Researching Network Attacks And Computer Security Tools

Part 1- Researching Network Attacks

Part 1: Network Attacks

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Name of attack:

Distributed Denial of Service Attack or DDoS

Type of attack:

Computer Network Attacks

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Dates of attacks:

March 20, 2014 and February 28, 2018

Computers / Organizations affected:

Distributed Denial of Service attacks on the GitHub Website and Distributed Denial of Service Attacks on the Boston Children’s Hospital

How it works and what it did:

The Denial of Service attacks or DoS attack is the specific cyber attack, where the attacker seeks into the machine for making it completely unavailable to the respective users by significantly disrupting all the services of any host that is connected to the connection of Internet. The DDoS attack or distributed denial of service is the specific incoming traffic that is eventually flooded with the victim that is originating from several sources. Hence, it makes it absolutely impossible ins topping this attack by means of blocking any single source.

The Denial of Service or DoS attack is subsequently considered as one of the most deadly weapons, which is being utilized for the purpose of attacking several companies as well as networks in computer. The provided case study in this particular account is the specific and popular case study of the Boston Children’s Hospital.  The hospital was substantially attacked by the DDoS or Distributed Denial of Service attack within the year of 2014 [1].

This Denial of Service or DoS attack is the attack, which makes information or data completely unavailable to all the intended hosts and available to unauthorized users. There can be various strategies as well as methods for carrying out these types of DoS attacks. The major works of these DoS attacks are the entering into the network of victim and get significant access of network of the victim. This DoS attack even makes this network unavailable for the rest of the clients.

This network is eventually made unavailable with the help of several numbers of IP packets. The next method, which the hacker could attack any victim by utilizing DoS or Denial of Service attack is simply by making various loopholes and thus making this network absolutely unstable. There are various other denial of service attacks, which are majorly carried out within the level of application and thus disturbing the normal functionality of this service. All of these attacks significantly had crashed the Wen Browser, email application or media player [1].

The specific attack that took place within the popular Boston Children’s Hospital was a type of denial of service attack. This attack was taken place in three distinct strikes. On March 20 in the year 2014, the specific information technology group of this Boston Hospital received a threatening message over their Twitter account. This message was solely related to this case for the case of child custody of a particular 15 years old girl, who had been diagnosed by the protective services of Massachusetts.

This particular message, which was received by the hospital, was regarding return of the girl to her family only after making various activities against these clinicians [1]. These attackers who had sent the message even posted some of the personal and confidential information that involved email address, home address contact number and many more about some of these people that were involved.

The very first phase of this attack occurred on April 2014. Within this Strike 1 of the DDoS attack, all the attackers had attacked the respective external website of this hospital.

The next phase of this attack occurred once again in one week. It is eventually considered as the attack of Strike 2 of this hospital. The attack that involved the fragmented of TCP, reflection flood of DNS, and all floods that are out of the state.

Within the attack of strike 3 of this Distributed Denial of Service, all of these attacks were at their peaks. This third attack was significantly four times more dangerous than the second attack. All the attackers utilized emails of spear phishing for the purpose of luring all the recipients to click on their links or to open the attachments. This had helped attacker in granting major access to their network behind the antivirus or firewall in this hospital.

Mitigation options:

When the hospital management knew regarding the threat, they became extremely conscious. The typical team of management of this famous Boston Children’s Hospital initiated the typical team of response that is multi disciplinary. This team quickly accessed all the services, which are likely to be compromised or to be lost when this hospital has lost their respective internet connection. The incorrect thing, which this hospital made, was that they had not undertaken any preventive measure before this attack of the DoS or denial of services. Three distinct impacts were recognized by this team.

They did not have the ability for routing prescriptions electronically for all the pharmacies.

There were email downtimes for each and every department that were the one and only serious procedure for all of their functionalities.

They did not have the ability for accessing the remote Electronic Health Records or EHR within the server.

This hospital summons a response team that is emergency; for properly mitigating as well as using the scrubbing centre of Radware to significantly handle the higher rates of the Distributed Denial of Service attacks.

Since there were no such specific way of the attack of distributed denial of service. This is the system which sub divides the specific system in protocol, volumetric and finally application attacks.

References:

[1]”DDoS Case Study: DDoS Attack Mitigation Boston Children’s Hospital”, Security.radware.com, 2018. [Online]. Available:  [Accessed: 01-June- 2018].

 Part 2: Wanna Cry Ransomware Attack

Question 1: How it works and what it did?

                In May 2017, the WannaCry ransomware attacked more than 230000 computers were affected in 150 countries [2]. The hackers encrypted the files and demanded for 300 dollars to decrypt them. Later they increased their demand to 600 dollars. The major affected area was National Health Service in Britain.

Question 2: How this attack is propagated?

                More than 230000 computers were affected in 150 countries. The hackers of the WannaCry attack executed this attack by means of exploitation of the vulnerabilities of EternalBlue in the operating system of OS [4]. This WannaCryRansonware attack impacted many leading organizations in various countries. The entire cyber world was shaken due to this.

Question 3: Impact of this attack on the operation of an organization and their mitigations

                The major impact of the WannaCry ransomware was done by the cyber weapon, stolen from NSA. It eventually instructed every employee for not opening any file and not logging in for two specific hours [1]. Moreover, this attack affected the NHS hospital’s computer systems by blocking every file with the help of encryption. The demanded for 300 dollars for this attack.

                Every company, who has the chance of facing WannaCry ransomware must install antivirus software within their systems for detecting malware [10]. This would stop the hackers in hacking the data and prevent the hackers from entering into the system.

Question 4: Duty of the Incident Response Planning, DR Planning, BCP

                The team of incident response planning is the most efficient for helping the companies in response of the incidents for having three important functions. CSIRT or Computer Security Incidence Response Team should be present within the company with experts for public communication and legal matters [7]. This CSIRT comprises of a group, which helps in executing technical aspects for the plan if incidence response. All the team members are majorly responsible to detect, eradicate the various cyber incidents as well as the containment of all cyber attacks.

                The team for DR is the major factor for disaster recovery for the business continuity efforts. For the purpose of disaster recovery, CIO of the company should be involved with a senior manager of information technology [11]. Various attacks could be mitigated within the help of DR planning.

                BCP involves every essential function, which is required within any business for the proper identification of processes and also for maintaining and sustaining the systems [9]. BCP is effective for any type of cyber attack or natural disaster.

Part 2- WannaCry ransomware and related questions

Question 5: What steps can you take to protect your own PC or laptop computer from WannaCry attack and other attacks?   

                For the protection of the system from the attacks of WannaCry ransomware, the specific user requires keeping each and every application and software, which could be included within the upgraded system [5]. The ransomware of WannaCry is not feasible for attacking any system that comprises of the upgraded software. The typical operating system within every system must be kept up to date. This user, who is utilizing the computer system or laptop, antivirus software must be present for the proper detection any type of vulnerability within their system. Any type of suspicious activity is detected by this software [8]. Avast antivirus is one of the most significant software that could be utilized to control the network traffic by typical connection parameters.

Question 6: Lessons learned from this malware incident

                The various lessons that could be learnt from this WannaCry ransomware attack is that each and every organization must utilize several preventive measures for the prevention of the ransomware attack for removal of these attacks in system [6]. All these companies should always protect the systems from these attacks of ransomware. There must be good software of anti malware and antivirus to protect all their system from these attacks.

Question 7: Whom to contact if Australian Business faces this type of attack?

                When this specific type of attack occurs within the Australian business, they should contact the team of ACSC or Australian Cyber Security Centre at first. This ACSC is the government agency, which helps in bringing all the abilities of cyber security [3]. The particular organization must implement DR Planning or disaster recovery planning and IPR or incident response planning for the purpose that the company never faces any further attacks within their business.

Part 3: Memo of Case Study

MEMO

To:

From:

Date:

Subject: Significant discussion regarding serious situations of the organization and highlighting the major breaches, which include ITSec recommendations

The organizational auditor is searching for the countless situations of information securities within all of their procedures. This particular organization was lacking in coordination of security policies as well as each and every policy that was involved within the company and was not properly followed.

A specific contractor of the organization has requested for the TMS server address on the phone. This auditor has also found that this administrator had given the respective server address to the contractor since this contractor was eventually up grading the system of server. This typical fact might be bringing a significant problem within the company in near future that is solely related to browser data breaching or even denial of service or DoS data breaching [10]. This organization might be losing all of their data for this reason.

The most suitable and significant recommendation or suggestion that this auditor could give to the organization is keeping proper look or track over each and every activity, which the contractor of server is following.

Hence, it could be clearly mentioned that this data was stolen for sure by this contractor, who was recruited for the perfect up gradation of their system of network [6]. This organization requires proper system management for the breaching of data so that this company can mitigate them easily.

References

[1] Mohurle, Savita, and ManishaPatil. “A brief study of wannacry threat: Ransomware attack 2017.” International Journal 8, no. 5 (2017).

[2] Berr, J. “‘WannaCry’Ransomware Attack Losses Could Reach $4 Billion.” CBS News 16 (2017).

[3] J. Fruhlinger, “What is WannaCryransomware, how does it infect, and who was responsible?”, CSO Online, 2018. [Online]. Available: 

[4] Hasan, Mosin, NileshPrajapati, and SafvanVohara. “Case study on social engineering techniques for persuasion.” arXiv preprint arXiv:1006.3848 (2010).

[5] Kvedar, Derek, Michael Nettis, and Steven P. Fulton. “The use of formal social engineering techniques to identify weaknesses during a computer vulnerability competition.” Journal of Computing Sciences in Colleges 26, no. 2 (2010): 80-87.

[6] Von Solms, Rossouw, and Johan Van Niekerk. “From information security to cyber security.” computers & security38 (2013): 97-102.

[7] Wang, Wenye, and Zhuo Lu. “Cyber security in the smart grid: Survey and challenges.” Computer Networks 57, no. 5 (2013): 1344-1371.

[8] Hahn, Adam, Aditya Ashok, Siddharth Sridhar, and Manimaran Govindarasu. “Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid.” IEEE Transactions on Smart Grid 4, no. 2 (2013): 847-855.

[9] Amin, Saurabh, Xavier Litrico, Shankar Sastry, and Alexandre M. Bayen. “Cyber security of water SCADA systems—Part I: Analysis and experimentation of stealthy deception attacks.” IEEE Transactions on Control Systems Technology 21, no. 5 (2013): 1963-1970.

[10] Elmaghraby, Adel S., and Michael M. Losavio. “Cyber security challenges in Smart Cities: Safety, security and privacy.” Journal of advanced research 5, no. 4 (2014): 491-497.

[11] Dunn Cavelty, Myriam. “From cyber-bombs to political fallout: Threat representations with an impact in the cyber-security discourse.” International Studies Review 15, no. 1 (2013): 105-122.

[12] Sou, Kin Cheong, Henrik Sandberg, and Karl Henrik Johansson. “On the exact solution to a smart grid cyber-security analysis problem.” IEEE Transactions on Smart Grid4, no. 2 (2013): 856-865.