THE HAVARD ESSAY TEMPLATE
Your task is to produce a report based upon recent or emerging types of cyber-attack. They should describe these attacks and their solutions at a deep, technical level and contextualize them from data, privacy, ethical, legal, and social perspectives.
An assault launched on several or just one computer by criminals using one or several networks or computers is known as a cyber-attack. A cyberattack aims at stealing data, disable computers maliciously, or using a computer that is breached as a point of launching attacks to other computers. Cyber-attacks are of various types, including malware, man-in-the-middle, cross-site scripting, phishing, denial-of-service attacks, and SQL injection. Recently, there have been several reported cyber-attacks cases in various institutions, and one of the most common is malware. Malware happens to be a collective name for various malicious software variants like ransomware, viruses, and spyware.
Malware is a short form for malicious software that has a code usually developed by cyber attackers in a way that is designed to cause damage to systems and data or to gain unauthorized access to a network. The passing of malware is done in the form of a link or file through the email. It requires the user to open the link or file so that the malware can be executed. Malware has been in existence for many years only that new ways of malware attacks keep emerging. For example, there is a recent form or ransomware attack known as deep fake. Ransomware can be described as a form of malware that encrypts the files of a victim. It is then that the attacker can demand a ransom to the victim so that the victim can regain access once the ransom is paid. For the victims to gain the decryption key, instruction is given to them by attackers to pay the ransom.
Ransomware takes several vectors in accessing a computer. Phishing is the most common delivery system; a spam attachment is sent via the email then put as a well-trusted file (Brewer, 2016, pp 5-9). Once this file is opened, it takes over the victim’s computer. That mostly happens when a built-in social engineering tool is used in tricking the victim into permitting administrative access. NotPeya is a more aggressive type of ransomware that exploits the security holes in infecting computers without tricks. The malware encrypts all of the user’s files, and the file cannot be decrypted without a mathematical key that is only known by the attacker. There are some cases where the attacker claims to be a law enforcement agent, demanding a fine for mishandling some sites or using pirated software. Leak ware or doxware attack is where the user is threatened that the documents or sensitive data on the hard drive will be publicized unless a ransom is paid.
Deep fake, which is the newest or rather the most recent form of attack, comes from deep learning and fake words. AI-based technology is used in creating videos or audios that are fake to look and sound like the original or real (Korshunov and Marcel, 2018). Deepfake came in the public mainstream in 2017, whereby it started with a group of Reddit users who used A.I. in swapping faces of celebrities with other celebrities. Deepfake is tricky because anyone can create deepfake media as long as the person has a computer and an internet connection. A machine learning system known as generative adversarial networks is used in flagging the flaws found when forging until the details are undetectable. Social engineering attacks have been opened up due to the ease and accessibility of deepfake. The current cybersecurity system may not be ready for these emerging attacks.
Deepfake is liked by cybercriminals since they don’t go through the grind of targeting systems. Everything happens on social media and emails, just regular information channels. There are no special hacking skills required in deploying cybersecurity attacks, which makes it more dangerous. Hackers can make the business of a specific organization to be financially vulnerable without even accessing the balance sheet. The spread of misinformation in the market can either decrease or ease the prices of shares, depending on the criminals’ agendas. The deepfake, just like the dark web, is taking the I.D. theft into a whole new level, with the help of social media, which makes impersonating very easy.
It works by hackers scrutinizing the social media handle of the target, looking for video and audio bits. A deepfake media account is created to trick the subordinates of the target into giving sensitive database access. The attackers usually create extremely damaging videos or audio clips that will tarnish the name of the victim. The attackers also threaten the victim to put all the data online or expose it to the public to extort data, money, or the two from the victims. That makes deepfake ransomware to be among the most terrifying or feared vector of cyberattacks. An example of a case where a deepfake attack was used is when a tweet exploded the White House by injuring U.S. president Barack Obama which wiped out billions in stock value within minutes.
The solution to deepfakes
In avoiding deepfake attacks, it is good to keep data secured. That is possible by using technology and humans instead of bots. Deepfake relies on human error and mostly on the error of judgment. The human aspect is about training employees in comprehending the difference between fake and real while protecting their identities on the internet. There are two approaches that help in solving the deepfakes issues which are using tech in detecting fake videos or improving the media literacy. The tech solution is trying and detecting deepfakes by the use of A.I. used in making them. Analyzing the blinks in videos could be one of the ways of detecting an altered video. Increasing the media literacy in larger populations, making them aware and ready to spot fake news and accounts when they see it is also a solution that is achievable.
In preventing ransomware attacks, various steps are applied, which include one, patching up the operating system and keeping it up-to-date to make sure the vulnerabilities to be exploited are minimal (Bhardwaj, Avasthi, Sastry and Subrahmanyam, 2016, pp 1-5). Two, installing software or giving the software administrative privileges should be prohibited unless the software is well known, and its functions are also clear. Third, installing antivirus software, used in detecting malicious programs as they come. Whitelisting software also inhibits the applications that are unauthorized from being executed. For backing up files frequently and automatically is important. Although it does not prevent a malware attack, it makes damages caused less significant.
Penetration testing in malware attacks
A penetration test or a pen test is a type of simulated attack against the computer system that helps in checking for vulnerabilities that can be exploited. It involves the attempted breaching of various application systems like application protocol interfaces in uncovering vulnerabilities like the inputs that are not sanitized, most susceptible to code injection attacks. The stages of pen testing are first, reconnaissance, and planning. It involves gathering intelligence like the network that is used in the malware attack, domain names, or mail server in understanding the working process of a target and the potential vulnerabilities. It also involves defining the goals of a test and the scope used and the systems to be looked at.
The second is scanning to get a clear understanding of how the application targeted response to different intrusion attempts. It is done by the use of dynamic analysis and static analysis by inspecting the code of an application to estimate its behavior while running. The third is gaining access where web application attacks like SQL injection and cross-site scripting, among others, in uncovering the vulnerabilities of the target. In the case of a malware attack, the vulnerabilities found are the internet-facing network devices, among others. The fourth includes maintaining access to see if the vulnerability can be applicable in achieving a consistent presence in the system exploited. Finally, the analysis whereby a compilation of vulnerabilities exploited, data accessed and time used.
Ransomware legal and ethical implications
The majority of law enforcement agencies clarify the fact that a ransom should not be paid since most of that money is used in funding criminal organizations in southeast Asia, eastern Europe, and Russia, among others. In the united states, the criminals responsible for spreading attacks are on the wrong legal side. The Computer Fraud and Abuse Act applies, and chapter 18 of the USC 1030 says that the person responsible for transmitting a program and therefore causes damage intentionally is worth penalties worth at least ten years in prison. The ethical position also faces the victim because it is completely unethical to infect others to selfishly gain from them. People need to stop clicking on unexpected email links and paying these ransoms.
Disaster recovery requires a plan which involves first, setting clear recovery objectives. That helps in reducing the cost of data loss and downtime. Second, identifying the professionals involved. The personnel could be both external and internal members. The third is drafting a document that is well detailed to assist in the data recovery process execution. Forth is choosing the data recovery technique such as the hard drive recovery, optical recovery, RAID recovery, among others. The fifth is defining the criteria checklist of the incident. It is wise to create an all-inclusive checklist to identify a disaster that helps the recovery team D.R.P. execution as quickly as possible. Sixth is documenting the entire process and, lastly, testing the disaster recovery procedure regularly.
In conclusion, political speeches are not the only jobs that A.I. eliminates, but rather the faked nature of several deepfakes gives rise to general skepticism about everything uploaded online. The best way to mitigate ransomware is routing out attackers at the early stages of compromise. That is done by having continuous systems checks for any abnormalities and prioritizing schedules of investigations. Some of the highlighted malicious behaviors are Cobalt Strike, Malicious PowerShell, and the rest of the penetration testing tools that allow attacks to blend. There are also credential theft activities, which include suspicious access to Local Security Authority Subsystem Services or suspicious modifications of registry among others identified by Microsoft.
Brewer, R., 2016. Ransomware attacks: detection, prevention, and cure. Network Security, 2016(9), pp.5-9.
Bhardwaj, A., Avasthi, V., Sastry, H., and Subrahmanyam, G.V.B., 2016. Ransomware digital extortion: a rising new age threat. Indian Journal of Science and Technology, 9(14), pp.1- 5.
Korshunov, P., and Marcel, S., 2018. Deepfakes: a new threat to face recognition? assessment and detection. arXiv preprint arXiv:1812.08685.