Security Breach: The WannaCry Ransomware Attack And The Playstation Network Breach

Definition of Security Breach

Discuss about the Security for Desired Data, Services and Applications.

A security breach can be described as an incident where unauthorized source can get access of their desired data, services, applications and many more. Security breaches occur when an application or an individual tries to enter a confidential IT perimeter illegitimately (Laube and Böhme, 2016).  Security breach is the initial stage of security attacks. Sometimes a security breach can be less risky but sometimes it might result to be most dangerous. The details of this topic are discussed further in this report. Asynchronous I/O is a type of input or output processing that lets other processing to go on before the transmission gets over. Operations of input and output can be slow in comparison to the processing of the data (Chinner and Gigante, 2014). Asynchronous I/O activity is a problem with many memory protection schemes, including base/bounds and paging. These problems are mentioned in the discussion part of this report. It further discusses regarding the network outage that had been faced by Play Station in 2011. It gives recommendation that could have been implemented by Sony in order to prevent the attack.

Various deadliest security breaches include WannaCry, Petya, Locky, Cerber, SamSam and many more. The security breach chosen for this report is WannaCry. WannaCry is a specific ransom ware worm that has the ability to spread itself through a wide range of computer network (Scaife, Traynor and Butler, 2017). This ransom ware took place in May 2017. It infects a computer and encrypts files in the hardware of the PC. This makes impossible for the owner of the data to get access to it. The attacker demands some amount of ransom in order to decrypt the data. The attack was highlighted because it struck numerous systems of high profile. This included the National Health Service of Britain.

The WannaCry ransom ware includes many components. It appears in the computer as a dropper. Dropper is a program which is self-contained that extracts the components of other application within itself. These components are a copy of Tor, files that contain encryption keys, an application that encrypts as well as decrypts information. The program code was comparatively easy to analyze (Mohurle and Patil, 2017). After being launched WannaCry accesses hard-coded URL. If it is unable to access it, it searches files and tries to encrypt them in a specific format. It can hack Microsoft office files as well as MKVs and MP3s and leaves them inaccessible to the owner. After that, it displays a notice where it demands a ransom amount in bit coin in order to decrypt files.

Asynchronous I/O and Memory Protection Issues

WannaCry had the ability to spread itself across huge networks. This is done by exploiting a known bug in the operating system of Microsoft Windows. According to various reports, the attack took place on Friday (Ehrenfeld, 2017). This forced the hospitals in Britain to turn away the patients. It had also stuck various companies in Spain such as Portugal Telecom, Telefonia and FedEx. WannaCry attacked around 40 NHS (National Health Service) of England. Hackers had sent mails containing malicious attachment to the victims. They tricked the victims in opening the mails. They were tricked because the mails appeared to contain job offers, invoice, security warnings and other files. WannaCry locks files in the computers and encrypts them in such a way that the owner or the user is not allowed access to the files. When WannaCry infects an operating system and the user tries to get access to the data infected a pop-up window is appeared. This pop-up provides an explanation of the happenings to the computer, how they can be recovered (Brewer, 2016). It also gives instructions on the ways to pay the ransom amount in bit coin. The pop-up also features a countdown clock, which shows the amount of time left for the payment. If the demanded amount is not paid in time the user would lose the entire data. According to various researchers, a worm spread the infection. Worm is a program that has the ability to spread itself in a network of computers. They do not have to wait for the human action in order to spread it. The attackers assure that they would give back the access to the files after the payment is made, but researchers say that there is no guarantee that the access would be granted after the payment.

The computer networks can be saved from being infected by ransom ware attacks by following various measures. These measures are as follows

• Suspicious mails from unknown people should not be opened. Employees should be made aware of this. Any suspicious mail from unknown source is to be avoided (Maurya, Kumar and Agrawal, 2018). The attachments containing virus can cause serious damage to the organization.
• Organizations should install as well as use updated antivirus solution like Microsoft Security essentials. If the systems are not updated, there is a high chance that the hackers would target the system (Maurya, Kumar and Agrawal, 2018). The more updated the system is, the more secured it is from attacks.
• A pop-up blocker should be installed in the PCs of an organization. This would not allow the hackers to send any pop-up in order to convince the users to click any link or open any attachment.
• Every PC should have smart screen turned on in their Internet Explorer. This would help them identify the phishing as well as malware websites (Maurya, Kumar and Agrawal, 2018). This as a result would prevent the users from entering into malicious websites.
• The organizations should create a regular backup of their confidential and important data. These data once lost causes harm to the organization and its working principles (Maurya, Kumar and Agrawal, 2018). As a result, a backup of these files would be very helpful for the organization.

1. In the field of Computer science the asynchronous I/O is a type of input or output processing which permits other processing to keep working before the end of the transmission. A normal approach of I/O is to start access and wait fr the process to complete. This kind of approach blocks the progress of a specific program while the communication is going on. This leaves the resources of the system idle (Veresov, 2015). If a program makes numerous I/O operation this depict that the system would spend most of its time by waiting idle for the operations to complete. The main advantage of the operating system having fence register is its ability to relocate. This feature is very important in an environment that is multiuser (Chinner and Gigante, 2014). The major advantage of the operating system with the fence register is its capacity to relocate, this feature is very important in an environment of multi user. With the help of two or some more users, no one will be able to know where the program would get loaded for execution. The register for relocation is able to solve the issue and provide base address and starting address (Natanzon, Ayzenbergv and Mossel, 2017). All the address inside a program is offset compared to base address. A fence register which is variable is also known as base register. A fence register provides lower bound. T does not provide an upper bound. An upper bound could be useful for knowing the amount of space is allocated and checking the overflows in the forbidden areas. In order to overcome this problem a different register is added. This second register is known as bound register, it is upper address limit. Every program address is forced to be over the basic address (Watkins, Jia and Shipman, 2015). This is because content of the base register is added to the address. This process protects a particular program from being modified by any other user. When the execution is changed from one to other user, the operating process should change the entire content of the base as well as bound register. This is done in order to reflect the actual address space for the user.

A network outage was faced by Play Station in 2011. This took place due to an external intrusion on the network of Play Station. In this data breach data of around 77 million accounts were stolen. This also prevented the users to get access to their accounts. This led in theft of the users’ account details like addresses, name, data regarding credit cards and many more. This was rated as the most harmful and largest Internet Security breaches. Sony realized that the data related to users has been stolen by an external source (Goode, Hoehle and Venkatesh, 2017). This realization took place seven days after the attack was carried out. They had shut down the network immediately. Sony informed the users regarding the attack after few days. Sony informed that the illegal or unauthorized person obtained information regarding the users. This information included their name, email address, address, username, birth dates, passwords, logins and some more. The shut down disabled the users from buying or downloading games. According to some research, the breach has resulted in largest theft of the identity data of the users. This breach had caused a major loss to the electronics maker of Japan. There was no evidence of the theft of credit card numbers. The problem faced by the users was that when a user tries to get access to the site, he gets a message showing Page Not Found (Grieco, Piro and Boggia, 2017). It also said that it is not the user’s fault; it is the internet’s fault. Sony Entertainment Network responded to the attack by posting a tweet saying they know regarding the issues that users are facing while connecting to the network of PlayStation. Under this attack, various attacks took place. They are April 17, Sunday; 25 million customers’ data was exposed. On April 19, Tuesday, Sony realizes that an intrusion took place into the network of PlayStation. On April 21, Thursday Sony started investigating the reason behind the network outage. On April 24, Tuesday 77 million accounts of PlayStation network were compromised. Sony notified the PSN customers regarding security breach after 7 days. On April 28, Thursday, 4.5% of shares owned by Sony in Tokyo closed down. The overall stock fell over 8% in about a week. May 2, Monday, Sony revealed that the network of Sony Online Entertainment had been hacked before 2 weeks. On May 3, Tuesday Sony informs its customers regarding the breach. May 9, Monday, analysts realize the repair bill is around billion-dollar. May 15, Sunday, after the hacking debacle, Sony restarts the internet services (Marshall and Rimini, 2015). May 16, Monday, the servers of Amazon cloud were used in order to hack the PSN. The hacking of the network of PlayStation has affected more than 77 million people. People were denied the access of the site. Users were not able to download or update games. The organization faced a crucial loss. The bill of repairing the issue was more than a billion dollar. The company lost most of its shares in the market.

WannaCry Ransomware Attack

Due to some security reasons and Sony being a tight-lipped organization on these matters, we have not yet known the exact attacker of PlayStation. Some guesses had been made regarding the process of the attack. The proximity to the recent attacks on anonymous is likely to be related with the database breach. It has been assumed that the attacker might have learned regarding the weakness in the security mechanisms of PSN. Then that data is passed on to a group of hackers. After that if the fault was quite big, the attackers would have stepped into the network with the help of an SQL injection attack (Marshall and Rimini, 2015). One alternative could be the release of custom PlayStation 3 build which is called Rebug. This turns PS3 into a developing unit as well as activates a list of features that are not normally access able by customers. The Rebug firmware gives the user access to the internal developer network of Sony. It has been reported that once someone is in the internal network, a range of new hacks are available. These hacks include the usage of fake details of credit card. With the installation of custom firmware, it is possible to get access of the customer details that has been breached. Along with the hack, the PlayStation network passwords were also exposed (Marshall and Rimini, 2015). It is possible that the passwords were stored in normal readable form and other details regarding the customer like username, address were stored without encrypting them for security. It might be impossible to secure the entire data from unauthorized users but it could be encrypted so that it becomes useless for the upcoming hackers.

It was found out that Sony was lagging behind in many ways, which led a way to the breach. The measures that could be taken in order to prevent the breach are as follows

• Sony has been using an outdated version of the software called Apache Web Server. It did not have a firewall as well. The hackers compromised the network of PlayStation on April 19; they stole the personal data available. It forced Sony to rebuild its network from the base (Velez-Castrillon and Angert, 2015). Sony could have maintained its security in order to keep the personal data of the customers safe. Sony should have installed a firewall in order to keep their network safe from the unauthorized users.
• They could have employed an anti-tamper technology in order to harden all the applications, which can access sensitive data. They may be client or server applications (Velez-Castrillon and Angert, 2015). All data could be encrypted with the help of effective hidden keys. Any trial of access to the data should be treated with instant action.
• The monitoring software of the system could have been made stronger. This would have caught the abnormal patterns of traffic.

Conclusion

It can be concluded from the above report that security is the main factor for an organization to stay away from hackers. Various organizations can be attacked by unauthorized users if their security system is not enough secured. This report also discusses regarding WannaCry ransom attack. It describes the damages caused by the attack and the recommendation that can be implemented in order to prevent the attack.

References

Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network Security, 2016(9), 5-9.

Chinner, D., & Gigante, M. A. (2014). U.S. Patent No. 8,635,256. Washington, DC: U.S. Patent and Trademark Office.

Chinner, D., & Gigante, M. A. (2014). U.S. Patent No. 8,635,256. Washington, DC: U.S. Patent and Trademark Office.

Ehrenfeld, J. M. (2017). Wannacry, cybersecurity and health information technology: A time to act. Journal of medical systems, 41(7), 104.

Goode, S., Hoehle, H., Venkatesh, V., & Brown, S. A. (2017). USER COMPENSATION AS A DATA BREACH RECOVERY ACTION: AN INVESTIGATION OF THE SONY PLAYSTATION NETWORK BREACH. MIS Quarterly, 41(3).

Grieco, L. A., Piro, G., Boggia, G., & Striccoli, D. (2017). 3 Cooperative Networking. Internet of Things: Challenges, Advances, and Applications, 51.

Laube, S., & Böhme, R. (2016). The economics of mandatory security breach reporting to authorities. Journal of Cybersecurity, 2(1), 29-41.

Marshall, J. P., & da Rimini, F. (2015). Playstation, Demonoid and the orders and disorders of Pirarchy. Krisis: Journal for contemporary philosophy.

Maurya, A. K., Kumar, N., Agrawal, A., & Khan, R. A. (2018). Ransomware: Evolution, Target and Safety Measures.

Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack 2017. International Journal of Advanced Research in Computer Science, 8(5).

Natanzon, A., Ayzenbergv, L., Mossel, Y., Singer, I., & Kedem, O. (2017). U.S. Patent No. 9,639,592. Washington, DC: U.S. Patent and Trademark Office.

Scaife, N., Traynor, P., & Butler, K. (2017). Making Sense of the Ransomware Mess (and Planning a Sensible Path Forward). IEEE Potentials, 36(6), 28-31.

Velez-Castrillon, S., & Angert, C. (2015). How Sony Got its Groove Back: A Case Study in Turnaround Management. Business Education Innovation Journal, 7(2).

Veresov, I. (2015). U.S. Patent No. 9,213,562. Washington, DC: U.S. Patent and Trademark Office.

Watkins, N., Jia, Z., Shipman, G., Maltzahn, C., Aiken, A., & McCormick, P. (2015, November). Automatic and transparent I/O optimization with storage integrated application runtime support. In Proceedings of the 10th Parallel Data Storage Workshop (pp. 49-54). ACM.