|
Name of attack: |
Distributed Denial of Service Attack (DDoS) |
|
Type of attack: |
Computer Network Attack |
|
Dates of attacks: |
March 20, 2014, February 28, 2018 |
|
Computers / Organizations affected: |
DDoS attack on GitHub Website, DDoS Attacks on Boston Children’s Hospital |
|
How it works and what it did: The Denial of Service attack is considered as a deadly weapon that is used for attacking many organizations and computer network. The case study that is taken in this account is the case study of Boston Children’s Hospital. This hospital was attacked by Distributed Denial of Service attack in the 2014. The Denial of Service attack is basically an attack that makes data or information unavailable to intended hosts. There are different methods as well as strategies to carry out the DoS attack. The main work of the DoS attack is to enter the network of the victim and get access of the victim’s network. The DoS attack also makes that network inaccessible for other clients. The network is made unavailable by using many number if IP packets. Another way that the hacker can attack a victims using Denial of Service attack is by attacking in different loopholes making the network unstable. There are other DoS attacks that are mainly carried out in the application level disturbing the usual functioning of the service. These attacks crashes Wen Browser, media player, or email application. The attack took place in the Boston Children’s Hospital. The attack took place in three strikes. On March 20 in the year 2014, the IT group of the Boston Hospital got a threatening message in Twitter [1]. The message was related to the case of child custody case of a 15 year old girl who had a complex diagnosis was undertaken by Massachusetts protective services. The message that came to the hospital was about returning their child to her parents and making certain action against the clinicians. The attackers who sent message also posted some personal information including the home address, email address and the phone numbers of the some of the people who were involved. The first phase of attack was on April 2014. In this Strike 1 of DDoS, the attackers attacked the external website of the hospital. The second phase of attack was done again within a week. This is considered as Strike 2 attack of the hospital. This attack included the TCP fragmented floods, DNS reflection flood, and the out of the state flood. In the strike 3 attack of the DDoS, the attacks were at its peak. The third attack was four times more dangerous than the second attack. The attackers used spear phishing emails to lure the recipients for clicking the links or the opening attachments. This helps the attacker to grant access to the network behind the firewall in the hospital. |
|
|
Mitigation options: When the management came to know about the threat, then they immediately became aware. The management team of the Boston Children’s Hospital started the incident response team which is multidisciplinary. The team quickly accesses the services that are likely to be compromised or to be lost if the hospital lose their internet connection. The wrong thing that the hospital made was that it has not taken such preventive measures before the attack of the denial of service. Three impacts were identified by the team. · They were not able to route prescriptions electronically to their pharmacies. · There were email downtime for all the departments which was the only critical process for their functions. · They were not able to access the remotely Electronic Health Records in the server. The hospital invokes an emergency response team, to do the mitigation and used Radware’s scrubbing centre for handling the excessive rate of DDoS attacks. As there are no such particular way of distributed denial of service attack, the system that divides the system are volumetric, application attacks, as well as protocol. |
|
|
References: [1]”DDoS Case Study: DDoS Attack Mitigation Boston Children’s Hospital”, Security.radware.com, 2018. [Online]. Available: https://security.radware.com/ddos-experts-insider/ert-case-studies/boston-childrens-hospital-ddos-mitigation-case-study/. [Accessed: 30- May- 2018]. |
Question 1: How it works and what it did?
WannaCry is a type of ransomeware attack that attacked a large number of computer attack in May, 2017. The WannaCry attack infected the Windows of computers are mainly encrypted the files on the hard drive and makes impossible for its users for accessing them and then demands a payment for the Ransome in order to decrypt them [3]. The WannaCry attack that took place spread over many number of high-profile systems which included Britain’s National Health Service. The malware exploited the vulnerability of Windows that was generally suspected to discover the United States National Security Agency. The WannaCry Ransomware has multiple of components in it. The malware arrives on infected computer as a dropper, which is a self-contained program for extracting other components that are embedded within it. The components that are embedded are application which helps to decrypt and encrypt the data, the files that contains encryption keys, and a copy of Tor.
Question 2: How this attack is propagated?
The attack for the WannaCry is more interesting than ransomware itself. The malware of the WannaCry mainly exploits the lies in Windows implementation. Of SMB (server Message Block) protocol [5]. This protocol needs different nodes on the network communication. This WannaCry attacked over 150 countries and then infected more than 230,000 computers all over the countries. The hackers of the WannaCry attack executed this attack by exploiting the vulnerability of EternalBlue in the operating system of OS. This WannaCry Ransonware attack impacted many leading organizations in various countries. Within a couple of days, this attack became as sort of sensation of the global level. This makes the ransomware most famous among all the non-technical people as well.
Question 3:
Impact of this attack on the operation of an organization?
The impact of the WannaCry ransomware attack was believed to be a rogue cyber weapon that was stolen from NSA. The impact of this cyber-attack instructed the employees not to open any files or they should not login into their accounts for two hours [1]. Most of the organization installed the antivirus on their systems for allowing them to work first and then the employees were instructed to log in their systems. The organizations faced problems about how to mitigate the attacks and about how to robust their systems. The WannaCry ransomware also attacked the computer systems in NHS hospital, blocking about all the files for accessing by encryption. This ramsomware WannaCry attack demanded them to pay an amount of $300 in bitcoin and increased their demand to $600.
Mitigation process to protect their networks and resources-
All the organization that have faced the WannaCry ransomware attack first of all installed an antivirus in all their systems so that the antivirus can detect the malware in the system. The organizations also instructed them not login to the network of the organization. The WannaCry ramsomware leads to many organization loss [4]. It was also reported to all the identified organization to not pay the ransom money to the attackers. If the amount of asked money were paid to the attacker, then it would be very difficult to get the hacked data return from them. So, not paying the amount was best decision that they took.
Question 4:
Duty of the Incident Response Planning
The Resource Planning team is most effective so that they can help the organizations for responding the incidents when there are three distinct function in place [3]. There should be presence of CSIRT (Computer Security Incident Response Team), a legal expert as well as public communication expert.
The CSIRT mainly consists of group that helps to execute the technical aspect of the Incident Response Plan. The members of this team are mainly responsible for detection, eradicating the cyber incidents and the containment of the cyber-attacks.
Disaster Recovery Planning
To carry out the Disaster Recovery Planning, there must be a Disaster Recovery team that is considered as a core of the disaster recovery or is also known as business continuity effort [2]. For disaster recovery, there must be involvement of the CIO or the involvement of the senior IT manager. The planning that are taken by the team heads are known as Disaster Recovery Planning that helps an organization to recover the attack that took place.
Business Continuity Planning
The Business Continuity Planning includes all the essential functions that are needed in a business, which helps to identify the processes and the systems that are sustained and about how to maintain them [3]. When an organization faces risks that are related to the cyber-attack, or some natural disasters, then the Business Continuity Planning is done. In this process the IT administrators creates plan, there are participation of the executive staffs who can aid the process and add knowledge to that organization.
Question 5:
What steps can you take to protect your own PC or laptop computer from Wannacry attack and other attacks?
To protect the system from Wannacry Ransomware attack, the user needs to keep all the software and the applications that are included in the system updated. The Wannacry is likely not to attack the system which has all its software updated. The operating system in all the systems should be kept up to date [1]. The user who is using a laptop or a computer system should also make an antivirus that will help to detect any vulnerability in the system. The antivirus detects any suspicious activity in the system. One of the advanced antivirus that can be used for protecting the system from Wannacry is Avast anti-virus. The user can also configure an advanced setting in the firewall for controlling the network traffic using specific connection parameters.
Question 6:
Lessons learned from this malware incident
The lessons that can be learnt from the this Wannacry ransomware attack is that all the organization should use protective measures to prevent the ransomware Wannacry attack so that there is no possibility of attacks in the system. The organizations are always to protect their system from the ransomeware attack. There should be anti-malware antivirus for protecting the systems from the attack.
Question 7:
Whom to contact if Australian Business faces this type of attack?
If an organization in Australia faces any cyber-attack, they should firstly contact the Australian Cyber Security Center (ACSC) team, which is s government agency that helps to bring the capabilities of the cyber security [2]. The organization should implement Incident Response Planning and Disaster Recovery Planning so that the organization do not face further attacks in the organization.
MEMO
To:
From:
Date:
Subject: Discussion about the serious situation of the organization and highlighting the key breaches that include the ITSec recommendation.
The auditor of the organization is finding the countless situation of information security in all its processes. The organization lacked in coordinated security policy and all the policies that were involved in the organization were not followed properly.
A contractor of the company requested for a TMS server address over phone. The auditor also found that the administrator gave the server address to a contractor because the contractor was upgrading the server system [5]. This might bring a problem to the company in future related to browser data breach or denial of service data breach. The company may loss all its data because of this.
The best recommendation that the auditor can give the company is to keep a look on all the activities of the contractor and monitor all the activity that the server contractor follows [4].
It can be clearly stated that the data was surely stolen by the contractor who was hired to upgrade the network system. The organization needs system management so that the data breach for the company can be mitigated.
References
[1] Mohurle, Savita, and Manisha Patil. “A brief study of wannacry threat: Ransomware attack 2017.” International Journal 8, no. 5 (2017).
[2] Berr, J. “‘WannaCry’Ransomware Attack Losses Could Reach $4 Billion.” CBS News 16 (2017).
[3] J. Fruhlinger, “What is WannaCry ransomware, how does it infect, and who was responsible?”, CSO Online, 2018. [Online]. Available: https://www.csoonline.com/article/3227906/ransomware/what-is-wannacry-ransomware-how-does-it-infect-and-who-was-responsible.html. [Accessed: 31- May- 2018].
[4] Hasan, Mosin, Nilesh Prajapati, and Safvan Vohara. “Case study on social engineering techniques for persuasion.” arXiv preprint arXiv:1006.3848 (2010).
[5] Kvedar, Derek, Michael Nettis, and Steven P. Fulton. “The use of formal social engineering techniques to identify weaknesses during a computer vulnerability competition.” Journal of Computing Sciences in Colleges 26, no. 2 (2010): 80-87.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download