Cyber Attack In Recent Years: Responses And Measures

Abstract:

The term cyber security is often used interchangeably with the term information security. This paper argues that the more technologies the more the attacks. Though cyber-crimes are been increased there should be a stage of security where data/information is very much confidential and authenticated. Although there is a substantial overlap between cyber security and information security, these two concepts are not totally similar. From Information Security we have reached Cyber security. Cyber security has an additional dimension, namely, humans as potential targets of cyber-attacks or even unknowingly participating in a cyber-attack. This additional dimension has an ethical impact on society.

Keywords:

Cyber Security, vulnerability, cyber-security, Cyber-attacks.

Introduction:

Cyber-security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It’s also known as information technology security or electronic information security. Information security protects the integrity and privacy of data, both in storage and in transit.

The focus on threats, risks, and controls relevant to the cyber world is the realm of cyber security. This does not mean that security in the cyber world was not addressed in the information security legacy that we inherited and

that has developed over the years. The footprint of the ‘cyber’ aspect though, was rather limited. This limited focus was not deliberate but merely reflected the reality of the day where connectivity to cyberspace was less extensive and controlled. Hence the risks posed by the cyber world were not as extensive as they are today. Common methods attackers use to control computers or networks include viruses, worms, spyware, Trojans, and ransomware. Viruses and worms can self-replicate and damage files or systems, while spyware and Trojans are often used for surreptitious data collection.

Ransomware

waits for an opportunity to encrypt all the user’s information and demands payment to return access to the user.

Cyber-security threats affect all industries, regardless of size. The industries that reported the most cyber-attacks in recent years are healthcare, manufacturing, finance, and government. Some of these sectors are more appealing to cybercriminals because they collect financial and medical data, but all businesses that use networks can be targeted for customer data.

Scale:

The U.S. government spends $19 billion per year on cyber-security but warns that cyber-attacks continue to evolve at a rapid pace. To combat the proliferation of malicious code and aid in early detection, the National Institute of Standards and Technology (NIST) recommends continuous, real-time monitoring of all electronic resources.

Research:

*In October 2017, ORF unveiled a primer, based on multi-stakeholder inputs, outlining key policy questions in safeguarding India’s digital payments ecosystem. It analyses the sector through two broad prisms, namely, (1) institutions and (2) standards. The primer identifies policy challenges to appropriately define cross-cutting cyber-security concerns at the levels of government, l institutions, markets, and individuals/consumers. Based on the primer, NITI Aayog hosted a roundtable on 9 October 2017. Individuals from the government, industry and civil society participated in the roundtable to formulate a policy roadmap for digital payments and cyber security. This report is an outcome of the aforementioned consultative processes and offers specific recommendations for the way ahead.

*The fourth IBM cyber security survey reveals how unprepared companies are for a cyber-attack. Despite widespread acknowledgment that a strong cyber security response plan can save companies significant damages in the wake of an attack, the study shows that many organizations still do not have an incident response plan in place – and those that do have a plan are not testing it regularly.

This is especially concerning given that in the past two years 56% of UK organizations surveyed experienced a data breach, and 62% said they experienced a cyber-security incident.

These incidents seem to be coming thick and fast with 50% of the organizations that experienced a data breach saying that they have been experienced two to three times in the year and 19% of those had experienced more than five.

According to the survey, 61% of organizations say the volume of incidents has increased and 70% say the severity has increased.

Vigilante cyber security: collaboration is better than proactive cyber security

Can organizations realistically go on the offensive? Jonathan Couch saddles up to fire off some words about proactive cyber security, it seems it helps if they can gather up a posse first because proactive collaborative cyber security can work.

As per IBM,

For the first time, this year’s study measured the impact of automation on cyber resilience. These technologies depend upon artificial intelligence, machine learning, analytics and orchestration.

When asked if their organization leveraged automation, only 23% said they were significant users, whereas 77% reported their organizations only use automation moderately, insignificantly, or not at all. Organizations with the extensive use of automation rate their ability to prevent (69% vs. 53%), detect (76% vs. 53%), respond (68% vs. 53%), and contain (74% vs. 49%) a cyber-attack as higher than the overall sample of respondents.

Considering this, it’s a wonder that 76% of senior managers who find it difficult to hire and retain IT security personnel doesn’t change their approach. Only 18% reported using automation significantly in their organization.

As the experts are aware of how data is being collected they need to find new techniques and provide security measures to the data. The number of ways to protect information should be larger greater than the ways to hack.

The way of finding new techniques is probably possible for the Certified Hackers because they know how where when and for what these are done. Cyber security cannot be implemented by a plug-and-play device or a single process. It is rather the interplay of technology, detection and response capabilities, processes, security hygiene, and human diligence.

Cyber Attack In Recent Years:

The WannaCry ransomware attack was May 2017 worldwide cyber-attack by the WannaCry ransomware crypto worm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated through Eternal Blue, an exploit developed by the US National Security Agency (NSA) for older Windows systems that were released by The Shadow Brokers a few months prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry’s spread was from organizations that had not applied these or were using older Windows systems that were past their end-of-life. WannaCry also took advantage of installing backdoors onto infected systems.

The attack was stopped within a few days of its discovery due to emergency patches released by Microsoft, and the discovery of a kill switch that prevented infected computers from spreading WannaCry further. The attack was estimated to have affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars. Security experts believed from preliminary evaluation of the worm that the attack originated from North Korea or agencies working for the country.

In December 2017, the United States, United Kingdom and Australia formally asserted that North Korea was behind the attack.

A new variant of WannaCry ransomware forced Taiwan Semiconductor Manufacturing Company (TSMC) to temporarily shut down several of its chip-fabrication factories in August 2018. The virus spread to 10,000 machines in TSMC’s most advanced facilities.

It’s Response:

Experts quickly advised affected users against paying the ransom due to no reports of people getting their data back after payment and as high revenues would encourage more of such campaigns. As of 14 June 2017, after the attack had subsided, a total of 327 payments totaling US$130,634.77 (51.62396539 XBT) had been transferred.

The day after the initial attack in May, Microsoft released emergency security patches for Windows 7 and Windows 8.1, as well as out-of-band security updates for end of life products Windows XP, Windows Server 2003, and Windows 8; these patches had been created in February of that year following a tip-off about the vulnerability in January of that year. Organizations were advised to patch Windows and plug the vulnerability in order to protect themselves from the cyber -attack. The head of Microsoft’s Cyber Defense Operations Center, Adrienne Hall, said that “Due to the elevated risk for destructive cyber-attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt [alternative name to WannaCry]

Researcher Marcus Hutchins accidentally discovered the kill switch domain hardcoded in the malware. Registering a domain name for a DNS sinkhole stopped the attack from spreading like a worm because the ransomware only encrypted the computer’s files if it was unable to connect to that domain, which all computers infected with WannaCry before the website’s registration had been unable to do. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere. On 14 May, the first variant of WannaCry appeared with a new and second kill-switch registered by Matt Suiche on the same day. This was followed by a second variant with the third and last kill-switch on May 15, which was registered by Check Point threat intelligence analysts. A few days later, a new version of WannaCry was detected that lacked the kill switch altogether.

On 19 May, it was reported that hackers were trying to use a Mirai botnet variant to affect a distributed attack on WannaCry’s kill-switch domain with the intention of knocking it offline. On 22 May, Hutchins protected the domain by switching to a cached version of the site, capable of dealing with much higher traffic loads than the live site.

Separately, researchers from University College London and Boston University reported that their Pay Break system could defeat WannaCry and several other families of ransomware.

It was discovered that Windows encryption APIs used by WannaCry may not completely clear the prime numbers used to generate the payload’s private keys from the memory, making it potentially possible to retrieve the required key if they had not yet been overwritten or cleared from resident memory. The key is kept in the memory if the WannaCry process has not been killed and the computer has not been rebooted after being infected. This behavior was used by a French researcher to develop a tool known as WannaKey, which automates this process on Windows XP systems. This approach was iterated upon by a second tool known as Wanakiwi, which was tested to work on Windows 7 and Server 2008 R2 as well.

Within four days of the initial outbreak, new infections had slowed to a trickle due to these responses.

Impact

The ransomware campaign was unprecedented in scale according to Europol, which estimates that around 200,000 computers were infected across 150 countries. According to Kaspersky Lab, the four most affected countries were Russia, Ukraine, India and Taiwan.

One of the largest agencies struck by the attack was the National Health Service hospitals in England and Scotland, and up to 70,000 devices – including computers, MRI scanners, blood storage refrigerators and theatre equipment – may have been affected. On 12 May, some NHS services had to turn away non-critical emergencies, and some ambulances were diverted. In 2016, thousands of computers in 42 separate NHS trusts in England were reported to be still running Windows XP. In 2018 a report by Members of Parliament concluded that all 200 NHS hospitals or other organizations checked in the wake of the WannaCry attack still failed cyber security checks. NHS hospitals in Wales and Northern Ireland were unaffected by the attack.

Nissan Motor Manufacturing UK in Tyne and Wear, England, halted production after the ransomware infected some of their systems. Renault also stopped production at several sites in an attempt to stop the spread of ransomware. Spain Telefónica, FedEx, and Deutsche Bahn were hit, along with many other countries and companies worldwide.

The attack’s impact is said to be relatively low compared to other potential attacks of the same type and could have been much worse had Marcus Hutchins not discovered that a kill-switch had been built in by its creators or if it had been specifically targeted on highly critical infrastructure, like nuclear power plants, dams or railway systems.

According to cyber-risk-modeling firm Cyence, economic losses from the cyber-attack could reach up to US$4 billion, with other groups estimating the losses to be in the hundreds of millions.

Measures:

In response to malicious cyber-attacks, we assess and gauge the condition of the actual threat you are under and how such threat affects you.

And in order to propose an effective strategic countermeasure, we find out (1) what kind of measure is currently implemented, (2) which security measure needs to be added or reinforced, and (3) which one of the security measures is the highest priority (and the reason for that).

• Train employees in cyber security principles.
• Install, use and regularly update antivirus and antispyware software on every computer used in your business.
• Use a firewall for your Internet connection.
• Download and install software updates for your operating systems and applications as they become available.
• Make backup copies of important business data and information.
• Control physical access to your computers and network components.
• Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure and hidden.
• Require individual user accounts for each employee.
• Limit employee access to data and information and limit authority to install the software.
• Regularly change passwords.

Scope:

One of the only platforms joining the complete world together is the cyber space. Further, with the increasing technology, there are numerous crimes committed through it on a daily basis. To deal with such delinquents there is an immediate need for all organizations, whether private or public to have developed a strong and secured cyber system.

And therefore arises, the need of hiring professionals in cyber forensics, biometrics, cyber laws, ethical hacking, cyber security management, etc. Since cyberspace is a common platform which can be accessed by anyone from anywhere in the world, the scope of cyber security is equally spread throughout the world.

Like in any other course, one may choose to either do some course in cyber security added to your main graduation or pursue a master’s or specialization after it. Either way, it’s one of most rewarding fields since in the current scenario there is a huge demand for professionals in various fields of cyber security. There are various institutes throughout the world that offer various full time or online courses in fields of cyber security.

Cyber security is a very vast field with numerous sub-divisions therefore one has a huge number of options to choose from; each of which further widens the scope of one’s knowledge and career prospects.

Conclusion:

Preventive Measures have to be taken to secure Data.

More new technologies have to be found to provide more security. The more the security the better is the confidentiality.

References:

1. Security Essentials, William Stallings, Prentice-Hall, 2000
2. Security Technologies for the World Wide Web, Rolf Oppliger, Artech House, 2000
3. Internet and Intranet Security, Rolf Oppliger, Artech House, 1998
4. Building Internet Firewalls, Brent Chapman and Elizabeth Zwicky, O’Reilly and Associates, 1995
5. Network Security: Private Communication in a Public World, C. Kaufman, R. Perlman and M. Speciner, Prentice-Hall, 1995
6. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon (Hardcover) by Kim Zetter
7. Metasploit: The Penetration Tester’s Guide (Paperback) by David Kennedy
8. The Art of Deception: Controlling the Human Element of Security (Paperback) by Kevin D. Mitnick
9. Cyberwar: The Next Threat to National Security & What to Do About It (Hardcover) by Richard A. Clarke
10. Applied Cryptography: Protocols, Algorithms, and Source Code in C (Hardcover) by Bruce Schneier
11. Spam Nation: The Inside Story of Organized Cybercrime — from Global Epidemic to Your Front Door (Hardcover)
12. Hacking Exposed 7: Network Security Secrets and Solutions – @Stuart McClure, Joe Scambray, and @George Kurtz
13. Information Assurance Handbook: Effective Computer Security and Risk Management Strategies – Corey
14. The Hacker Playbook: Practical Guide To Penetration Testing – @Peter Kim
15. Applied Network Security Monitoring: Collection, Detection, and Analysis – @Chris Sanders, @Jason Smith
16. Security Metrics, A Beginner’s Guide – @Caroline WongSecurity Metrics, A Beginner’s Guide
17. Gollmann, Computer Security, 3/e (2011, Wiley).
18. Smith, Elementary Information Security (2011, Jones & Bartlett Learning).
19. Stamp, Information Security: Principles and Practice, 2/e (2011, Wiley).
20. Goodrich and Tamassia, Introduction to Computer Security (2010, Addison-Wesley).
21. Saltzer and Kaashoek, Principles of Computer System Design (2009, Morgan Kaufmann). Free online chapters include (pdf) Ch.11: Information Security.
22. Trent Jaeger (2008), Operating System Security
23. Smith and Marchesini, The Craft of System Security (2007, Addison-Wesley).
24. Pfleeger and Pfleeger, Security in Computing, 4/e (2007, Prentice Hall).
25. Bishop, Computer Security: Art and Science (2002, Addison-Wesley). The shorter version which ‘omits much of the mathematical formalism’: Introduction to Computer Security (2005, Addison-Wesley).
26. Gasser, pdf (free online), Building a Secure Computer System (Van Nostrand Reinhold, 1988). Roger Schell’s foreword refers to this as the ‘first book on the subject’ and a ‘definitive reference’.