018. Ransomware is one the types of malware that blocks the access to the computer system and the computing resources connected with the system. The files on the computer systems of the Blue Spring Family Care were encrypted as a result. There are different mechanisms that could have been used to initiate ransomware on the computer systems and applications of the Blue Spring Family Care. There could have been malicious links that could have been shared by the attackers and the access to the link could have downloaded the application on the computer systems. Generic ransomware was used to give shape to the security attack and it is introduced using multiple hits and involvement of different attackers.

When the ransomware was reported by the officials, there were other malware packages and codes that were also detected that assisted in giving shape to the security attack to cause breaching of the data sets. One of such malware is viruses that were detected in the computer systems being used in the Blue Spring Family Care. Virus is a malicious code that attaches itself to the executable piece of software and causes self-reproduction to impact the other files and applications (Medium, 2018).

The reason behind the occurrence of the security attack on the data sets was the security vulnerabilities and loopholes that were present in the computer systems of the Blue Spring Family Care. The attackers could make use of the security vulnerabilities that were present in the computer systems to launch the malicious codes. There were loopholes at the administrative side of security as well. As soon as the ransomware was detected and reported, there should have been additional security measures taken to prevent further risks and attacks. The data breach took place on July 26, 2018 and the ransomware was reported on May 12, 2018. The security team and officials should have used enhanced security tools and measures to ensure that the further damage could be avoided. The attackers could give shape to the data breach because no such measures were adopted (Dhapola, 2017).

Prevention of the Problem

There are certain measures that could have been taken to prevent the data breach from taking place. In order to prevent and detect ransomware, settings for the hidden file-extensions should have been changes to visible. The appearance of full file extensions provides the ability to view and detect the suspicious files. As a result, the attack could have been prevented. There are advanced technical controls that have been developed and the same should have been installed across all the computer systems and applications. The anti-malware packages that are being designed by the vendors come along with the ransomware protection. Blue Spring Family Care should have procured and installed these applications to prevent the attacks. These applications scan the entire system and networks at regular intervals and showcases all the suspicious files and activities involved. The attackers made use of system vulnerabilities and weaknesses. Patching and installation of updates is a basic mechanism that should have been used by Blue Spring Family Care to make sure all the applications were at their latest versions (Kharraz, Robertson & Kirda, 2018). The specific vulnerabilities may have been resolved and avoided and the attack could have been prevented. There has also been the involvement of unsecure network connection that has been observed. The network connections and the security of these network connections should have been improved with the use of security controls as network-based intrusion detection, network scanner, network monitors, firewalls, and proxy servers.

User awareness is one of the primary mechanisms that shall be utilized from preventing any form of the security risks. It is because user practices are usually the prime reasons behind the occurrence of the attack. The users knowingly or unknowingly carry out such practices that provide the attackers with the ease of executing a security attack. In this case, the users should have been made aware of the types of the suspicious links that they shall avoid and report at an immediate basis. This might have prevented the ransomware and other malware attacks from taking place. The information sharing on the security practices and latest security mechanisms should have been imparted to the employees and other users of the Blue Spring Family Care systems (Kalaimannan, John, DuBose & Pinto, 2016).  

WannaCry & Petya Cyber-Attacks

Problem Description

There have been a lot many security attacks that have occurred in the past. Two of such recent and high-profile attacks are WannaCry and Petya. These are the ransomware malware attacks that have impacted huge number of systems and applications all across the globe.

WannaCry is a ransomware attack that was detected on May 12, 2017 and targeting the systems that made use of Microsoft Windows as the operating system. National Health Services (NHS), England first reported the locking out and access block on its systems and it was soon reported from over 150 countries. The attackers in this case made use of bitcoins and there was a ransom amount that was being demanded by the attacker to provide the access to the systems. The users that did not agree to pay the ransom amount were at the risk of losing their sensitive and confidential information (Palmer, 2018).

Soon after WannaCry ransomware attack impacted huge number of computer systems all across the globe, there was another attack that was reported. Petya ransomware attack was reported by the users from Europe and US two months after the occurrence of WannaCry attack. The attackers were demanding a ransom of $300 using bitcoins to provide the access to the users in this case. The impacted systems were again enabled with the operating system as Microsoft Windows (Solon & Hern, 2018).

Scope of the Attack

The scope of WannaCry ransomware attack as well as Petya cyber-attack was restricted to Microsoft Windows as the operating system. The systems that did not have the security patch for EternalBlue security vulnerability installed and were enabled with the Microsoft Windows as the operating system were impacted by the security attack. There were over 150 countries and users in these countries that were impacted by the WannaCry ransomware attack.

Operational Details of the Attack

The WannaCry and Petya ransomware attacks were exposed to the systems that were enabled with Microsoft Windows as the operating system. There was a vulnerability termed as EternalBlue that was detected and reported for the Windows systems. It was detected in March, 2017 and there was a patch that was released to fix the issue. There were several users that were not aware of the security vulnerability or did not pay due attention to the same. The updates were not installed by many. The vulnerability that continued to exist impacted the Server Message Block (SMB) protocol on the machines (Langde, 2017).

The following sets of steps were carried out by the vulnerability:

• SMB echo request was sent to the target machine as the first step
• Environment set-up was then carried out to carry out the attack
• SMB protocol fingerprinting was executed and completed in this step
• Exploit attack was then given shape by the attacker
• A check for DoublePulsar malware was issued with the success of the previous step
• SMB reply was then received by the malware

The EternalBlue vulnerability and the operational steps as listed above were common in WannaCry and Petya ransomware attacks.

Prevention Measures

There are a few measures that could have been taken to keep the information rupture from occurring. With a specific end goal to counteract and distinguish ransomware, settings for the concealed document augmentations ought to have been changed to obvious. The presence of full document expansions gives the capacity to see and distinguish the suspicious records. Thus, the assault could have been anticipated. There are propelled specialized controls that have been produced and the same ought to have been introduced over all the PC frameworks and applications. The counter malware bundles that are being outlined by the sellers join the ransomware insurance. The organizations ought to have secured and introduced these applications to keep the assaults. These applications check the whole framework and systems at customary interims and exhibits all the suspicious records and exercises included. The assailants made utilization of framework vulnerabilities and shortcomings. Fixing and establishment of updates is essential step that ought to have been utilized by the organization to ensure every one of the applications were at their most recent adaptations. The users should have installed the security patches that were released for the resolution of EternalBlue vulnerability. The particular vulnerabilities may have been settled and stayed away from and the assault could have been forestalled. There has likewise been the inclusion of unsecure organize association that has been watched. The system associations and the security of these system associations ought to have been enhanced with the utilization of security controls as system based interruption location, organize scanner, arrange screens, firewalls, and intermediary servers (Bbc, 2017).

Client mindfulness is one of the essential systems that will be used from keeping any type of the security dangers. It is on the grounds that client rehearses are typically the prime explanations for the event of the assault. The clients purposely or unwittingly do such practices that give the aggressors the simplicity of executing a security assault. For this situation, the clients ought to have been made mindful of the kinds of the suspicious connections that they will keep away from and report at a prompt premise. This may have kept the ransomware and other malware assaults from occurring. The data sharing on the security practices and most recent security instruments ought to have been conferred to the workers and different clients of the organization frameworks.

References

Barth, B. (2018). Data breach at Blue Springs Family Care endangers patient records, enables ransomware attack. Retrieved from https://www.scmagazine.com/data-breach-at-blue-springs-family-care-endangers-patient-records-enables-ransomware-attack/article/784080/

Bbc. (2017). NHS trusts 'at fault' over cyber-attack. Retrieved from https://www.bbc.com/news/technology-41753022

Davis, J. (2018). Ransomware, malware attack breaches 45,000 patient records. Retrieved from https://www.healthcareitnews.com/news/ransomware-malware-attack-breaches-45000-patient-records

Dhapola, S. (2017). Petya ransomware cyber attack: How it started, what it does, and how to protect your PC. Retrieved from https://indianexpress.com/article/technology/tech-news-technology/petya-ransomware-cyberattack-explained-hits-europe-what-it-does-how-to-protect-your-pc-and-more-4725476/

Kalaimannan, E., John, S., DuBose, T., & Pinto, A. (2016). Influences on ransomware’s evolution and predictions for the future challenges. Journal Of Cyber Security Technology, 1(1), 23-31. doi: 10.1080/23742917.2016.1252191

Kharraz, A., Robertson, W., & Kirda, E. (2018). Protecting against Ransomware: A New Line of Research or Restating Classic Ideas?. IEEE Security & Privacy, 16(3), 103-107. doi: 10.1109/msp.2018.2701165

Langde, R. (2017). WannaCry Ransomware: A Detailed Analysis of the Attack. Retrieved from https://techspective.net/2017/09/26/wannacry-ransomware-detailed-analysis-attack/

Medium. (2018). Blue Springs Family Care Data Breach Enables Ransomware Attacks, Endangers patient records. Retrieved from https://medium.com/@SwiftSafe/blue-springs-family-care-data-breach-enables-ransomware-attacks-endangers-patient-records-5ee108e978b1

Palmer, D. (2018). WannaCry ransomware crisis, one year on: Are we ready for the next global cyber attack? | ZDNet. Retrieved from https://www.zdnet.com/article/wannacry-ransomware-crisis-one-year-on-are-we-ready-for-the-next-global-cyber-attack/

Solon, O., & Hern, A. (2018). 'Petya' ransomware attack: what is it and how can it be stopped?. Retrieved from https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how