MN502 Potential Threats And Mitigation Tools For Network Attacks Assessment 1 Answer
Part – A: Recent network attack and security principles
Security of network is very important aspect today. It is a set of policies and configurations that are designed to safeguard a network and company data in terms of usability, availability, confidentiality, integrity and accessibility. Network security covers both software and network assets that are key target of a potential threat. An effective security of network prevents the threat to be spread in to the network and manage access to it.
Network attack is a type of unauthorized access to a network of an organisation include private or govt and destroy / steal / damage its assets. These attacks can be of many types depending up on the targeted system and importance of the data or assets . A cyber or network attack can have so many negative impacts over an organisation, as there are so many different types of identified attacks and their impacts are identified by many researchers. Cyber attacks are now becoming a part of a business and regularly growing by involving so many types of new techniques and technologies to attack on the target system . When an organisation is under cyber-attack it has to face so many types of losses in terms of financial loss includes – in recovering, investigate, revenue, etc. Also, they have to have good loss of productivity as a main impact, its reputation may loss or damage, steal or damage of confidential data will have to lead them towards legal considerations and the business will have so many issues in coming on track after the attack incident .
Recent network attacks
Cyber attacks were presents from past and recently being harden using so many new tools and techniques. As a result, it has so many types of damages or impacts over a business. The major cause of a cyber attack will be the gap in security configuration that play a key role which make way of a cyber-attack. Recently, there are so many different types of cyber-attacks are identified in different countries which were targeted some famous organisation around the globe. Here, we will discuss about the three recent network attacks occurred around the world  –
- Software AG attack – software AG is the second largest software vendor in Germany which reported a ransomware attack in October 2020. When investigated, it was found that the giant tech company is been under attack of the Clop ransomware who demanded higher than twenty million dollars as ransom. A report says that the company still not completely recovered from that losses and the effects of the attack.
- Hijack of Telegram – this attack was done in the month of September 2020 which target the Telegram messenger. The main target was the email data of big companies involved in cryptocurrency business. The attacker uses a type of signalling system to capture mobile signals carrying the data. They target twenty high profile companies and spoofed the SMS centre of the mobile operators to send a request of location update and tactfully have their cryptocurrency in transfer.
- Data breach at Carnival corporation – it is world’s largest cruise line operator organisation which report breach of data because of a ransomware attack in the month of August 2020. The attacker was stolen so many confidential data and information of customers and crew members in this attack. When the attack was identified, they immediately hire security experts and launch the investigation to overcome from the situation.
Reasons for these network attacks
A cyber or network attack will be conducted for so many reasons and may have different type and effects on the attacked organisation. In our research on network attacks, the main source of attack was ransomware and malware attack. This type of attack takes a detailed research by the attacker to implant the malware in to the target system. Which will then keep infect the system till everything is in under control of the attacker. When the attacker has all the control of the target system by locking their files, folders, drives or network access, they ask for money to remove the malware from that system and provide the unlock code or key. Besides this, another motive behind the attack is to steal user data and company’s confidential and secret information. The attacker was intended to steal their financial details, client or customer details, personal data of staff, infrastructure detail, etc. but the main motive that we find behind these three attacks is to demand for money and steal the cryptocurrency was in transfer between the two parties .
Importance of key terms in information security
As we know, there are so many different types of assets that are need to be protected against a network attack that is depend up on the organisation and the type of business they conduct. Having a good protection of organisational assets, provide freedom from any type of danger to an organisation. In the context of a ransomware or network hacking attack, we primarily need to identify and protect the highly important assets for our business. Because when an attack is in its place, we cannot predict its surface and the level of damage it will have. So, we prior need to protect our assets like servers, systems, database and main importantly, the company network. Because these are the key assets on which an attack will be done. A network attack will target a network first to get in and access the infrastructure. When the attack was done everything will be vulnerable to be steal or being damage  .
In the researched attack types, the major attack agent was ransomware and man in the middle who hack their session and steal the cryptocurrency is in transfer. In ransomware attack, the user in the network is sent an infected file or email or redirection link where a malware is implanted. When the user hit on that link or download the malware, it starts infecting the system. While in MITM, the attacker hacked into the system, authenticate himself to get involve in the session being created between the two users and can redirect everything that of his interest  .
Part – B:
Feedback of Part a:
In this part, we have research recent network attacks on the famous organisations for the intention of demand and steal of money. The attack is conducted in the form a network / cyber-attack. Ransomware is the one of the most used threat in the network today that was used while attacking most of the time, as in the researched network attacks. We will provide a detailed discussion over it by taking one attack scenario from the three, to further elaborate this attacking measure.
Identification of threats
As almost all the measures are regularly updating today to make the threats more powerful. It can have so many different forms while conducting an attack. A network threat can be in the form of a malware, phishing, botnet, denial of service (DoS) or crypto jacking, etc. The very usual network threat among these are present in the form of a virus, worm, rootkit, adware, etc. which are tactfully implanted in the victim’s system for the purpose of get it infected .
As per our research of recent network attack on the three organisations, ransomware is the commonly used threat that is used for the purpose of attack. It is a sort of malware that is specific threat for united states businesses from the past few years. A ransomware uses an encrypted file which is having the malware to infect the target system or network. Some of the variants of this type of malware, are programmed to delete or block specific files and folders in the target system and known as locker ransomware. This act will lock the access of that system, particular file, folder or drive and demand money (ransom) to provide the unlock key to unlock the drive. This ransom is in the form of cryptocurrency. Most of the time, the infection is initiated by user specific actions like clicking on any malicious link, executing an infected file, opening a phishing email, download and execute any malicious file on the system, etc. The malware is then executed and started infecting the target user’s system without let the user know about the activities, suing hiding mechanisms. Different type of malware may have different attacking measures executed on the target system and the use is completely unknown about the infection. When all the attacking tasks are done and targeted file, folder or drive is blocked, an error is shown to the user in the form of a message to pay a ransom to get the unlock key. The ransom is always so higher to be pay which will highly impact the financial situation of the organisation .
Details of existing tools and systems
As we know, there are so many different types of attack measures present today that will attack and impact a target system or network, ransomware is also one of them. It is a type of malware application that the attacker will used to send on the target system, encrypt the system, lock it and ask to pay ransom to unlock the system. There are so many system and mechanisms that will support both user and attacker .
These are listed here –
- An attacker mostly uses a malicious link on the internet to redirect a user to a malicious web site where possible infected program is presented. When the user clicks on that link, malware will download and started infecting the system. It then, can lock the overall system like hostage.
- As another way, the attacker will send an infected email to the specific user or system and attached a malware with that email as an attachment. When the user will open or download the attached file to that email, the system will get infected. So, it is recommended to always use trusted web sites to download any type of data over internet, either accessing email or download.
- The attacker sometimes, use phone calls, personalised emails or text messages to get user details and make personalised attack. He can use those user information or personal data in their attack mechanism take us into an open infection with a more specific attack or revelling our personal details.
- Every user today should use a mail filtering technique with proper scanning methods. Never click, go or open any unknown web site, redirection links, application or email.
Mitigation of attacks
In this section, we will particularly discuss about the ransomware attack on the Software AG corporation where the organisation was suffered a massive malware attack and have to pay a huge ransom to safeguard their employee’s data and confidential information of company. The implanted ransomware was the variant of CryptoMix that is a low impact and will be delivered via fake entities to the target system. This ransomware is only the key point of infection which take the entire organisation at risk . The ransomware was featured with information stealing which theft their secret data and post it on a web site over dark web. While investigating the incident, download of data found from their server and many user systems that are based on a cloud computing service. When the infection was identified, they start an investigation and shut down their services and server for that time for security reasons. Their web portal will be live with a message to the users about a technical issue in their online support system and keep up supporting for few times. The malware hunter team was hired. They research and find out that their systems are infected with Clop variant of the ransomware which will demand for twenty million dollars to provide the unlock keys. The attacker has about a terabyte of data which he exclaimed to be delete if the demanded ransom will not be paid. The attacker used APT analysis technique to keep hide themselves and have a detailed research about the client before initiating the attack and deploying the ransomware. They use proper hiding techniques while exfiltration of data in deploying the ransomware . The clop ransomware used at Software AG, was created a pandemic like situation where their huge confidential data and secret information is available to everyone to be downloaded for free. As the main nature of the clop team, they created their web site on which they post all the information and data of the organisations which do not pay ransom.
Recommended mitigation techniques
At today, where, there are so many types of measures available to attack on a network or system, there are some protective measures are also there that helps in protection our network from these types of harmful attacks and viruses. Besides a ransomware, there are malware, trojans, worms, adware, etc. which can attack and infect a system and put it into danger. We recommend the two mitigation techniques to be used to protect the systems at our organisation .
The mitigation techniques are –
- Use of access control measures – access control is the feature to protect the system and network from unauthorized access of company resources. This may include all the assets present at the company. Access control is an important part of a network security approach. Weaker security over network, data or systems make it vulnerable of attack. Using proper authentication and authorization service with enough measures will help keep the organisation secure. Using network security measures like firewall, intrusion prevention and detection system and software-based security like email filter, web site filter, etc. will reduce the chance of being attacked by any malware. One should also keep their operating system and all the installed software up to date will also decrease attack surface.
- Use standard software with – all the software applications used on a system in an organisation, should be standard software, purchased from authorized vendor. Any software should not be installed without a proper approval. All the software including the operating system should be update regularly with security patches and latest released updates.
In this assessment part, we have further research to identify potential threats in the network which may impact security of a network and prone to attack the most. A recent network attack scenario is taken from the part a, Software AG ransomware attack, where an attack was conducted using ransomware which harm the organisation a lot. We have discussed the attack measures, implant of ransomware, and tools used in that network attack. The attack was a well-structured, with detailed research of the organisation was conducted prior to the attack. Their one tera byte of data was in question and a huge ransom was demanded to unlock the data that was hacked by the Clop ransomware team. Two mitigation techniques are discussed to help protect from these types of attacks and effective enough.