Ransomware malware threats against MetaSoft

This assignment will enlighten on Information system security and risk management in MetaSoft Ltd. MetaSoft Ltd deals with clients located in Australia as well as New Zealand. It is a software development company and is planning to move its computer infrastructure to cloud. The board of directors assumes that this will increase the flexibility of operations that are being carried out in the company and will increase the responsiveness of the company along with some savings in cost. The company provides IS services to its staffs and clients. The data collected from the staffs and clients are securely stored in servers. The company will shift all the data to cloud to make them more secure. The three services open to them are Infrastructure as a service (IaaS), Software as a service (SaaS) and Platform as a service (PaaS). However, network information systems faces common malware problems like ransomware. The following paragraph will elaborately explain the working of ransomware in the network and the steps that MetaSoft will be required to take if such malware occurs in their system.

1. Discussion:

Ransomware malware threats against MetaSoft:

One of the fastest growing threats in the world of computers is ransomware. Ransomware is defined as a malicious software that takes away ransom from an infected computer (Pathak & Nanded, 2016). There are various types of ransomware that exists in IT world. They differ from each other by the process they extract ransom from the infected systems.  They are System lockers that blocks the access of the user to the operating system unless the user pays some ransom to it. Application lockers is another type of ransomware that blocks the access of the user to certain application unless some ransom is paid. Data encrypting ransomware works on the data of targeted computer and encrypts them unless the system pays some ransom. Fake data encryption ransomware just deletes all the data present in the targeted system and makes the user believe that the data has been encrypted to take some ransom from it.

To combat and tackle ransomware attacks MetaSoft can implement three types of anti-ransomware that are available in the market. The first category is the disinfection tool that cleans the PC before data is restored after an attack (Richardson & North, 2017). The disinfection tool is similar to that of integrated multiple anti-virus programs. The second category is the decryption tool. It helps to tackle the data encryption ransomware attack (Mercaldo et al., 2016). The third category is the protection tool used to protect the computers from ransomware attacks beforehand.

Three tools that will tackle ransomware

Threats faced by the routers and switches connected to the network:

The way routers and switches are vulnerable to destruction:

The threats that routers and switches faces are unauthorized access, masquerading, password guessing as well as router protocol attacks. Session replay attacks and ping of death attacks are the other forms of attacks faced by the routers. MetaSoft Ltd is vulnerable to router and switch attacks through session hijacking, rerouting hijacking and masquerade attacks. When the attackers insert falsified IP packets in the network after a session is established through IP spoofing, session hijacking occurs (Shu et al., 2016). Rerouting hijacking is defined as modifying routers in the network such that traffic flows to unauthorized destinations. Last type of attack that MetaSoft faces is the masquerade attack where the IP packets are modified or masked and sent to falsify IP addresses.

Reliability and availability of Windows Server 2012 web services:

It has been assumed that MetaSoft System is using Windows server 2012 to provide web services. The organisation will ensure reliability of its web services by using Storage Spaces, a new concept that has been introduces by the windows server. Storage Spaces manage all the disk drives connected to the server with the help of Storage Pool concept. Storage Pools consists of one or more physical disks that are attached and help to create Volumes. Individual Volumes can be created by the three layouts simple, mirror or parity.

The availability in the Windows server 2012 web service can be ensured by the use of Dynamic quorum. The quorum majority is determined in Windows server 2012 by a set of nodes that are active members of the cluster.

Confidentiality and integrity in staff mails through Microsoft Exchange servers:

Microsoft Exchange server is a mail or calendar server that facilitates the transfer of emails and its connection to mobile phones while maintaining the reliability and confidentiality and improved performance. The server runs only on Windows server operating systems. As it is assumed that MetaSoft uses Windows server 2012 therefore, it will be using Microsoft exchange servers to maintain confidentiality in its staffs emails (Trotter, 2013). When a person is not in office, the exchange server allows his colleagues to check emails so that important information do not get unnoticed thus maintaining confidentiality as well as integrity of staff emails.

Working principle of the Microsoft Exchange server:

The various steps of email exchange to maintain confidentiality and integrity are:

• At first, the emails received are stored and organized in the information store.
• The email addresses of the sender and receiver are created and managed by the system attendant.
• The simple mail transfer protocol (SMTP) plays an important role in communicating emails from one server to another (Trotter, 2013). In other words, it allows inter-server message transmission (Rewagad & Pawar, 2013). The client email is kept confidential by this protocol and sent to long distances when the location of the receiver is far away.
• The active directory updates the systems for new mailbox along with managing the user accounts and distribution lists.

Threats faced by the routers and switches connected to the network

Threats that webmail and webservers of MetaSoft face:

The various threats that emails and webservers that MetaSoft face are discussed below:

• Spoofing: The email protocols used are unable to authenticate email addresses, as a result of which hackers use the addresses to perform malicious actions in them. Spoofing can be done on individual mailbox or in any company’s domain. This type of attack is given high priority and is common in IT sector.
• Malicious attachments: Attachments are sent via email which when accessed installs ransomware and other malwares in the system thereby destroying it. This attack is given the highest priority as it is one of the most common attack.
• Links to malicious webpages: Links are sent via webmail that opens malicious webpages when accessed.

2.6 Two proposed method that will ensure the availability of email server:

To maintain IT business continuity redundancy and fault tolerance are the two key factors. Similarly, to maintain the continuity and availability of email servers two proposed method would be the DKIM settings and the Reverse DNS. The two methods are explained in details in the following paragraphs:

2.6.1 DKIM setting: Domain Keys Identified Mail is a new standard authenticates the delivery chain of email messages. The key signs the message with a special cryptographic signature that can be verified by a third party however, cannot be counterfeited (Ho, Javed, Paxson & Wagner, 2017). The relay server in the delivery chain includes the signature in the emails that proves message is passed via that server (Backholm, 2016). This helps in eliminating spammers that creates fake messages. DKIM cannot block spam messages in the network however, gives receiver confidence on the source of the message.  

Reverse DNS: When mail servers receive connection from a particular IP address then reverse DNS is performed to look for the IP address. The reverse DNS process yields a hostname. Forward lookup is performed by the server to check if the generated IP address matches with the original address. This process is known as forward confirmed reverse DNS. If the addresses do not match with each other then message delivery is not successful. 

As stated by various researchers, employee commitment towards the organisation has an important role to play in information security. Employees who are committed towards the company will strive to abide by the security policies and maintain the rules and regulation of the organisation. The employees would understand the negative impact of not abiding by the security policies. Studies say that security of information in an organisation is completely vested on the employees. They are the key factors.

Risk management recommendation to reduce employee risk:

Some of the recommendations that MetaSoft should follow to reduce the risk of employees are:

• Continuous monitoring the employees: The employers need to monitor employees from all angles to protect them engaging in unlawful events.
• MetaSoft should keep all their employees fit and healthy. They should look to the needs and requirements of their employees and manage risks every day.
• All business organisation should have a risk-based approach to identify the critical valuable assets and vulnerabilities of the company. This will help them identify the risk of the employees and take necessary actions to eliminate them.
• The employee and the company should avoid recklessness.

 Log records for analysing webservers and email server problems:

Log records has been identified to be an important piece of information that is provided by the server. It provides information on “who, when and how” accessed the server. This type of data will help to monitor the performance and eliminate the risk issues of the server. Log records also help to investigate web and email servers to find out the IP address of users in case any malicious events have taken place.

Reliability and availability of Windows Server 2012 web services

2.9 Use of audit log reports for performing auditing analysis:

The web and email servers provide two log files namely access.log and the error.log files. The access.log file records all the files that are requested. If a visitor requests www.example.com/main.php, the following entry will be added in the log file.

88.54.124.17 – – [16/Apr/2016:07:44:08 +0100] “GET /main.php HTTP/1.1” 200 203 “-” “Mozilla/5.0 (Windows NT 6.0; WOW64; rv: 45.0) Gecko/20100101 Firefox/45.0”

From the above log it can be revealed that a visitor with IP address 88. 54. 124. 17 requested for main.php file on 16 April 2016 at 7:44 and the request made was successful. If log file was not present, then the IP address that accessed the server could not be traced and therefore, auditing analysis and monitoring could not be done. Data stored in the log file or log report will help to solve the long-term security problems of the organization.

2.10 Propose five network devices that will help to mitigate the security issues and threats to webservers and email servers:

• SSH keys: These keys are a pair of cryptographic keys that will authenticate SSH servers as an alternative to password based logins. 

1. Conclusions:

From above discussions, it can be concluded that the network information systems faces common malware problems like ransomware. One of the fastest growing threats in the world of computers is ransomware. To combat and tackle ransomware attacks, organisation can implement three types of anti-ransomware that are available in the market. Employee commitment towards the organisation has an important role to play in information security. Studies showed that security of information in an organisation is completely vested on the employees.

Information security is one of the major issues that most of the organization are facing. Therefore, to overcome the security issues I would suggest the following actions:

• Regular monitoring of the servers and the networks. The process involved in scrutinizing the network devices and the servers is hectic however, for resolving the problem monitoring is required to be done.
• I would recommend installation of strong anti-viruses in the network as well as the network devices. Anti-viruses should be efficient enough to detect and fight against any type of malware.
• Updating the anti-viruses is another work that will help to eliminate the risks of the security and threats to the network..

1. References:

Backholm, A. (2016). U.S. Patent No. 9,444,916. Washington, DC: U.S. Patent and Trademark Office.

Balmer, M. L., Slack, E., De Gottardi, A., Lawson, M. A., Hapfelmeier, S., Miele, L., … & Bernsmeier, C. (2014). The liver may act as a firewall mediating mutualism between the host and its gut commensal microbiota. Science translational medicine, 6(237), 237ra66-237ra66.

Border, J., Dillon, D., & Pardee, P. (2015). U.S. Patent No. 8,976,798. Washington, DC: U.S. Patent and Trademark Office.

Brubaker, C., Jana, S., Ray, B., Khurshid, S., & Shmatikov, V. (2014). Using frankencerts for automated adversarial testing of certificate validation in SSL/TLS implementations. IEEE security & privacy, 2014, 114.

Ho, G., Javed, A. S. M., Paxson, V., & Wagner, D. (2017). Detecting Credential Spearphishing Attacks in Enterprise Settings. In Proceedings of the 26rd USENIX Security Symposium (USENIX Security’17) (pp. 469-485).

Landsman, R. A. (2013). U.S. Patent No. 8,601,475. Washington, DC: U.S. Patent and Trademark Office.

Lee, S., Jo, J., Kim, Y., & Stephen, H. (2014, June). A framework for environmental monitoring with Arduino-based sensors using Restful web service. In Services Computing (SCC), 2014 IEEE International Conference on (pp. 275-282). IEEE.

Marman, T., & Kukreja, R. (2014). U.S. Patent No. 8,793,801. Washington, DC: U.S. Patent and Trademark Office.

Mercaldo, F., Nardone, V., Santone, A., & Visaggio, C. A. (2016, June). Ransomware steals your phone. formal methods rescue it. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems (pp. 212-221). Springer, Cham.

Pathak, P. B., & Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware growing challenge. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume, 5.

Rad, P., Chronopoulos, A. T., Lama, P., Madduri, P., & Loader, C. (2015, November). Benchmarking bare metal cloud servers for HPC applications. In Cloud Computing in Emerging Markets (CCEM), 2015 IEEE International Conference on (pp. 153-159). IEEE.

Rewagad, P., & Pawar, Y. (2013, April). Use of digital signature with diffie hellman key exchange and AES encryption algorithm to enhance data security in cloud computing. In Communication Systems and Network Technologies (CSNT), 2013 International Conference on (pp. 437-439). IEEE.

Richardson, R., & North, M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10-21.

Schiffman, J., Sun, Y., Vijayakumar, H., & Jaeger, T. (2013, June). Cloud verifier: Verifiable auditing service for iaas clouds. In Services (SERVICES), 2013 IEEE Ninth World Congress on (pp. 239-246). IEEE.

Shu, Z., Wan, J., Li, D., Lin, J., Vasilakos, A. V., & Imran, M. (2016). Security in software-defined networking: Threats and countermeasures. Mobile Networks and Applications, 21(5), 764-776.

Trotter, D. H. (2013). U.S. Patent No. 8,381,287. Washington, DC: U.S. Patent and Trademark Office.

Tuli, P., & Sahu, P. (2013). System monitoring and security using keylogger. International Journal of Computer Science and Mobile Computing, 2(3), 106-111.

Tyree, D. S., & Tomlinson, J. E. (2014). U.S. Patent No. 8,856,315. Washington, DC: U.S. Patent and Trademark Office.