Campaign Exploiting SMB Vulnerability †MyAssignmenthelp.com

Question: Discuss about the Campaign Exploiting SMB Vulnerability. Answer: Introduction: As a telecommunication giant, Verizon serves millions of customers who rely on its infrastructure to conduct their communications. This outcome makes the company a major source of information as clients continuously use its systems to exchange data, a facility that was breached earlier in the year. As reported by the companys representatives in July, the companys systems were compromised which left records of more than 14 million customers exposed. Now, according to the company, the attack was propelled by user negligence as the companys subcontracted organization failed to secure the data. In all, the customers affected did not prescribe to any unique service or product but included all the customers that contacted the customers care service within the six months prior to the attack(Sicilian, 2017). Now, the customer care services were held in a separate system as compared to other operations which helped isolate the attack. Nevertheless, the separate system did hold customers sensitive data including names, addresses and contact numbers as is the norm with most customer care services. Moreover, some customers did contact the centre to make inquiries on their access pins which led to their exposure when the breach occurred. However, according to the organization, the data breach was contained after being discovered by an independent Software researcher who hailed from Upguard security firm(Wisner, 2017). The attack, how and why? Verizon placed full blame on a third party member, who according to them was subcontracted to deal with the customer care service. In essence, Verizon had been using a cloud facility to host the communications made between its customers and itself. This cloud facility was set up using the Amazon S3 infrastructure as provided by Amazon web service (AWS). In addition to this, the company had given another party member the control of this service and were thus responsible for monitoring as well as maintaining the system. NICE Systems was the organization subcontracted by Verizon to manage the cloud infrastructure that hosted the customer care service(Deahl, 2017). So how did the breach occur? Well, at the time of the attack, an employee of the subcontracted company (NICE) failed to secure the data contained within the cloud servers. This error led to the exposure of millions of records as outlined above, moreover, the breach highlighted the extent of the data contained on the online servers as they had extensive log records from residential customers who were in contact with Verizon. However, even more worrying was the depth of the information uncovered as there were minimal reductions or any form of encryption. In fact, when viewed by the public eye the records contained clear text data that gave details such as names, security PINs and addresses. Furthermore, some records also contained the customers account balances. In all, the communications made between the organization and its customers were fairly displayed to the masses(Wisner, 2017). Why the attack occurred? (Vulnerability at hand) After the breach had occurred several investigations were conducted by independent researchers who later discovered that the subcontracted organization (NICE systems) had also undergone into a partnership with another organization. Therefore, the customer care service owned by Verizon had been subcontracted to an organization that had also taken another subsequent partner. Now, the other party member involved was Orange, a France based organization that also dealt with telecommunication services(Kumar, 2017). Nevertheless, the official cause of the attack was a misconfigured setting within the security protocols of the cloud infrastructure. Cloud infrastructures are known to have extensive security requirements owing to the amount of data they hold and the connections they use to facilitate this storage. For one, the internet is used as the main access platform which is well known to be pervasive, containing many security challenges. Therefore, the attack at hand occurred due to an error in the security settings which require an adamant security policy. Moreover, the continuous and subsequent chain of subcontractors made it even more difficult to ascertain the security measures put in place(Daitch, 2017). The possible solutions Cyber-security is always a challenging endeavour as there are so many considerations to be made. For one, the data used is continuously transmitted via multiple communication channels which have different users, who have different intentions. Secondly, the users involved are anonymous which makes accountability a difficult issue. Now, the problem is further intensified when a third party member is involved, as the subcontracted company will escalate the risks involved based on their security procedures. Therefore, the first solution would be to eliminate the third party members who are handling Verizons data, in fact, Verizon itself should handle its own data and if necessary engage a cloud service provider directly. However, they should have the ultimate control of the cloud infrastructure to ensure the best security procedures are put in place and followed(Verizon, 2017). In addition to this, the company should consider the nature of the problem at hand, where millions of records containing customers sensitive information are used. The organization should also consider the cloud infrastructure and the security requirements involved. Therefore, a detailed security policy should be implemented to guide the technical staff in deploying the online resources. Now, this policy would have access procedures to manage the availability of the information used. Furthermore, the same policy would enact cryptographic techniques of transmitting the information, having the right encryption, authorization and authentication. This final solution would help contain the datas confidentiality and integrity attributes that were lost because of this attack(Verizon, 2017). Identified by many as the greatest cyber-attack ever conducted in modern time, the WannaCry attack took out thousands of computers connected online. The attack was so severe that some places around the world faced full system shutdowns that to date are still being felt by the users as the malware used was deeply rooted within the online infrastructure. Furthermore, unlike other ransomware attacks, the malware at used employed extensive vulnerabilities within computer systems to advance its course and failed to have substantial weaknesses that could defeat it. In all, WannaCry was a new form of ransomware attack that infiltrated thousands of computers worldwide. In fact, at the start of the attack, an estimated 100 countries were affected including more than 200,000 systems(Sherr, 2017). Now, the attack was traced back to the United States where a black hats hacking group accessed the NSAs (National Security Agency) hacking tools which contained several techniques of compromising systems as outlined in it, cyber-weapons division. This group known as Shadow Brokers used the tools through a system vulnerability to infect many computers around the globe. In the attack, some of the countries affected were Russia, United Kingdom, China and Spain, where multiple systems from various business sectors were compromised(Mullin Lake, 2017). Those affected and how At the start of the attack in May, the initial reports estimated that more than 45,000 computers were affected across 99 different countries. Moreover, the attack did not isolate or target any specific field but instead used different networking connections to conduct its illicit actions. Nevertheless, some countries were more affected than others as most of their industries were heavily compromised as outlined by the aftermath of the attack. These countries were the United Kingdom, Russia and Spain. In the UK, the health sector was heavily affected as witnesses by medical practitioners and patients who were unable to conduct their daily activities. According to most of the staff employed by the health ministries, the NHS system (National Health System) was unavailable for consultation as many computers were permanently disengaged having ransom notes. These ransom notes demanded a substantial ransom amount of $300 in order to restore the data and files contained within the machines. This outcome forced the industry to halt its services across the country as the parties involved could not access the necessary data or records (medical records)(GReAT, 2017). In Russia and Spain, the private sector was hard hit as evidenced by the number of private companies affected. To start with, Russias banking industry was compromised which affected business operations. Moreover, a few public sector organizations and institutions were affected including the health and interior ministries. On the other hand, Spain saw its second largest telecommunication firm and electrical company compromised when the attack took down some of the systems used by Telefonica and Iberdrola. In some of these organizations, the management was forced to turn off their systems in an attempt to contain the problem(Sherr, 2017). Attack process WannaCrys problems started with Shadow Brokers who accessed NSA hacking tools that contained multiple vulnerabilities of computer systems. In these tools was a Windows vulnerability known as EternalBlue which was caused by a faulty messaging block protocol. Now, the protocol at hand was the Server Messaging Block (SMB), which is normally used to establish network connection across the application layer of the TCP/IP model. It is through this protocol that computers are able to share, read and write files across the networking connections they use. Moreover, it is through the same protocol that computers request services from other computers within their connections. Therefore, when compromised, the intruders could fully access a machine with minimal limitations(Liptak, 2017). WannaCry, having established this vulnerability, used the following procedure to attack systems across the world. First, the intrusion started by establishing a connection with the target machine, a function that was successfully done by the SMB handshake while exploiting the vulnerability of the protocol. Secondly, an encrypted file containing the malware program was sent to the machine. This program known as a payload contained the stager (starter) of the malware. Preventing the attack (Solution) According to experts, the attacks occurred because computer users failed to update their Windows systems. In essence, the initial versions of Windows computers contained the vulnerability established by the NSA but were later fixed by the subsequent update patches. Therefore, the first solution to the problem would have been to update the computers connected to the worldwide web. However, the developers (Windows) were at fault as they failed to highlight the extent of the vulnerability as it would have helped to push its customers to acquire the necessary solution. Windows should have prioritised the update feature to the customers having failed to secure the systems during its development stage(EY, 2017). On the other hand, the organizations affected should have had better security protocols to manage the attack. For one, most of these organizations facilitated the infiltration as they had minimal isolations within their networking infrastructures. Therefore, another possible solution would have been the isolation of the networks in use, either through firewalls or even through DMZs (demilitarised Zones). These features would have contained the problem in most of the organizations that were severely affected(CERT-EU, 2017). References CERT-EU. (2017). WannaCry Ransomware Campaign Exploiting SMB Vulnerability. CERT-EU Security Advisory 2017-012, Retrieved 29 August, 2017, from: https://cert.europa.eu/static/SecurityAdvisories/2017/CERT-EU-SA2017-012.pdf. Daitch, H. (2017). 2017 data breaches - the worst so far. Data breach technology personal, Retrieved 29 August, 2017, from: https://www.identityforce.com/blog/2017-data-breaches. Deahl, D. (2017). Verizon partner data breach exposes millions of customer records. The Verge, Retrieved 29 August, 2017, from: https://www.theverge.com/2017/7/12/15962520/verizon-nice-systems-data-breach-exposes-millions-customer-records. (2017). WannaCry ransomware attack. Technical intellignece analysis, Retrieved 29 August, 2017, from: https://www.ey.com/Publication/vwLUAssets/ey-wannacry-ransomware-attack/$File/ey-wannacry-ransomware-attack.pdf. GReAT. (2017). WannaCry ransomware used in widespread attacks all over the world. Secure list, Retrieved 29 August, 2017, from: https://securelist.com/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/78351/. Kumar, M. (2017). Over 14 million Verizon customers' data exposed on unprotected AWS server. The hacker news, Retrieved 29 August, 2017, from: https://thehackernews.com/2017/07/over-14-million-verizon-customers-data.html. Liptak, A. (2017). The WannaCry ransomware attack has spread to 150 countries. The Verge, Retrieved 29 August, 2017, from: https://www.theverge.com/2017/5/14/15637888/authorities-wannacry-ransomware-attack-spread-150-countries. Mullin, G., Lake, E. (2017). MALICIOUS VIRUSWhat is Wannacry ransomware? Malware used to cripple NHS in 2017 cyber attack. The Sun, Retrieved 29 August, 2017, from: https://www.thesun.co.uk/tech/3562470/wannacry-ransomware-nhs-cyber-attack-hackers-virus/. Response, S. S. (2017). What you need to know about the WannaCry Ransomware. Symantec official blog, Retrieved 29 August, 2017, from: https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware. Sherr, I. (2017). WannaCry ransomware: Everything you need to know. Cnet, Retrieved 29 August, 2017, from: https://www.cnet.com/news/wannacry-wannacrypt-uiwix-ransomware-everything-you-need-to-know/. Sicilian, R. (2017). Verizon suffers client data breach. Identity force, Retrieved 29 August, 2017, from: https://www.identityforce.com/blog/verizon-suffers-client-data-breach. Verizon. (2017). 2017 Data Breach investigation report. Executive Summary, Retrieved 29 August, 2017, from: https://www.knowbe4.com/hubfs/rp_DBIR_2017_Report_execsummary_en_xg.pdf. Wisner, M. (2017). Verizon customer information exposed in data breach. Fox buisness, cybersecurity, Retrieved 29 August, 2017, from: https://www.foxbusiness.com/markets/2017/07/13/verizon-customer-information-exposed-in-data-breach.html.