Sample1.docx - Running head CYBER CONFLIC SITUATION 1...

This preview shows page 1 out of 17 pages.

Unformatted text preview: Running head: CYBER CONFLIC SITUATION 1 WannaCry Cyber Conflict Situation: Origin, Impact, and Mitigation Student’s Name University CYBER CONFLIC SITUATION 2 Abstract Cybercrimes are greatest fear for individual and organizations why rely on computing applications. In the events they occur, they can subject organizations to massive financial losses and cause disruptions to services. As security experts work on means to overpower maliciously driven hacks, hackers never stay behind as they are always ahead with regard to means with which they can cause disruptions. WannaCry cyber-attack of 2017 is an example of how computing systems for individuals and organizations can be brought to a standstill by maliciously driven hacks. The hack had an international outreach that covered over 150 countries, and its financial impact is estimated to be to the tunes of billions. Cyber-attacks tend to target systems that are running on outdated software or those for which little security measures are installed. This paper discusses the origins, spread, impacts, and fixes to WannaCry. It is hoped that the readers can understand the importance of regular computer security updates, all in efforts to avoid disruptive hacks such as WannaCry and others. CYBER CONFLIC SITUATION 3 WannaCry Cyber Conflict Situation: Origin, Impact, and Mitigation Cybersecurity cannot be guaranteed all the time. Hackers always try their best to stay ahead of the information systems most organizations and individuals are using. The best way some significant security can be enjoyed is if a firm considers a routine update of its software. In instances devices run on old and non-updated software, the most likely outcome can be hacks that can be devastating regarding their severity, and the financial implications of addressing security breaches suffered. WannaCry is an example of security mishaps that can befall firms and individuals who take less regard in ensuring that their devices run only updated software. The ransomware blocked access to devices it infected and only allowed for re-entry after payment of a $300 ransom. An analysis of WannaCry showed that it mostly affected devices that had old versions of Microsoft Windows operating systems. While many people would want to link WannaCry to technological sophistication on the part of the hackers, the conflict was in large part due to computer users’ failure to update their devices with relevant software. WannaCry Cyber Attack – Background Information WannaCry cyber-attack was one of the most headlines-hitting stories of 2017. The attack involved a hack targeting computers, and upon successful execution, encrypted files of a targeted computer. The encryption prevented the users of affected devices from having access to their devices unless about $300 in Bitcoin payment happens[Iva171]. The ransomware gave an allowance of three days for the payment of its first $300 in Bitcoin, an amount which rose to about $600 in Bitcoin if the user of the affected device had not made payment within seven days. WannaCry hack is estimated to have infected slightly above 200,000 devices in over 150 countries[Reu172]. The vast scale of its attack made it the topic of discussion in all parts of the globe as firms and individuals took precautions to avoid being victims. WannaCry first made CYBER CONFLIC SITUATION 4 news on 12th May 2017 after reports of its infections began making news in Asia[Bri17]. Soon after, it made the presence in other parts of the globe, a situation that made it among the world’s most public cyber-attacks after the 2014 cyber hack on Sony Pictures. An analysis of WannaCry infections showed that the ransomware only targeted devices running on Microsoft Windows. Devices running on Microsoft Windows Server 2003 and Windows were highly vulnerable to WannaCry because they lacked necessary security patches that Microsoft had made available in 2014[Ste172]. A cyber report by internet and computer security firm, Kaspersky Lab, showed that 98% of the devices affected by the hack ran on Windows 7 while Windows XP accounted for about 0.1 percent of the successfully targeted devices[Rus171]. The fact to explain the statistic is that there are many users of Windows 7 than Windows XP. Windows 7 is more popular among Windows XP among many Microsoft Windows users because it has an interface that allows for simple use. There were no, or at least minimal reports of devices running on higher versions of Microsoft Windows, Windows 8 and Windows 10, being affected by WannaCry. The operating systems accounted for only 0.03 percent of affected devices[Mar175]. That thereby implies WannaCry’ infection of some devices was partly an issue to blame the individual and organizations for the failure to consider software update for their devices. Reports were that WannaCry managed to spread itself to many computers because it utilized a transport mechanism that enabled it to infect vulnerable computers linked in networks. WannaCry Computer Virus – Origins It is often challenging to trace the origins of cyber hacks of the scale similar to that of WannaCry for several reasons. Because of the severity, such hacks have on their targets; their creators use all the tricks available to them conceal their identities. Cybercrimes are punished CYBER CONFLIC SITUATION 5 severely in many countries throughout the world, and that is no feat creators of WannaCry would stupidly want to come to reality with. Coders behind a computer virus may intentionally leave information that can mislead cybercrime investigators into taking different locations for the origins of their malicious works[Han99]. It is also very challenging to identify the origins of many computer hacks because their creators often work anonymously, and in privacy mode that sometimes is very difficult to locate, thanks to the existence of high-tech virtual private networks (VPN) and remote desktop protocol (RDP) software. That thereby means, the work of locating the origin of a computer virus can sometimes just be a matter of speculation, based on the code traces creators of malicious computer programs leave on their software creations. WannyCry is no exception concerning such speculation. Many computer security experts and security advisers for many governments have voiced concerns that WannaCry possibly could be a creation of hackers based in China and North Korea. The United States and UK security agencies concluded North Korea being the origin of WannaCry[BBC174]. The argument supporting the assertion was based on an analogy of the competency level of the language used to develop the virus. WannaCry’s code was available in as many as 28 languages. Its Chinese and English versions seemed to be human-written, unlike other words that had elements of machine translation. The fluency level of Chinese in the ransomware's text was described as “very fluent, at least native”[Car172]. The language analogy could give an impression of the creators of the virus being Chinese nationals. However, the British and the United States security agencies have maintained their assertion of the virus being a creation of North Korea. In 2014, Sony Pictures suffered a hack, probably originating in North Korea in a day coinciding with its planned release of a comical film, The Interview, whose plot ridiculed North CYBER CONFLIC SITUATION 6 Korea’s supreme leader, Kim Jong-Un. The scale of the 2014 hack on Sony Pictures and the magnitude the WannaCry virus are almost on the same level[Dav174]. The traces of the Sony’s hack showed possible links of the creators probably being Chinese or North Korean, and that could have acted as a precedent in the UK’s and U.S. national security agencies to call WannaCry a creation of North Korea. However, not all cybersecurity experts find North Korea’s cyber capability convincing enough to create a malware that can mimic the scale of WannaCry[Dav175]. The nationality of hackers behind the virus is yet to be found, and for reference reasons, especially in the United States and many western European nations; WannaCry is taken to be a creation of North Korea. WannaCry’ Geographical Reach WannaCry could be regarded as one of the most potent ransomware, judging by its geographical spread. According to internet and computer security firm, Kaspersky, the most affected countries by the virus were Ukraine, Russia, Taiwan, and India[Dan175]. Russia’s Ministry of Interior had about 1,000 of its computers infected with WannaCry virus[And172]. Brazil, the United States, the United Kingdom, Canada, Germany, Spain, and China were also among the countries hit hard by the virus. An analogy of the virus spread reveals a thinking pattern that it creators had mostly targeted European and North American countries[Ela17]. That could be the case for the obvious reason that people in Europe and North America show concerns for cyber security more than individuals in other regions. Income considerations could also have been a factor in deciding the areas to target the most with the WannaCry virus. It made sense for WannaCry’s code to spread itself in many computer machines in Europe since many people there are relatively more willing than others to pay ransom for their gadgets to be set free from the virus’ infection[Sam171]. WannaCry’s spread was rife in the first three days CYBER CONFLIC SITUATION 7 of its existence its existence surfaced. After numerous reports of the malicious effects of the ransomware on machines, major news outlets run stories on the virus making many people be informed about its existence, and how to avoid it. Many firms took measures to protect themselves against WannaCry by installing appropriate patches on their computers, a situation that somewhat denied the ransomware more potential victims[Mat17]. An ironic observation is that WannaCry hit hard the most countries whose cybersecurity capabilities rank among the globe’s best. The impact the ransomware had many cybersecurity experts all over the globe to take notice of the ever unpredictable means hackers work. How WannaCry Managed to Spread Itself to Many Computers There are many theories by computer security experts detailing the exploits WannaCry could have utilized to infect thousands of computers around the globe. Initially, claims were that WannaCry was distributed from one computer to others through an email spam campaign[Sam172]. After some time researching on its spread mechanism, computer security experts identified that WannaCry used the EternalBlue exploit to detect vulnerabilities in public use message ports for computer servers. The link between EternalBlue and WannaCry was itself a controversy, the source of EternalBlue being the United States National Security Agency (NSA)[Rob173]. That led to some thoughts that the NSA could be the entity behind WannaCry, a claim that did not surface many thanks to the NSA distancing itself from rumors that it could have created the ransomware. The fact that NSA made alerts against WannaCry convinced the public to distance the body from the ransomware. EternalBlue aided WannaCry in searching for vulnerability exploits in computer machines using Microsoft Windows, targeting mostly the Server Message Block (SMB). A vulnerability existed because many computers targeted by WannaCry had SMB version 1 that CYBER CONFLIC SITUATION 8 could accommodate crafted data packets which hackers could use to run arbitrary codes on remote computers targeted by a hack[Lee17]. EternalBlue also acted as a vulnerability exploits for devices running on Microsoft Windows that Server Message Block version 2 (SMBv2). The exploit enabled WannaCry to target computer machines running on XP and Windows 7. Some versions of Windows Server 2003 and 2008 also had the exploit for SMBv2 thereby allowing them to be targets of WannaCry[Kas17]. The vulnerability exploits available in the code also enabled it to access computers’ IP addresses, and execute its damage. After identifying vulnerabilities in a machine, WannaCry worked on means of finding a backdoor utility, a function aided by DoublePulsar malware. Through the backdoor function of DoublePulsar, WannaCry could alter safe modes of computers it targeted[Zam17]. That was possible because DoublePulsar enables WannaCry to bypass the typical methods of gaining authentication to a computer system. Through such attack mechanism, DoublePulsar could install itself in a device successfully, deletes the original code that serves a backdoor and thereby leave a machine’s accessibility and connectivity only to the attacker. A computer affected by WannaCry could then initiate SMB requests to other devices using the code “trans2SESSION_SETUP”[Log17]. The request code enabled WannaCry hackers to know whether a targeted machine was clean or had already suffered WannaCry infection. By sending SMB requests to computers, WannaCry spread itself fast, clean computers becoming victims of its vulnerability exploits, especially in devices running on Microsoft Windows. Protection against WannaCry Days before a software patch against WannaCry was available, internet and computer security firms such as Avast! And Kaspersky Lab advised PC users to consider preventive measures such as making sure their anti-virus software is up-to-date[Lis17]. Computer users CYBER CONFLIC SITUATION 9 were also encouraged to avoid using insecure servers for that would have exposed them to the vulnerability exploits utilized by WannaCry. Microsoft became the heart of WannaCry discussions because the highest percentage of computers affected by the ransomware used its operating system versions. Microsoft responded to the situation on May 12th, 2017 by releasing security patches against WannaCry for its Server 2003, Windows XP, and Windows 8[Dav176]. The updated security patch from Microsoft was available for free download on the platform’s website. Microsoft blamed NSA for a leak of vulnerability exploit that aided spread of WannaCry[Jef171]. That led to speculations that WannaCry was a work that went beyond the involvement of the hackers. It is challenging to provide statistical estimates of the number of potential WannaCry exploits Microsoft patches prevented. However, one thing for sure is that stories of WannaCry exploits began to diminish from news outlets, perhaps an indication of the ransomware’s capability being restrained from spreading further. Microsoft’s move to provide somewhat up-todate security protection against the ransomware saved many government agencies, organizations, and individuals from being victims of the capability of the ransomware[Ric174]. As it became clear that WannaCry was posing less and fewer threats as time went by, another discussion that popped up was on government agencies preparedness to counter cyber-attacks mirroring the severity caused by WannaCry. British National Health Services (NHS) was among the most impacted by the hack, and an investigation into the issue revealed that the agency was running on old computer systems that had remained not updated for too long. Organizations Most Affected by WannaCry WannaCry affected computer network operations in many parts of the world. Many organizations, acting out of the fear that their computer systems could be targets of the CYBER CONFLIC SITUATION 10 ransomware, stopped their activities hoping for security fix for the virus to be made available. The ransomware was not selective regarding the computers it targeted, and that means computer systems of government agencies, corporations, and individuals were not in any way exempt from WannaCry malware capabilities. In the United Kingdom, WannaCry rendered many computer networks of the National Health Service inaccessible[Reu173]. Many General Practice appointments had to be canceled since the computers used by medics could not be used at all. Many ambulances were diverted from hospitals whose computer systems were inoperable due to the effects of WannaCry infection[BBC175]. For about 2-3 days, the British National Health Service (NHS) experienced operational difficulties, all as a result if the inconvenience WannaCry had on some of its affected computer systems. In Spain, Telefonica, a telecommunications giant, had many of its computers rendered inaccessible following infection with the ransomware. The hack did not disrupt Telefonica’s service delivery[Reu174]. However, it raised questions about the capability of WannaCry – big telecommunication firms becoming successful targets for ransomware like WannaCry showed that cybersecurity is an issue that is not only confined to big-sized firms. French automobile manufacturer, Renault, had to shut several of its factories in France in efforts to put up security measures against WannaCry and other security vulnerabilities[Pau172]. FedEx had to cancel some of its deliveries after some of its computer systems became a target of WannaCry. Many organizations had their operations disrupted in one way or the other because of WannaCry’s spread, the mentioned firms being just a few mentions of the probably hundreds of firms affected by WannaCry. The Financial Impact of WannaCry CYBER CONFLIC SITUATION 11 There are speculations on how much approximately WannaCry ransomware attack had on its victims. It is challenging to find the number of its economic consequences because many of its victims openly did not report the financial losses they suffered because of the attack[Ric175]. WannaCry caused many firms to lose money, even ones that did not eventually fall victims to the hack. Many firms took precautionary cybersecurity measures just to ensure they did not fall victim to the ransomware. The firms that followed the malware protection approach had to use part of their finances not initially planned for use, and that in one or the other led them to economic losses. WannaCry led to firms and individuals losing money in the following ways – paying the required $300 in Bitcoin to regain access to their computers, and the economic losses suffered due to inability to engage in business as usual because of computer systems disruptions[Jon173]. That contributed to financial losses. The magnitude of financial losses suffered as a result of the malware penetration into computer systems is estimated to be in millions, some estimates giving figures running into billions. Cyber analysis estimates are that slightly less or above $100,000 was paid to WannaCry’s creators through the demanded $300 in Bitcoins payment[Sam173]. Other views are that worldwide; the victims of the hack lost as much as $4 billion. Some analysts estimate the financial losses to be to the tune of several hundred millions of dollars. Internet and computer security firms also spent massive financial resources in efforts to control the hack, an economic picture that is very challenging to get its actual value[Ada17]. Most importantly is that WannaCry had some financial impact that was well felt – computers owners parting with $300 in Bitcoin for the devices to be set free from the ransomware is in itself financially damaging. Updating a firm’s is a costly process, and firms that were forced to do so because of WannaCry attack inevitably suffered some financial losses. CYBER CONFLIC SITUATION 12 Conclusion WannaCry ransomware attack targeted devices running on Microsoft Windows that had the EternalBlue vulnerability exploit. Upon successful infection, WannaCry encrypted files of the devices it targeted, and only enable reentry into the devices if a $300 ransom payment in Bitcoin was made to address issued in the ransomware’s message display to affected devices’ users. The payment rose to $600 within seven days if users of the affected devices failed to pay the initial $300 request within three days. Devices running on Windows 7 accounted for about 98 percent WannaCry successful targets while Windows XP only accounted for just 0.1 percent of the hacks. Microsoft released a security patch...
View Full Document

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern