Mitigating Attacks

Question

“Mitigating Attacks” Please respond to the following:

  • We’ve been talking about the various forms of attacks that malicious hackers can use to compromise security this week. Do a search on the Internet for an article about a recent (Within the past 4-6 months) attack. What method did the hackers use? Was it a sophisticated attack, or more amateur in nature? Now that you’re learning about attacks and how to mitigate them, what recommendations would you have to your leadership at your company if this attack had happened on your watch? What steps would you take to protect your data personally?

Sample paper

Mitigating Attacks

Malicious hackers can use various forms of attacks to compromise the security of computer networks, information systems, personal computers, and infrastructures. In the recent period, cyberattacks has significantly increased. These attacks target individuals, corporations, government agencies, and even critical infrastructure. Some form of attacks is less intrusive – often meant to collect information from the target. Other forms of attacks may cause massive disruption to the normal operations of the company. For instance, cyberattacks designed to steal confidential customer information from financial institutions such as passwords. This short paper is an evaluation of a recent case of cyberattack in the country.

The article by Thompson and Mullen (2017) provides details of a recent ransomware attack that led to loss of millions of dollars by private and public businesses around the world. As earlier stated, the attackers used a ransomware to conduct attacks in different parts of the world. Ransomware is under the category of malware, which refers to malicious software designed to cause certain damage to a computer. Ransomware encrypts data or files stored on computers. The ransomware may prevent the user from accessing all or part of the data stored in the computer. Ransomware also displays messages asking for money to restore or decrypt the data or for other demands. Once the user makes the payment, the data or files are restored on the computer.

The ransomware attack seems to be amateur in nature due to various reasons. First, the ransomware, also known as WannaCry, had an easy-to-find kill switch (Kaste, 2017). This means it was easy to contain the spread of the ransomware. The kill switch was a URL address that came with code. The kill switch in sophisticated ransomware could be difficult to find. Secondly, the ransomware had a manual way of accepting payments from users. Sophisticated ransomware often utilizes an automated form of payment whereby users who pay the ransom get their computers unlocked instantly. In the case of WannaCry, the hackers would send each user a code. Probably the hackers had not anticipated it would spread quickly. Thirdly, the hackers were collecting bitcoins using just three addresses. Sophisticated hackers would create an address for each transaction, resulting in millions of addresses and making it difficult to track.

The WannaCry ransomware infected computers running on an earlier version of Windows, which had a particular security vulnerability (Thompson & Mullen, 2017). Microsoft had already developed a security patch for the said vulnerability in Windows. However, most organizations had not updated their operating systems and were still running on the earlier versions. In light of this, my recommendation to the management is to ensure that there is frequent updating of the various software, antivirus programs, and operating systems. Frequent updating of software and antivirus programs can increase the ability of the organization to eliminate security threats. This could be achieved by setting the computers to update software and operating systems automatically. The use of legacy systems significantly increases security threats to the company’s information systems. The organization should avoid legacy systems. It is also important to ensure constant data backup. This can ensure that in the event of loss, minimal damage or loss of data would occur.

In summary, companies are more likely to experience cyber-security threats today than any other period in history. As such, there is need to ensure they adopt various mitigation strategies to avoid cyberattacks. In the case of the WannaCry ransomware, companies and individuals would have been able to avoid attacks by frequently updating their computers’ operating systems.

References

Kaste, M. (2017, May 16). From kill switch to bitcoin, ‘WannaCry’ showing signs of amateur      flaws. NPR. Retrieved from            http://www.npr.org/sections/alltechconsidered/2017/05/16/528570788/from-kill-switch- to-bitcoin-wannacry-showing-signs-of-amateur-flaws

Thompson, M., & Mullen, J. (2017, May 14). World’s biggest cyberattack sends countries into    ‘disaster recovery mode’. CNN. Retrieved from           http://money.cnn.com/2017/05/14/technology/ransomware-attack-threat-   escalating/index.html?iid=EL

Related: Communication Plan-National Infrastructure Protection Plan Paper