How was the Attack Carried Out?
The report will discuss in detail two security breach cases and their impact on people. These two cases are 198 million voter records exposed and Wanncry ransomware cyber attack.
This case happened on June 19, 2017 when a huge number of voter data was exposed in different parts of USA like Mexico and state of Georgia. However, what was even more surprising was that this data was publicly accessible exposing the personal information of over 198 million voters of USA. The data was actually owned by a conservative data based firm called as Deep Root Analytics and the company use to save it on a platform called as Amazon S3 (Newman, 2017). As per the expert reports, it was also discovered that data was exposed to any random person who can found it since it is a part of a clever hacking process with complex internet based forces. But it was also the part of simple case of missed case of configuration. Even though it cannot be properly considered as a perfect case of hack but it is a case of one of the biggest risk in cyber security for organizations.
How and why it occurred
The founders of the Deep Root Analytics found the information that was made accessible to the public like name, address, affiliation with the party and many more. At the same time, criminals coming across such a huge trove of information could have find enormous amount of value with all the information which was already aggregated at one single place specifically when the associated source is an expert in compiling data consisting some kind of value (Minnite, 2017). The organization is working to save the situation and securing the exposed data however it is important to understand here that the situation will gets worse initially before it starts getting better.
The research also says that it consist scanning the internet for data which was accessible in public platform and must be secured. It was also discovered that exposed data was lacking any kind of protection against any unwanted access and it can be viewed by anyone who can access the internet. It is also important to understand here that the string would not even be that challenging to face with the help of a random kind of generator and the server also happen to has a huge amount of data protected on the system however it was later misconfigured and this is why more and more private information get exposed (Hall et al, 2017). This incident is now merged with other similar misconfiguration of database cases like dating services or screener system in Hollywood and Microsoft sites cases which came as threats that many database servers are facing in recent time.
There are some solutions to the problem as well that can help in reducing the number of servers that are misconfigured and exposed the data on internet. The first step is to raise maximum awareness among the people. It is obvious that these incidences have affected millions of people and it is important to encourage organizations to give more time as well as resource in setting the servers and properly maintaining it long run.
Another solution is to make default kind of setting in the cloud which will help in making the database more secured and help in tightening the overall control. There are some securities companies have started developing products that can easily scan the current system being established as additional layer of defense and at the same time also warning the staff of IT to look at the traits or be more aware about the information with there are any threats on security (Aker et al, 2017).
However, it is also important to note here that moving to cloud infrastructure can be a smart move but it is at the end of the day is another layer of risk being added to the system and each time, the user add any kind of component that needs to be verified, a specific percentage of the population is not going to further evaluate it (Udani & Kimball, 2017). Further in statistics manner it is being added to the exposure but it doesn’t mean that organization can be completely secured in the right manner with the data being saved in cloud however, the experts also says that any kind of attempt to provide a warning about the current danger of exposure in the system on the public internet will face little interest.
The company has taken full accountability for the loss and the company is making all necessary investigations to evaluate the information that has been gathered over a period of time and secured. It is important to understand here that any specific party with any specific company, it can be treated as an epidemic that is present everywhere (Hershey, 2017).
Ransomware cyber attack on the web
In May of 2017, a new issue or rather a serious strain of ransonware has been exposed all across the world and further caused a lot of crisis in organizations like National Health Services, hospitals and other facilities in different parts of the world like UK and Spain and many more. The affected parties were large telecom organization like Telefonica which is a natural gas organization or the electrical company namely Iberdrola. It is important to understand how people always speak about the issue called the Big One (Ehrenfeld, 2017). This ransonware was called as Wannacry and in other word it was called as WanaCryptor. This is actually a new version of pervious ransomware attack with thousands of attacks in more than seventy four countries. The reach of the attack in much heavier and the country like Spain, UK, Russia, Taiwan, France and dozens of more countries were covered under it.
Affected people and how
This attack was taken as massive all across the world and in addition had handicapped so many infrastructure and government in more than one hundred and fifty countries which also happen to include large part of Britain hospital structures and railways of Germany. It is actually expected as one of the largest online based extortion attack ever recorded (Mohurle & Patil, 2017).
The attack started with a ransomware infecting the chain of computer as well as locking the users away from the system and then later holding the level of description along with other release of ransom until the current victim has to pay an amount or ransom. This usually happened in the case of bitcoin.
The case of NHS further experienced all kind of hobbled databases in computers as well as phone systems along with system failure and along with a lot of confusion after the computers in hospitals initiates expressing a message of ransom demanding more than $300 worth of bitcoins. As an outcome of this infection, many health care organizations, hospitals, offices and places in Northern England had to cancel many services and had to start working on some backup processes (Mattei, 2017). The news was spread saying that patients must completely avoid coming to hospitals if the situation is not very serious. However, the situation doesn’t seem to have come out as any kind of unauthorized access to the details of patients. The National Health Services in UK is investigating the matter and also trying to minimize the impact of the attack and as per the news of UK, there are number of outlets that have reported to instruct the hospital personnel to do things that can completely shut down the computers and it comes with large IT network based services. There are many other victims as well like Spain that are also taking same kind of measure to save the data and the organizations are telling employees to completely shut down the infected systems while they wait for the right set of directions about the challenge (Morehouse et al, 2017).
Hospitals are actually the worst victim of this ransomware since they an urgency to store all the services for the sake of patients. This is why, these institution were more prone to pay to criminals in order to reinstate the system. They also usually make for an easy target for any kind of attacks. Healthcare and other similar sectors later tend to make the process slow to deal with number of vulnerabilities (Martin et al, 2017).
Following are detail discussion of recommendations: -
- It is important to immediately make some secure backups for the same which means when the files are properly encrypted the options are restricted. It is important to recover from the backup the data as soon as possible.
- Patching the system and properly updating is crucial step. Those people who include called as highly dangerous hole for security in Microsoft Windows users didn’t apply Microsoft March with software fix and malware specifically designed to spread rapidly with proper government and business network (Martin et al, 2017).
- Usage of antivirus software: with the usage of antivirus software saves most fundamental and well known virus by properly scanning the system against all known fingerprints. There were number of criminals as well with low end advantages of less kind of savvy users with different viruses and malware is continuously transforming and antivirus is constantly detecting it (Martin et al, 2017).
- Education of the workforce: it is a basic level of protocol like focusing on the workers that should not click on any kind of doubtful links or suspicious sites that can save the bad cases.
The attack by WannaCry didn’t just go after the NHS. The attack affected many organizations across different sectors and industries. The main aim is on supporting the company to manage the situation in a more swift and decisive manner (Martin et al, 2017). In certain ways, it makes things more worse and the system not just about coming out from the hospitals but it was about coming out from whatever situation it can. The situation is expected to get worse in future
Aker, J. C., Collier, P., & Vicente, P. C. (2017). Is information power? Using mobile phones and free newspapers during an election in Mozambique. Review of Economics and Statistics.
Ehrenfeld, J. M. (2017). WannaCry, Cybersecurity and Health Information Technology: A Time to Act. Journal of Medical Systems, 41(7), 104.
Hall, E. M., Acevedo, J., L?pez, F. G., Cort?s, S., Ferreccio, C., Smith, A. H., & Steinmaus, C. M. (2017). Hypertension among adults exposed to drinking water arsenic in Northern Chile. Environmental research, 153, 99-105.
Hershey, M. R. (2017). Party politics in America. Taylor & Francis.
Martin, G., Martin, P., Hankin, C., Darzi, A., & Kinross, J. (2017). Cybersecurity and healthcare: how safe are we?. Bmj, 358, j3179.
Mattei, T. A. (2017). Privacy, Confidentiality, and Security of Health Care Information: Lessons from the Recent WannaCry Cyberattack. World Neurosurgery, 104, 972-974.
Minnite, L. C. (2017). The Myth of Voter Fraud. Cornell University Press.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5).
Morehouse, M. A., Loveck?, T., Read, H., & Woodman, M. (2017). Quantify? or, Wanna Cry? Integrating Methods Training in the IR Classroom. International Studies Perspectives, 18(2), 225-245.
Newman, L, H (2017). THE SCARILY COMMON SCREW-UP THAT EXPOSED 198 MILLION VOTER RECORDS
Udani, A., & Kimball, D. C. (2017). Immigrant Resentment and Voter Fraud Beliefs in the US Electorate. American Politics Research, 1532673X17722988.