Name of attack:
Type of attack:
Cross site scripting
Dates of attacks:
21st May 2014
Computers / Organizations affected:
How it works and what it did:
The attackers also took advantage of the “forgot password” link. Usually, the password request goes to users email but the attacker directed the request using “requint” value. When the user clicked the password reset link in email, the attacker used the requinto value to create another HTTP request to create the password chosen by the attacker .
The attacker was able to acquire data of various users. The data accessed by the hackers was for approximately 145 million users . The types of data include: login credentials, email addresses, phone numbers and the dates of birth. This results to loss of trust from the customers to the organization .
The first step to deal with the data breach attack is to inform the Cyber security organization in the country . Any response processes should be documented and followed. Data protection should be priotized. All the important and sensitive information in an organization should be priotized and protected. To mitigate the data breach the users of the eBay were advised to change their passwords . The system required use of strong password. The credentials for the users were encrypted and any other data in the system was also encrypted. The system should be have patch updates installed in the servers . The organization had to organize an expert response team. The team include forensic, legal, management experts and investor relations staff. The team was also supposed to check the website and confirm there is no misplaced information . The team was supposed to try and remove the vulnerabilities detected  on the website. Once the attack is mitigated, it is also a good practice to use a monitoring system to monitor the traffic of the system that was attacked.
Q1) How it works and what it did?
The WannaCry Ransomware targeted the vulnerable computers operating on Windows operating system. The malware used EternalBlue and DoublePulsar backdoor malware to get installed in the system. The EternalBlue.exe script is executed and if successful it checks for DoublePulsar malware. If available, the DoublePulsar is used to bypass the authentication measure implemented in a system. The DoublePulsar creates a back door to remote access. If successful the system attacked tend to be in control of the hacker.
The impact of WannaCry affected many users in around 150 countries. The hackers threatened to delete file is the owners did not pay an amount they required in form of bitcoins. The attackers asked the owner to pay the ransom required within seven otherwise, they would delete the data.
Q2) how this attack is propagated?
The WannaCry was distributed to various system via the use of malicious email and the Necurs botnet. EternalBlue was used to exploit the security loophole. EternalBlue allows malicious code to be spread in platform meant for sharing files such as droboxes, shared drives and databases. The malware is shared with no permission from the user.
Q3) Discuss the impact of this attack on the operation of an organization?
The organization that complied with the demand of the hacker paid the ransom the attackers required for the data not to be deleted. Some business that did not pay the ransom as required lost the data. The business are experience some down time when, the ransomware was effective. Most of the organization that were infected were the health sector organisations. This resulted to the cancellations of the scheduled operations and appointments.
Some of the steps the organisation would take to protect their networks include: update their versions of Windows operating system to window 7 or later versions, install security software, upgrade the unsupported hardware and remain up-to-date on the software patches.
Q4) Give an example of a duty of the Incident response planning, Disaster recovery planning
For the business that were attacked such as London's Barts Health NHS Trust are still having a duty of the incident response planning in order to run its operation normally as others. The hospital activated the tested contingency plans and are gradually bringing the clinical systems back online. The hospital began need to process al the huge backlog of messages and the hospital was open for emergency cares but had cancelled most of its scheduled operations. The hospital apologised for the inconvenience and directed some patients to other hospitals except for the emergency cases.
Q5) What steps can you take to protect your own PC or laptop computer from this attack and other attacks?
I would ensure the operating system install in my laptop is genuine and the application are up-to-date. I would also install some antivirus application for the detection of attacks in the PC.
Q6) Briefly describe the lessons learned from this malware incident
Some of the malware that attack the computer are beyond our control. But to help in the mitigation of the attack by malware the applications and software in our laptops should be up-to-date.
Q7) If any Australian organization or Australian businesses is infected with attack
Australian Cyber Security Centre (ACSC)
The ACSC should be informed of any cyber security threat in an organization. The ACSC will help the organization understand the threat environment and will assist the organization affected in mitigating the attack.
- Victims of social engineering
From: ABC Auditors
Re: Victim of social engineering
Earlier this month, the organization performed an audit. The auditors have found quite a number of loopholes in the information security throughout the organization. It has come to our notice that the laid security policies were not followed. A contractor had be hired upgrade the servers. The administrator gave out the TMS server addresses via phone to the contractors. The contractor also asked for the password over the phone but the administrator requested the contractor to pass by the office and be given the password. The contractor did not show up in the office. The contractor was attempting social engineering. After some follow-up it was noted that the contractor has stolen some organization’s information from the transaction management system.
Data breach and password hack attack were detected in the system. The contractor used lax security to get away after stealing data. The transaction system had some faults such not using strong password and lack of encryption of sensitive data. From the audit, the password that was hacked had only three characters without any special character.
For the organization staff should follow all the security policy required so as try to mitigated the cases of social engineering. All system users should change their passwords. The new passwords should be lengthy and should apply the use of special characters. The system administrator should also encrypt the sensitive data. The security policies should be followed in order to ensure security in the organization systems and data.
In case, of any problem realised when using the system, please inform the system administrator. So that the issue can be addressed.
Eecs.yorku.ca, 2018. [Online]. Available: https://www.eecs.yorku.ca/course_archive/2015-16/W/3482/Team12_eBayHacks.pdf. [Accessed: 27- May- 2018].
J. DiGiacomo, "10 Common Data Breach Attack Techniques | Revision Legal", Revision Legal, 2018. [Online]. Available: https://revisionlegal.com/data-breach/attack-techniques/. [Accessed: 27- May- 2018].
Evry.com, 2018. [Online]. Available: https://www.evry.com/globalassets/india/pdfs---white-papers/mitigating-security-breaches-in-retail-applications.pdf. [Accessed: 27- May- 2018].
S. Doug Drinkwater, D. Drinkwater, T. Morbin and D. Drinkwater, "eBay counts the cost after 'challenging' data breach", SC Media UK, 2018. [Online]. Available: https://www.scmagazineuk.com/ebay-counts-the-cost-after-challenging-data-breach/article/541162/. [Accessed: 27- May- 2018].
"Hackers raid eBay in historic breach, access 145 million records", U.K., 2018. [Online]. Available: https://uk.reuters.com/article/uk-ebay-password/hackers-raid-ebay-in-historic-breach-access-145-million-records-idUKKBN0E10ZL20140522. [Accessed: 27- May- 2018].
"Types of Attacks", Comptechdoc.org, 2018. [Online]. Available: https://www.comptechdoc.org/independent/security/recommendations/secattacks.html. [Accessed: 27- May- 2018].
"Hackers steal up to 145 million user records in massive eBay breach", Computer Fraud & Security, vol. 2014, no. 6, pp. 1-3, 2014.
S. Romanosky, D. Hoffman and A. Acquisti, "Empirical Analysis of Data Breach Litigation", Journal of Empirical Legal Studies, vol. 11, no. 1, pp. 74-104, 2014.
S. Oh, "Estimates for Reasonable Data Breach Prevention", SSRN Electronic Journal, 2015.
P. Leonard, "The New Australian Notifiable Data Breach Scheme", SSRN Electronic Journal, 2018.
G. Virgo, "Personal and Proprietary Remedies for Breach of Confidence: Nearer to Breach of Fiduciary Duty or Breach of Contract?” SSRN Electronic Journal, 2014.
"UK data breach fines double", Computer Fraud & Security, vol. 2017, no. 6, p. 3, 2017.