Question

Describe one of the recent incidents that you may have come across (newspaper articles, stories, workplace or related experience) regarding information security attack related issues. Explain the incident and provide information about how the organization/ individuals responded to such attacks. Also, provide information about what are the lessons learned.

Answer 1

I will explain a cyber attack happened in India. Wannacry was a virus attacked the indian banks, expert banks and eminent bank professonal, millionariesin India. I will explain about this attack now.

The attack takes place in August 13, 2017 in India. Many isolated attacks were taken place specifically in bank servers asking for money. One of the message send to a millionaire threatened by saying "Please give us 1300 bitcoins in order to prevent the system from decryption attacks." Such, similar attacks were deployed in many parts of the country. The initial message of all this attacks were threatening of nature especially regarding bitcoins and money. In most of the attacks, the attacker has encrypted the user's confidential data and urged, threatened to pay for them to decrypt the files. The main source of the attack was occured by clicking certain links or .exe files in the system. Once, the attack has entered a system, then it will spread in the network to the related person of the victim just like an epidemic.

Here, a government organisation Indian Computer Emergency Response Team (CERT-In) has reported and alerted the main bank officers, officials and government officials about the attacks. Later, they found out that the attack was a part of a big attack carried out globally by the name "Ransomware".

Further, CERT-In has taken the following steps after detecting the attacks:

• CERT-In immediately alerted the important government organisations by conducting a webinar. The special emphasis is given to National Informatics Centre (which controls all central and state government systems), the RBI, National Payments Corporation of India and Unique Identification Authority of India over the weekend of the attack.
• Special telecom networks are being deployed for internet service providers for securing the network.
• The attack was mostly focused on Windows based systems. So, the team of cyber security team has focused on giving protection to windows based systems.
• Installed security patches issued by the microsoft corporation for immunizing corporation.
• Urged the windows users especially to switch operating system from Windows to Linux.

LESSONS LEARNED BY ATTACK:

• The attack was similar to that of a epidemic. It spreads across the network through a human intervention. The severity and tracking or preventive measures for such attacks can be taken only by finding the network of the epidemic.
• Most of the attacks were mostly on the systems that uses pirated versions of the software. The reason for such attacks is because even if the attack is being deployed in such systems, the attackers would not complain to the software companies. That is why, most of the attacks are being deployed in pirated software systems.
• The attacks are mainly on financial or money oriented organisations or persons.
• Attacks were done by encrypting the confidential data on a system. This pinpoints towards more security on confidential data. A software for securing confidential data is urgent one in banking sectors and all.
• attachments in emails that are .exe, .zip or .scr should generally not be clicked on without checking with the sender, and that one should be wary of emails from unknown addresses whether or not they have attachments or links. This is very important for employees working on financial companies.