What was the Problem?

The University of Oklahoma (OU) had had a security breach on June 14, 2017. It had accidently released thousands of records concerning its students from 2012. The breach occurred from the campus file sharing system. The act prompted a violation in the federal law. The OU Daily found the data breach. The daily shared with the vice president that the breach had occurred (Ablon et al., 2016). The vice president reported that the OU Information Technology (IT) department had known the breach long before and were working to secure the files that had been breached. Though the IT team had not found any evidence that there had been a breach in the system but they had looked into the matter as how the files and been made accessible to individuals who have even claimed that they had downloaded them (Kwon & Han, 2017). The Daily did not suggest that there had been an outside breach in the security but they rather stated that the lax security measure of the server made the users to access educational records, which was not allowed. Among the 29,000 records disclosed there were many instances that showed that personal and sensitive information related to the students of the university were disclosed. Such disclosure of record violated the Family Educational Rights and Privacy Act (FERPA) that helped the students to control the sharing of their personal details. The education board said that the files were disclosed unintentionally. Thus, the FERPA was not violated as such offence can make the federal funding of the university to be pulled away (Young, 2014).

The security breach in the system of the university prompted thousands of university to be affected. The possible risk was the fact of personal information falling into the wrong hands. Information of more than 29,000 students of the university had been leaked. The information consisted of personal details, financial status and social security number. The system was immediately shut down once the files were found to be accessible by any one. However, universities have a directory information file which stores limited information on the students on the university (Kuo & Varki, 2014). Violation of any kind of law would have made the organization to fall into the trap FERPA.

The attack was not something, which had to be carried out by an outsider. The security breach was made from inside. The files are to be kept safe on the university’s server and to be made accessible to the person with the correct access credentials. The IT department of the University overlooked this fact. They found that someone on the inside made the files public. The files were made available to anyone using the University’s email system. The OU had changed their server from SharePoint to the Cloud Servers (Federgreen & Sachs, 2015). They university was aware of which file were to be made public for the students. A single button click on the ou.edu email website would lead the user to the cloud server used by the university: Delve. Delve is a network operated platform that shows the user what they are working on or what the other students are working on. Anyone with an OU email file server is liable to get access to Delve. On searching the keywords in the search bar, the files would be made available to the user. Four spreadsheets containing financial information from the classes of 2012 – 2013, 2013 – 2014, 2014 – 2015 and 2015 – 2016. All types of financial information related to the student and the grades he or she had relieved during the time were exposed. For the 500 international students of the University their Visa details were also exposed in the breach.

Who were Affected and How?

To remove such data breaches to occur in the university to occur the university the following can be followed:

• Providing training to the insiders who work in the IT department so that mistakes related to the data breaches can occur less.
• Using encryption on the files that are being stored in the server of the organization.
• Intrusion detection in the system and measures to prevent them from happening is essential for the organization to follow (Gao, Zhong & Mei, 2015).
• Using proper content filtering techniques on the files saved in the system can help in reducing data breaches. Using such filtering methods can help in stopping data to be exploited by the drive by downloaders.
• Regular assessment of the vulnerability of the server system should be done. It would be better for the security of the systems if the checking were done on a weekly basis.
• The IT department should comprehensively do security patching on a regular basis. The most common mistake done by the IT workers is to turn the security patch updater off (Gray, 2015).
• The university should setup a system monitor program to check the behavior of the insiders. This helps in blocking of the university’s sensitive information from being shown to the common people.
• Many of the data breaches occur due to the theft of the informations. To have a remote secure backup device for the system files is effective in times of despair.
• Create an Effective Cyber Risk Plan for the organization, which can be followed during the event of a security breach.

References

Ablon, L., Heaton, P., Lavery, D., & Romanosky, S. (2016). Data Theft Victims, and Their Response to Breach Notifications.

Federgreen, W. R., & Sachs, F. E. (2015). U.S. Patent Application No. 14/618,434.

Gao, X., Zhong, W., & Mei, S. (2015). Security investment and information sharing under an alternative security breach probability function. Information Systems Frontiers, 17(2), 423-438.

Gray, M. F. (2015). U.S. Patent No. D746,305. Washington, DC: U.S. Patent and Trademark Office.

Kuo, H. C., & Varki, S. (2014). Are Firms Perceived As Safer After an Information Breach?. ACR North American Advances.

Kwon, S. M., & Han, C. H. (2017). Empirical Investigation on Information Breach Effect on the Market Value of the Firm: Focused on Source and Long Term Performance. Journal of Society for e-Business Studies, 21(2).

Young, E. (2014). Educational privacy in the online classroom: FERPA, MOOCs, and the big data conundrum. Harv. JL & Tech., 28, 549.

During the period of 12th of May 2017 and 15th of May 2017, a global scale cyber-attack was initiated targeting computers running Windows based operating systems. The virus was named WannaCry ransom ware (Chakravartula, & Lakshmi, 2017). The virus would encrypt all the files of the computer system it attacked and then would ask for ransom for decryption in the form of Bit coin Crypto currency. On the first day of the attack, the virus had infected more than 230,000 computers in around 150 countries across the globe. The virus had affected many notable organizations across the globe. Web security researchers found that the process could be slowed down by registering a domain name, which was found inside the code of the virus (Wirth, 2017). However, newer versions started to come out which was deprived of such a kill switch. Many researchers found ways to decrypt certain files without paying any ransom. Microsoft created security patches for all the windows versions in the market, some emergency security patches were released the next for computers running on Windows 7 and Windows 8. The older version of Windows like Windows XP and server 3003 were the ones to get affected first. However, the number of casualties were less related to Windows 7. The virus was considered a network worm, which had the ability to transport itself, and used EthernalBlue exploit in Windows systems to gain access (Renaud, 2017). The files encrypted by the virus displayed a ransom note from the creators demanding Bit coin ransom. Once it gained access it used DoublePulsar to install in the computers system and execute a copy of the virus.

How was the Attack Carried Out?

The most notable Wannacry victims are:

• National Health Service, UK: The WannaCry virus had forced delays in surgery, appointment cancellation, hit the hospital and a huge mess was created in the hospital.
• US hospitals: There was no count on how many hospitals were attacked but a serious number of hospitals showed that the radiology machines broadcasted the WannaCry message (Mohurle & Patil, 2017).
• FedEx: The logistics company reported that they had to delay the delivery of the packages due to the ransom ware attack.
• Nissan: When Nissan was attacked, it shut down all the factories to avoid further spread of the virus.
• Russia: The WannaCry virus hit all Telecom providers, interior ministry and the Russian railway system. There was no count on how many systems were attacked but there was a lot of damage caused.
• Police in India: Andhra Pradesh in India reported mostly 25% of the police computers were affected. The systems were taken offline to prevent data loss.
• Chinese Universities: The WannaCry virus affected more than 100,000 university computers across china. This was because about 70% of the software’s used in China are from the black market. There are no updates provided for such bootlegged software’s and OS’s.
• Hitachi: The Japanese organization reported that it had faced attack from the virus but the casualties were kept at minimum.
• Chinese Police: The Chinese Public Security Bureau had been affected by the virus and even forced a police station to go offline.
• Renault: Among all other victims Renault also reported being attacked by the virus but the casualties were not reported by the organization.

The first attack was done in the form of injection around 8:24am of London time on 12th of May 2017. A European opened a compressed zip, which initiated the WannaCry virus. The first initiation needed some housekeeping on the part of the virus to be performed before it could replicate over the network. A command in the coding told the virus to contact an obscure website (Martin, Kinross & Hankin, 2017). The link was inaccessible as it did not exist and the code told it to carry on with the attack. This step was to become the kill switch of the virus but it would be unnoticeable for a few hours. This provided it time to infect all other computers through the help of network. After rooting itself into the system the code then told the virus to check the file sharing system of the computer. To know the system better the virus used an already constructed spying tool named EternalBlue. The software was stolen from the National Security Agency of US and was leaked online. With the help of this software, the virus exploited the loophole in the coding of the Windows system. The loophole allowed the virus to spread itself using the file sharing property like dropboxes and shared drives without taking permission from the user. It took some time and then the initial attack virus spread using the file sharing system (Kuner et al., 2017). Spain’s Telefónica was the first company to announce the attack of the WannaCry virus. After lunch on the same day a computer analyst fund the kill switch in the virus code and went to the website. He bought the domain and activated it. This caused the virus to visit the website whenever it would start attacking a computer. This caused the virus to fallout.

To safeguard one’s self from such ransom ware virus, one should follow the following steps:

• To keep the Windows based OS updated at all time.
• To turn on the Windows Update option on their system.
• To install an active ransom ware blocker in their system.
• To block the port 445 for better security if the OS patches has not been installed in the system (Collier, 2017).
• To keep out an eye for all the updates that are being launched.

References

Chakravartula, R. N., & Lakshmi, V. N. (2017). Combating Malware with Whitelisting in IoT-based Medical Devices. International Journal of Computer Applications, 167(8).

Collier, R. (2017). NHS ransomware attack spreads worldwide.

Kuner, C., Svantesson, D. J. B., H Cate, F., Lynskey, O., & Millard, C. (2017). The rise of cybersecurity and its impact on data protection. International Data Privacy Law, 7(2), 73-75.

Martin, G., Kinross, J., & Hankin, C. (2017). Effective cybersecurity is fundamental to patient safety.

Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5).

Renaud, K. (2017). It makes you Wanna Cry.

Wirth, A. (2017). It’s Time for Belts and Suspenders. Biomedical Instrumentation & Technology, 51(4), 341-345.