Cyber Attack
By Name
Course Name
Professor
Institution
City, State
Date
Cyber Attack
An assault launched on one or several computers by criminals located near or remotely is a cyber-attack. Cyber-attacks aimed at stealing data, disabling computers maliciously, or using computers as a point of launching attacks to other computers. Cyber-attacks occur in different types, including malware, man-in-the-middle, cross-site scripting, phishing, denial-of-service attacks, and SQL injection (Akbari Roumani et al., 2016 p. 35). Recently, there have been several reported cases of cyber-attacks in various institutions. Among the most common are malware attacks. Malware is a collective name for various malicious software variants such as ransomware, viruses, and spyware. Malware is a category of malicious software with a code usually developed by cyber attackers in a way that is designed to damage systems and data or gains unauthorized access to a network (Rudd et al., 2016, p. 2).
Ransomware adopts several vectors in accessing a computer. Phishing is the most common delivery system. In this case, a spam attachment is sent via the email then attached as a well-trusted file. Once this file is opened, it takes over the victim’s computer (Thomas, 2018 p. 2). This mostly happens when a built-in social engineering tool is used in tricking the victim into permitting administrative access. The malware encrypts all of the user’s files, and the file cannot be decrypted without a mathematical key that is only known by the attacker (Genç, Lenzini, and Ryan, 2018 p. 234). There are some cases where the attacker claims to be a law enforcement agent, demanding a fine for mishandling some sites or using pirated software. Leak ware or doxware attack is where the user is threatened that the documents or sensitive data on the hard drive will be publicized unless a ransom is paid (Genç, Lenzini, and Ryan, 2018 p. 235).
Deepfake
Deep fake, which is the newest or rather the most recent form of attack, comes from deep learning and fake words. According to Korshunov and Marcel (2018), AI-based technology is used in creating videos or audios that are fake to look and sound like the original or real. Deepfake came into the public mainstream in 2017, whereby it started with a group of Reddit users who used A.I. in swapping faces of celebrities with other celebrities. Deepfake is tricky because anyone can create deepfake media as long as they have a computer and an internet connection. A machine learning system known as generative adversarial networks is used in flagging the flaws found when forging until the details are undetectable. Social engineering attacks have been opened up due to the ease and accessibility of deepfake. The current cybersecurity system may not be ready for these emerging attacks.
Case Study
A certain U.K.-based energy firm CEO was on the phone, believing he was talking to his boss, who was the parent company’s chief executive based in Germany. He was asked to transfer a sum of two hundred and twenty thousand euros to a Hungarian supplier’s bank account, and he complied (Stupp, 2019). The voice was of a fraudster who used A.I. voice technology in spoofing the German chief executive. The information was then shared by Rudiger Kirsch of Euler Hermes Group S.A., the firm’s insurance company, with WSJ. According to the explanations given, the CEO had recognized the subtle German accent from his boss’s voice.
The unknown fraudster had called the company thrice, initiating transfers the first time, the second time he claimed it had been reimbursed and the third time seeking for a follow up of the payment. That is when the victim became suspicious. He noticed there was no purported reimbursement, and the call was from Australia. Therefore, he did not send a second payment, but the first one had gone through, and it was quickly moved from the Hungarian bank account to a Mexico one, then disbursed to several locations. Commercial software is believed to be used in spoofing the German executive’s voice. The case reveals one among other possible ways machine learning could be used as a weapon.
Attackers could use the tactic of stitching together audio samples to mimic the voice of another person. That activity is likely to take several hours of recordings. Publicly available voice recordings could be used in impersonating executives or celebrities. The application of machine-learning technology in spoofing voices makes it very easy for cybercrimes to take place. Research is currently done, but the U.N. centers on detecting fake videos, which are even more useful to hackers. The unknown number, in this case, aroused suspicions. A video call with the CEO’s voice and a familiar person’s facial expression could do more harm.
According to Korshunov and Marcel (2018), cybercriminals prefer deepfake since they do not have to through the grind of targeting systems. Everything is implemented on social media and emails. It utilizes regular information channels. There are no special hacking skills required in deploying cybersecurity attacks, which makes it more dangerous. Hackers can make a specific organization’s business financially vulnerable without even accessing the balance sheet. The spread of misinformation in the market can either decrease or ease shares’ prices, depending on the criminals’ agendas (Korshunov and Marcel, 2018). Deepfake, just like the dark web, is taking the I.D. theft to a whole new level, with social media’s help, which makes impersonating very easy.
It works by hackers scrutinizing the target’s social media handle, looking for video and audio bits. A deepfake media account is created to trick the subordinates of the target into giving sensitive database access. The attackers usually create extremely damaging videos or audio clips that will tarnish the name of the victim. The attackers also threaten the victim to put all the data online or expose it to the public to extort data, money, or the two from the victims (Korshunov and Marcel, 2018 p. 1). This makes deepfake ransomware to be considered one of the most terrifying or feared vector of cyberattacks. An example of a case where a deepfake attack was recently used is when a tweet affected the White House by injuring U.S. president Barack Obama. It was also critical in wiping out billions in stock value within minutes.
The Solution to Deepfakes
To avoid deepfake attacks, it is good to keep data secured. That is possible by using technology and humans instead of bots. Deepfake relies on human error and mostly on the error of judgment. The human aspect is about training employees in comprehending the difference between fake and real while protecting their identities on the internet (Dack, 2020). Two approaches help solve the deepfakes issues using tech to detect fake videos or improve media literacy. The tech solution is trying and detecting deepfakes by using Artificial Intelligence (A.I.) used in making them. Analyzing the blinks in videos could be one of the ways of detecting an altered video. Increasing media literacy in larger populations makes them aware and ready to spot fake news and accounts when they see it is also achievable (Dack, 2020).
Ransomware Solutions
In preventing ransomware attacks, various steps are applied, including one, patching up the operating system and keeping it up-to-date to make sure the vulnerabilities to be exploited are minimal (Bhardwaj et al., 2016 p. 2). Two, installing software or giving the software administrative privileges should be prohibited unless the software is well known, and its functions are also clear. Third, installing antivirus software, used in detecting malicious programs as they come. Whitelisting software also inhibits the applications that are unauthorized from being executed. For backing up files frequently and automatically is important. Although it does not prevent a malware attack, it makes damages caused less significant.
Penetration Testing in Malware Attacks
A penetration test or a pen test is a type of simulated attack against the computer system that helps in checking for vulnerabilities that can be exploited. According to Thomas (2018 p. 3), it involves the attempted breaching of various application systems like application protocol interfaces in uncovering vulnerabilities like the inputs that are not sanitized, most susceptible to code injection attacks. The stages of pen testing are first, reconnaissance, and planning. It involves gathering intelligence like the network used in the malware attack, domain names, or mail server to understand the working process of a target and the potential vulnerabilities. It also involves defining a test’s goals and the scope used and the systems to be looked at.
The second one is scanning to understand how the application targeted response to different intrusion attempts. It is done by using dynamic analysis and static analysis by inspecting the code of an application to estimate its behavior while running (Thomas, 2018 p. 4). The third is gaining access where web application attacks like SQL injection and cross-site scripting, among others, uncover the target’s vulnerabilities. In the case of a malware attack, the vulnerabilities found are the internet-facing network devices. The fourth includes maintaining access to see if the vulnerability can be applicable in achieving a consistent presence in the system exploited (Thomas, 2018 p. 4). Finally, the analysis whereby a compilation of vulnerabilities exploited, data accessed and time used.
Ransomware Legal And Ethical Implications
The majority of law enforcement agencies clarify that a ransom should not be paid since most of that money is used in funding criminal organizations in southeast Asia, eastern Europe, and Russia, among others. In the united states, the criminals responsible for spreading attacks are on the wrong legal side. The Computer Fraud and Abuse Act applies. Chapter 18 of the USC 1030 states that the person responsible for transmitting a program and therefore causes damage intentionally is worth penalties worth at least ten years in prison(Thomas, 2018 p. 2). The ethical position also faces the victim because it is entirely unethical to infect others to gain from them selfishly. People need to stop clicking on unexpected email links and paying these ransoms.
Disaster Recovery
Disaster recovery requires a plan which involves first, setting clear recovery objectives. This helps in reducing the cost of data loss and downtime. Secondly, identifying the professionals involved is also an important step. The personnel could be both external and internal members. The third step is drafting a document that is well detailed to Help in the data recovery process execution. Fourth, there is choosing the data recovery technique, such as the hard drive recovery, optical recovery, and RAID recovery. The fifth step is defining the criteria checklist of the incident. It is wise to create an all-inclusive checklist to identify a disaster that helps the recovery team D.R.P. execution as quickly as possible (Provataki, and Katos, 2013, p. 3). The sixth step involves documenting the entire process. The final step involves regularly testing the disaster recovery procedure.
Conclusion
Political speeches are not the only items eliminated by A.I., but rather the faked nature of several deepfakes gives rise to general skepticism about everything uploaded online. The best way to mitigate ransomware is routing out attackers at the early stages of compromise. That is done by having continuous systems checks for any abnormalities and prioritizing schedules of investigations. Some of the highlighted malicious behaviors are Cobalt Strike, Malicious PowerShell, and the rest of the penetration testing tools that allow attacks to blend. There are also credential theft activities, including suspicious access to Local Security Authority Subsystem Services or suspicious modifications of registry among others identified by Microsoft.
References
Akbari Roumani, M., Fung, C.C., Rai, S. and Xie, H., 2016. Value analysis of cyber security based on attack types. ITMSOC: Transactions on Innovation and Business Engineering, 1, pp.34-39.
Bhardwaj, A., Avasthi, V., Sastry, H. and Subrahmanyam, G.V.B., 2016. Ransomware digital extortion: a rising new age threat. Indian Journal of Science and Technology, 9(14), pp.1-5.
Dack, S., 2019. Deep fakes, fake news, and what comes next. Retrieved from: https://jsis.washington.edu/news/deep-fakes-fake-news-and-what-comes-next/ [accessed on 2nd Oct 2020]
Genç, Z.A., Lenzini, G. and Ryan, P.Y., 2018, June. No random, no ransom: a key to stop cryptographic ransomware. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 234-255). Springer, Cham.
Korshunov, P. and Marcel, S., 2018. Deepfakes: a new threat to face recognition? assessment and detection. arXiv preprint arXiv:1812.08685.
Provataki, A. and Katos, V., 2013. Differential malware forensics. Digital Investigation, 10(4), pp.311-322.
Thomas, J., 2018. Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. Thomas, JE (2018). Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. International Journal of Business Management, 12(3), pp.1-23.
Stupp, C. (2019, August 30). Fraudsters used AI to mimic CEO’s voice in unusual cybercrime case. WSJ. https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402
