Mn604 It Security Management: Data Assessment Answers
Assignment Description
Computer Network attacks have resulted in the loss of sensitive data and significant network downtime. When a network or the resources within it are inaccessible, worker productivity can suffer, and business income may be lost. Attackers have developed many tools over the years to attack and compromise the networks of organizations. These attacks take many forms, but in most cases, they seek to obtain sensitive information, destroy resources, or deny legitimate users access to resources.
To understand how to defend a network against attacks, an administrator must first identify network vulnerabilities. Specialized security audit software developed by equipment and software manufacturers can be used to help identify potential weaknesses. In addition, the same tools used by attackers can be used to test the ability of a network to mitigate an attack. After the vulnerabilities are known, steps can be taken to help mitigate the network attacks.
This Assignment gives a planned research project that is separated into three parts: Researching Network Attacks, computer Security y Tools, current attack and case study.
In Part 1, you research various network attacks that have actually occurred. You select one of these and describe how the attack was perpetrated and how extensive the network outage or damage was. You also investigate how the attack could have been mitigated or what mitigation techniques might have been implemented to prevent future attacks. In part 2, you research about the WannaCry ransomware and answer the questions that are related with part. In part 3, you need to write a technical report about the given case study, which is about social engineer attack.
Part 1- Researching Network Attacks
In Part 1 of this Assignment, you research various computer system attacks that have recently occurred and select one on which to report. Fill in the form below based on your findings.
Q1) List one of the computer attacks you identified in your search? The below table can be used.
Name of attack:
Type of attack:
Dates of attacks:
Computers / Organizations affected:
Part 2- Researching about WannaCry Ransomware Attack
WannaCry ransomware attack is malicious software designed to block access to a computer system until a sum of money is paid. This attack started on Friday, 12 May 2017, infecting more than 230,000 computers in 150 countries. Research about this attack is required while answering to the below questions. At least three different resources should be used.
Q1) How it works and what it did?
Q2) How this attack is propagated?
Q3) Discuss the impact of this attack on the operation of an organization? What are some key steps organizations can take to help protect their networks and resources?
Q4) Give an example of a duty of the Incident response planning, Disaster recovery planning and Business continuity planning when having an unexpected event like this attack.
Q5) What steps can you take to protect your own PC or laptop computer from this attack and other attacks?
Q6) Briefly describe the lessons learned from this malware incident.
Q7) If any Australian organization or Australian businesses is infected with attack, who is the main point of contact for this cyber security issues affecting?
Part 3- Case Study (1): Victim of Social Engineering
Throughout the process, the auditor found countless examples of lax information security throughout the organization. There was a lack of a coordinated security policy, and the policies in place were not being followed. While reviewing the notes, the auditor noticed that a contractor requested the TMS server address over the phone. Further follow up revealed that a system administrator gave out the server address to a contractor because the contractors were in the middle of upgrading servers. The administrator also mentioned that the contractor requested the password, but the administrator didn’t feel comfortable sharing the password on the phone and asked the contractor to stop by the office – but the contractor was a no show. From the description of the events, the auditor felt it was a social engineering attempt. Social engineering is when a hacker attempts to gain access to sensitive information by tricking a person into giving it to them. The immediate recommendation of the auditor was to focus on the contractor’s activity in the organization.
Over the next few weeks the story unfolded and all the pieces of the puzzle were put together. It was eventually proven that the contractor stole the information. The contractor was hired to oversee the upgrade of servers on the storage network. While doing this, she learned about the transaction management system. She knew PII could be sold on the black market and thought the lax security at TKU would enable her to get away with stealing data without any repercussions. Her only obstacle was access. Since she only had access to the storage network, she needed a way to get access to the transaction management server. That’s when she called the system administrator and got the IP address and tried to get his login credentials. Once she got the IP address, she was able to utilize the free tools available on the Internet to scan the system and get the username and password with administrative access. It took her only a matter of minutes to get this information.
The password was only three characters long and didn’t use any numbers or special characters. With her new administrative permissions, she was able to export the PII.
Answer:
|
Name of attack: |
Data Breach |
|
Type of attack: |
Cross site scripting[6] |
|
Dates of attacks: |
21st May 2014 |
|
Computers / Organizations affected: |
eBay |
|
How it works and what it did: Cross site scripting involves a malicious code that is injected in an organisations website. The attacker can then use the browser to inject a payload into a web page that the eBay customers would visit [1]. EBay then executed the JavaScript code that was written by the attackers thus displaying malicious links on the user’s browsers [2]. If any user clicked on the link, then he/she would be redirected to a phishing login page. The users account and password would be stolen [3]. The attackers also took advantage of the “forgot password” link. Usually, the password request goes to users email but the attacker directed the request using “requint” value. When the user clicked the password reset link in email, the attacker used the requinto value to create another HTTP request to create the password chosen by the attacker [8].
The attacker was able to acquire data of various users. The data accessed by the hackers was for approximately 145 million users [5]. The types of data include: login credentials, email addresses, phone numbers and the dates of birth. This results to loss of trust from the customers to the organization [4].
| |
|
Mitigation options: The first step to deal with the data breach attack is to inform the Cyber security organization in the country [11]. Any response processes should be documented and followed. Data protection should be priotized. All the important and sensitive information in an organization should be priotized and protected. To mitigate the data breach the users of the eBay were advised to change their passwords [7]. The system required use of strong password. The credentials for the users were encrypted and any other data in the system was also encrypted. The system should be have patch updates installed in the servers [10]. The organization had to organize an expert response team. The team include forensic, legal, management experts and investor relations staff. The team was also supposed to check the website and confirm there is no misplaced information [12]. The team was supposed to try and remove the vulnerabilities detected [9] on the website. Once the attack is mitigated, it is also a good practice to use a monitoring system to monitor the traffic of the system that was attacked. | |
Q1) How it works and what it did?
The WannaCry Ransomware targeted the vulnerable computers operating on Windows operating system. The malware used EternalBlue and DoublePulsar backdoor malware to get installed in the system. The EternalBlue.exe script is executed and if successful it checks for DoublePulsar malware. If available, the DoublePulsar is used to bypass the authentication measure implemented in a system. The DoublePulsar creates a back door to remote access. If successful the system attacked tend to be in control of the hacker.
The impact of WannaCry affected many users in around 150 countries. The hackers threatened to delete file is the owners did not pay an amount they required in form of bitcoins. The attackers asked the owner to pay the ransom required within seven otherwise, they would delete the data.
Q2) how this attack is propagated?
The WannaCry was distributed to various system via the use of malicious email and the Necurs botnet. EternalBlue was used to exploit the security loophole. EternalBlue allows malicious code to be spread in platform meant for sharing files such as droboxes, shared drives and databases. The malware is shared with no permission from the user.
Q3) Discuss the impact of this attack on the operation of an organization?
The organization that complied with the demand of the hacker paid the ransom the attackers required for the data not to be deleted. Some business that did not pay the ransom as required lost the data. The business are experience some down time when, the ransomware was effective. Most of the organization that were infected were the health sector organisations. This resulted to the cancellations of the scheduled operations and appointments.
Some of the steps the organisation would take to protect their networks include: update their versions of Windows operating system to window 7 or later versions, install security software, upgrade the unsupported hardware and remain up-to-date on the software patches.
Q4) Give an example of a duty of the Incident response planning, Disaster recovery planning
For the business that were attacked such as London's Barts Health NHS Trust are still having a duty of the incident response planning in order to run its operation normally as others. The hospital activated the tested contingency plans and are gradually bringing the clinical systems back online. The hospital began need to process al the huge backlog of messages and the hospital was open for emergency cares but had cancelled most of its scheduled operations. The hospital apologised for the inconvenience and directed some patients to other hospitals except for the emergency cases.
Q5) What steps can you take to protect your own PC or laptop computer from this attack and other attacks?
I would ensure the operating system install in my laptop is genuine and the application are up-to-date. I would also install some antivirus application for the detection of attacks in the PC.
Q6) Briefly describe the lessons learned from this malware incident
Some of the malware that attack the computer are beyond our control. But to help in the mitigation of the attack by malware the applications and software in our laptops should be up-to-date.
Q7) If any Australian organization or Australian businesses is infected with attack
Australian Cyber Security Centre (ACSC)
The ACSC should be informed of any cyber security threat in an organization. The ACSC will help the organization understand the threat environment and will assist the organization affected in mitigating the attack.
- Victims of social engineering
MEMO
To:
From: ABC Auditors
Date: 17/05/2018
Re: Victim of social engineering
Earlier this month, the organization performed an audit. The auditors have found quite a number of loopholes in the information security throughout the organization. It has come to our notice that the laid security policies were not followed. A contractor had be hired upgrade the servers. The administrator gave out the TMS server addresses via phone to the contractors. The contractor also asked for the password over the phone but the administrator requested the contractor to pass by the office and be given the password. The contractor did not show up in the office. The contractor was attempting social engineering. After some follow-up it was noted that the contractor has stolen some organization’s information from the transaction management system.
Data breach and password hack attack were detected in the system. The contractor used lax security to get away after stealing data. The transaction system had some faults such not using strong password and lack of encryption of sensitive data. From the audit, the password that was hacked had only three characters without any special character.
For the organization staff should follow all the security policy required so as try to mitigated the cases of social engineering. All system users should change their passwords. The new passwords should be lengthy and should apply the use of special characters. The system administrator should also encrypt the sensitive data. The security policies should be followed in order to ensure security in the organization systems and data.
In case, of any problem realised when using the system, please inform the system administrator. So that the issue can be addressed.
References:
[1]Eecs.yorku.ca, 2018. [Online]. Available: https://www.eecs.yorku.ca/course_archive/2015-16/W/3482/Team12_eBayHacks.pdf. [Accessed: 27- May- 2018].
[2]J. DiGiacomo, "10 Common Data Breach Attack Techniques | Revision Legal", Revision Legal, 2018. [Online]. Available: https://revisionlegal.com/data-breach/attack-techniques/. [Accessed: 27- May- 2018].
[3]Evry.com, 2018. [Online]. Available: https://www.evry.com/globalassets/india/pdfs---white-papers/mitigating-security-breaches-in-retail-applications.pdf. [Accessed: 27- May- 2018].
[4]S. Doug Drinkwater, D. Drinkwater, T. Morbin and D. Drinkwater, "eBay counts the cost after 'challenging' data breach", SC Media UK, 2018. [Online]. Available: https://www.scmagazineuk.com/ebay-counts-the-cost-after-challenging-data-breach/article/541162/. [Accessed: 27- May- 2018].
[5]"Hackers raid eBay in historic breach, access 145 million records", U.K., 2018. [Online]. Available: https://uk.reuters.com/article/uk-ebay-password/hackers-raid-ebay-in-historic-breach-access-145-million-records-idUKKBN0E10ZL20140522. [Accessed: 27- May- 2018].
[6]"Types of Attacks", Comptechdoc.org, 2018. [Online]. Available: https://www.comptechdoc.org/independent/security/recommendations/secattacks.html. [Accessed: 27- May- 2018].
[7]"Hackers steal up to 145 million user records in massive eBay breach", Computer Fraud & Security, vol. 2014, no. 6, pp. 1-3, 2014.
[8]S. Romanosky, D. Hoffman and A. Acquisti, "Empirical Analysis of Data Breach Litigation", Journal of Empirical Legal Studies, vol. 11, no. 1, pp. 74-104, 2014.
[9]S. Oh, "Estimates for Reasonable Data Breach Prevention", SSRN Electronic Journal, 2015.
[10]P. Leonard, "The New Australian Notifiable Data Breach Scheme", SSRN Electronic Journal, 2018.
[11]G. Virgo, "Personal and Proprietary Remedies for Breach of Confidence: Nearer to Breach of Fiduciary Duty or Breach of Contract?” SSRN Electronic Journal, 2014.
[12]"UK data breach fines double", Computer Fraud & Security, vol. 2017, no. 6, p. 3, 2017.
Buy Mn604 It Security Management: Data Assessment Answers Online
Talk to our expert to get the help with Mn604 It Security Management: Data Assessment Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.
