Discusses About Shadow Broker Organization â€Myassignmenthelp.Com

Question: Discusses About Shadow Broker Organization? Answer: Introduction: A group of mysterious hackers is seen to be involved with the dealing of malware and hacking tools that is an associated tool used by the National Security Agency (NSA) of America. This topic of secrecy and controversy regarding the tools that are involved with the National Security Agency (NSA), are exposed by the mysterious group involved in crime known as the Shadow Brokers. This report discusses about the nature of the problems that was caused by this group, the reason for its occurrence and the mitigation of such attacks in the future. Discussion: The Shadow Brokers are a group of hackers whose existence came in light in 2016, summer. These groups of hackers were involved in exploiting the resources obtained from information leaks associated with the National Security Agency (NSA). The exploited resources were used to target the firewalls of business enterprises, anti-viruses and products related to the Microsoft Corporation (Martin, Kinross Hankin, 2017). The Shadow Brokers are mainly informed with the main hack, which is termed as the Equation Group that is associated with operations of National Security Agency (NSA). Identification of the problem: In August of 2016, the group of hackers claimed to have stolen a cyber weapon from another hacking team, which was termed as the Equation Group. The cyber weapon was used by the National Security Agency (NSA). The cyber weapon involved provided the group access to the secretive files contained in the NSA. The group also led to hacking and exploiting secret information from software accounting to 1 gigabyte of information over a period of 8 months. This information was connected to the NSA (Sanger, 2016). The group also tried to sell the source code of particular information from NSA by using the online methods of auction. The auction was supposed to be transacted via the use of crypto currencies. However, the auction was an unsuccessful one. On April 2017 the most recent activity of the group of hackers, include a data dump. The dump of data accounted to 300 megabytes of data. The data associated made published reports of threats and vulnerabilities of the products of Microsoft. The Shadow brokers also claimed to publish hacked tools and resources from the CIA that was originally made to spy on the monetary transactions of people (Shane, Mazzetti Rosenberg, 2017). This led the group claim associated vulnerabilities in the Windows version of the Microsoft installed in the Swift bank. As, the software is used by multiple banks, the exploitation posed a grave threat to the banks all over the world. Reason of occurrence: The main reason for occurrence of these hacks is the presence of bugs and malware in a system. The government agencies are responsible to conduct spying and espionage operations on particular targets by getting close to their system. The method used by them is acquisition of vulnerabilities in its system due to presence of bugs in the system. Rather than informing the manufacturers about the presence of such malfunctions, they exploit them to get access to the system to conduct their operations (van Der Walt, 2017). This system led to the hacking of such amount from the government agencies. This led to the raising of questions about the security of the agencies involved. This issue was further debated by the presence of FBI to give light on the discussion about the requirements of law enforcement in agencies. The codes that were made public by the Shadow brokers were made to be readable even by the low programmable experts to facilitate its uses in all devices. Even its use would not require great programming experts to run and implement them (Audiot, 2016). The code was supposed to be a bit old but they included many powerful tools to facilitate the process of hacking. The first documents that were released included system vulnerabilities in Cisco and other developers. The documents that were released recently by the Shadow Brokers showed the spying operations of NSA on a Middle Eastern bank transfer network termed as SWIFT. The hack revealed the operation of the NSA who was trying to get access to targeted clients of the bank transfer network (Boylan, 2015). This led to hindrance in the operation of the NSA as rising of suspicions of the bank were prominent. As far the authenticity of the stolen documents goes, Edward Snowden of NSA reported the genuineness of the stolen resources as the malware was full of virtual prints of the NSA. The malware also included a 16-digit identification code for the NSA (Broadhurst et al., 2017). According to Kaspersky, similarities in documents may lead to authenticity of the found sources. In addition, the Risk Based Security confirmed the exploitation of resources from NSA but no breaches were made in the system of the NSA. Solutions: There are various speculations regarding the problem that occurred due to the Shadow brokers. Moreover, the organization involved is already applying solution-based protocols to minimize the further risks that can arise. However, it was seen that Microsoft started working on their patch to address the vulnerability many weeks before the posting of the message from Shadow Brokers. The reason might be NSA disclosing about the information of exploited resources. Though a system patch requires weeks before making it public the reason of applied solution can be disclosure of information from the NSA (Planqu, 2016). The theory discussed is not evident as both parties are not claiming about the disclosure of information, but it might be the reason for applying patches to the system to help in mitigating the risks. The Vulnerabilities Equity process was created under the influence of Obama and now is continued by Trump (Caulfield, Ioannidis Pym, 2017). It was made to minimize the security vulnerabilities and threats to the agencies of the government that could lead to various large-scale problems. The ransomware attack, which took place in May 2017, was a massive cyber attack that affected users from all over the world. The computers who had the Microsoft Operating system installed were targeted by the ransomware. The main characteristics of the ransomware are that after infecting a computer, some files were encrypted and required payments in bitcoin to decrypt them. This report discusses about the specifications of the ransomware attack that took place all over the world. The report also includes the process of attack and the prevention of the attack. A cyber attack involving the ransomware had been originated due to the theft in cyber weapons (Brewer, 2016). The researchers of security in the Kaspersky Lab recorded more than 45,000 attacks in users belonging to 99 countries, which included UK, India, Russia, Italy, China and Egypt. However, the attack involved was not meant to target large-scale businesses but were meant to attack random users. Description of the problem: The WannaCry ransomware attack was an attack in a worldwide level that took place in May 2017, was a massive cyber attack that affected users from all over the world. The computers who had the Microsoft Operating system (OS) installed were targeted by the WannaCry ransomware (Kharraz et al., 2015). The main characteristics of the ransomware are that after infecting a computer, some files were encrypted and required payments in bitcoin to decrypt them. The main users who were risked due to the attack were the users with older versions of the OS like the Windows XP and the Windows Server 2003. Although, after the attack Microsoft made security patches to address the vulnerabilities in the system, the patches were made for the newer versions like the Windows 7 and 8. Due to this, Microsoft made an emergency patch for the older versions too. After many days of the ransomware attack, almost all of the infected users applied their updates in the system, which slowed down the infectious problems (Pathak Nanded, 2016). In addition, detailed technical reports were analyzed and made by several companies including Microsoft, Cisco and McAfee. Impact of the problem: The researchers of security in the Kaspersky Lab recorded more than 45,000 attacks in users belonging to 99 countries, which included UK, India, Russia, Italy, China and Egypt. In addition, the most affected countries among them were the Ukraine, Taiwan, India and Russia. The WannaCry ransomware attack also caused diverse impact on the National Health Service hospitals in Scotland and England, which also included 70,000 devices like the computers, scanners, and other equipments in the health care services (Chinthapalli, 2017). In addition, the ransomware also had its impact on the motor services including the Nissan and the Renault. Nissan stopped their production in order to stop the spreading of the ransomware. Renault also followed the same strategy to stop the spreading of the ransomware by halting their production across several sites. The impact of the attack is said to be low due to the fast analysis of the code of the ransomware, which had vulnerability in its code (Boatman, 2015). The presence of a technical kill switch made spreading of the attack stop. The loss in infrastructure could lead up to several millions. Carrying out of the attack: The WannaCry ransomware attack was carried out using several sets of software made for hacking. The External Blue is one such program. The software exploits a specific vulnerability that is present in the OS of Windows (Kharraz et al., 2016). This vulnerability can lead to breach in the system even under strong protocols. For mitigating such risks in the system, Microsoft released a patch to fight the vulnerability and risk due to the presence of such threat. The execution of the ransomware attack is divided into three different processes. These include the spreading of the vulnerability, encrypting of the file, displaying of ransom information and decrypting the encrypted file. The main sample program is the main program responsible for spreading the attack and releasing the WannaCry ransomware (Tuttle, 2016). This results in encryption of a file. The sample program includes an RSA public key and its corresponding private key is present with the attacker. Before applying encryption, a new sub-public and sub-private key is generated. The sub-public key is used to encrypt the user file and the sub-private key is used to do the same. Decrypting is usually done after payment is confirmed in the bitcoin network as the ransomware demands for payment in bitcoin. Prevention: Although, many risk mitigation processes where undertaken after the attack has been taken. Several companies like the Microsoft made security patches to fight the ransomware attack, which significantly slowed the spreading of the infected ransomware (Choi, Scott LeClair, 2016). However, the presence of security protocols where to be taken before hand so that the problem in infection could have been minimized and the large-scale problem could have been minimized. Various procedures could slow the process of ransomware attack in a device. Network segmentation is one such process where the infrastructure is divided among the connected and the unconnected one, which will facilitate the segmentation of the infrastructure to avoid the vulnerable areas to be hit directly (Mansfield-Devine, 2016). In addition, the Enhanced Mitigation Experience Toolkit of the Microsoft helps to provide additional security to the system that is specifically made to fight the ransomware attacks. The presence of other upgraded securities in the connected device is another mitigation process, which involves detection of malicious attacks to the system. Conclusion: Thus, it can be concluded form the report that the ransomware attack caused a widespread attack in the user data as well as in the economy of the world. The presence of enhanced security protocol is thus needed to secure the system and protect the data and information that is present. References: Audiot, N. (2016). Playing defence against the Equation Group. Boatman, K. (2015). Beware the Rise of Ransomware. Boylan, R. J. (2015) The shadow government: its identification and analysis.'.New Dawn, (42), 21. Brewer, R. (2016). Ransomware attacks: detection, prevention and cure.Network Security,2016(9), 5-9. Broadhurst, R., Woodford-Smith, H., Maxim, D., Sabol, B., Orlando, S., Chapman-Schmidt, B., Alazab, M. (2017). Cyber Terrorism: Research Review: Research Report of the Australian National University Cybercrime Observatory for the Korean Institute of Criminology. Caulfield, T., Ioannidis, C., Pym, D. (2017). The US Vulnerabilities Equities Process: An Economic Perspective. Chinthapalli, K. (2017). The hackers holding hospitals to ransom.BMJ,357, j2214. Choi, K. S., Scott, T. M., LeClair, D. P. (2016). Ransomware against police: diagnosis of risk factors via application of cyber-routine activities theory.International Journal of Forensic Science Pathology. Kharraz, A., Arshad, S., Mulliner, C., Robertson, W. K., Kirda, E. (2016, August). UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. InUSENIX Security Symposium(pp. 757-772). Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E. (2015, July). Cutting the gordian knot: A look under the hood of ransomware attacks. InInternational Conference on Detection of Intrusions and Malware, and Vulnerability Assessment(pp. 3-24). Springer, Cham. Mansfield-Devine, S. (2016). Ransomware: taking businesses hostage.Network Security,2016(10), 8-17. Martin, G., Kinross, J., Hankin, C. (2017). Effective cybersecurity is fundamental to patient safety. Pathak, D. P., Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware growing challenge.International Journal of Advanced Research in Computer Engineering Technology (IJARCET) Volume,5. Planqu, D. (2016). Cyber Threat Intelligence. Sanger, D. (2016). Shadow brokers leak raises alarming question: Was the NSA hacked.New York Times. Retrieved August,27, 2016. Shane, S., Mazzetti, M., Rosenberg, M. (2017). WikiLeaks releases trove of alleged CIA hacking documents.The New York Times, Mar. Tuttle, H. (2016). Ransomware attacks pose growing threat.Risk Management,63(4), 4. van Der Walt, C. (2017). The impact of nation-state hacking on commercial cyber-security.Computer Fraud Security,2017(4), 5-10.