ComputerScienceExpert
$18/per page/
8-10 pages in AAR format.. The AAR is provided below and paper... and also grammar correction
Â
Â
Project 4 Lewis 1 AAR
Shenavia Lewis
CYB 610 9050 Cyberspace and Cybersecurity Foundations
February 25, 2017 Project 4 Lewis 2 Medstar attack was one of the attacks that was found to be ransom ware and hacking was
in much demand. The criminals had said that they were to unlock about 45 Bit coins and at the
same time gave the hospital an option of paying only 3 bit coins all else they would not unlock
any single computer. This led to the closure of the patient’s records and health computer system
in the Medstar health facilities. The feedback was that the attack was ransom and the employees
were forced to pay about 45 bit coins which was about 19 dollars order for them to get a digital
key and unlock the data. The data was very important to the company and could not afford losing
all these records for the sake of the health sector.
The malware is a big disadvantage to the health sector because they cannot access the
information in the records. This is also causing the patient not to access the facilities because the
data is not available. The criminals have gone ahead and demand the 45 bitcoins to only unlock
one computer that is locked. This is forcing the health sector to send messages to the workers to
help in the contribution in order to pay the money and have the computer unlocked to access the
data. There are only ten days given by the criminals for them to be able to access their computer Project 4 Lewis 3 unlocked and their long time stored data. In case they fail to provide the money the criminal will
remove the private key and they will no longer access their data and the most important files the
sector was using in their medication processes.
By the end of last week the Medstar health sector said that most of its sectors were
functioning. By Friday the provider made a notification that they were already accessing 90
percent of their information. Later on the Medstar said that the only system functioning was the
inpatients and out patients EHRs in their scheduling and registration process. The reporter went
ahead and said that the remaining system is still being worked upon. Most of these systems were
clinical and administrative systems which were not yet back to the track. These net works are
very important because they connect to the local network of the clinical health department.
The FBI is not left behind in the investigations and continues to do more research and
other attacks. There have been several attacks on the health sectors where the data have been
hacked and the log in keys denied. The United States schools have been attacked in California,
Maryland and district of Coloumbia as well.
Most of the tools used by the hackers in cyber attacks include geeks and security
engineering application. Specific scanners are one of the tools that are used in hacking. These
scanners are used in scanning the document needed and access to the There are also the
debuggers encryption tools that are used in the hacking. The tools are used into the hacking of
passwords. Firewalls are another tool that is highly used in hacking of passwords in the cyber.
Fussers and forensics is also an example of a commonly used tool in hacking especially in cyber
business. There is the traffic monitoring tools that also criminals use in following your data
which is very dangerous when it comes to the personal data. Multipurpose tools are also used in Project 4 Lewis 4 cyber hacking where computers are posed to vulnerability of losing their information. The
network mapper is used in many cyber as a free hacker’s tool. The tool is widely used in for
network discovery and at the same time for security auditing . Many of the security admins use
this nmap for network inventory and at the same time check for any open ports to manage
services while upgrading the schedules. The Nmap is mostly needed when the raw IP packets is
used in creative ways what the host is available and the information the host is providing about
the operating systems.
There is metasploit project is one of the widely and popular hacking framework. The
project is widely used by the cyber security that provides the user will very useful information
that us regarding a known security vulnerability and at the same time this will help in penetrating
a to a certain useful information of testing the IDs plans .This will also help in the strategies and
methodologies especially for the exploitation. There is also a large number of useful metasploit
information out there that hopes at recovering the hacked computers.
There is the password cracking tools that is often used in the performance of the
dictionary attacks. They use it in encrypting it in the same way as the password which is being
cracked and at the same time comparing the output to the encrypted string. The tool at the same
time can be used to perform a variety of alternation especially to the dictionary attacks. In this
case the THC hydra is used in the widely used cracker and at the same time have very many
inexperienced team that help in the cracking the hacked passwords.
Hydra is known to be very fast and at the same time stable thus hasten the activities that
take place in the hacking. It is also known to be a tool that widely supports a huge range of
protocols including some of the email address and database as well. The web vulnerability Project 4 Lewis 5 scanner is also among the popular projects. ZAP is also a popular application that is used in the
cyber security. ZAP is known to provide the automated scanners as well as various tools that
allow the cyber to pro and at the same time discover the cyber vulnerabilities. It is at the same
time through combined effort used as a tester tool
Wire shark is common tool used in pen testing for very many years. Wire shark is used in
capturing data packets in networks in real times and immediately display that data in a readable
format. This tool have highly developed as it use the filters, color coding and other important
features that let the user did deeper and deeper into the network traffic and at the same time help
in the inspection of the individual packets which are very essential in the network and the
security of the computer. The security practionier in the cyber business must always learn how to
use the wire shark for the security of the data. There are many tones of resources to learn wire
shark and at the same time of certain aspects in the certification which can be used in achieving
in the linkedln profile.
The air crack suite of the wifi which is wireless hacking tool are very effective when used
in the right hands. These are mostly use in the recovery of keys and at the same time restoring
any hacked data. It is also useful to know the Aircrack ng which implements standards FMs
attacks along with some optimizations like Korek attacks as well as PTW attacks and thiws will
help in making their attacks more potent. Mediocre hackers will always be able to crack WEP in
a few minutes and at the same time be very pretty in proficiency at being able to crack the
WPA/WPA2 .
There is also the Maltego that works in a very different way from the rest . This is
supposed to work within the forensics sphere. Maltego is a platform that works to deliver all Project 4 Lewis 6 cyber work threat pictures especially to the local environment where the organization or cyber
operates. One of the major operations that the Maltego takes is the offers it gives which include
unique perspective in offering both network and at the same time resource based entities in the
aggregation of information that have been sourced through the web and at the same time
configure the current vulnerable router within the network or the whereabouts of your workers .
Maltego is used to locate, visualize and also aggregate this data.
There is also the Cain and Abel hacking tool which is hugely popular hacking tool and
mostly known to be in use. The tools is mostly used in recovering the hacked passwords
especially for the Microsoft windows. It can also be used in the white and black hat hackers to
crack many types of passwords and hashes as well. When using this application the mostly
affected areas are the dictionary attacks, rainbow table attacks and cryptanalysis attacks.
There is another vulnerability scanner known as Nikto. This is a classic hacking tool that
is used in hacking and cracking. This is an open source GPL web server scanner which in this
case is able to scan and discover the web servers especially for vulnerabilities. The system
researchers against the database against the dangerous files programs when scanning the
software stacks. The scanners is used widely over 6800 potential browsers. The potential of this
tool help in discovering any malicious attack in the cyber. These tools are very useful when it
comes to the hacking because the cyber crimes are reduced unlike others that support ease in
doing the crime. Some of these tools also help in changing the security in the cyber.
There is an increase in computer attacks especially in hospitals. Some of the major
attacks in the united States have affected the health sector. Among the most largest attacks are in
the Banner health center where the attackers are responsible for 32% of the health sector . Project 4 Lewis 7 These cyber criminals are also responsible of of all the major data especially the ones breached
two years ago. There is the use of MEDJAK which involves the use of backdoor in the medicall
devices like any diagnostic or life support equipments. These hackers use these emailed links and
malware equipped memory sticks as well. The use of corrupt websites when loading tools in the
devices is also dangerous of which most of it run older operating systems and the proprietary
software as well.
One successful penetration gives the hacker enough entry into the network where the
hacker finds the unprotected devices to host attacks and at the same time access the information.
It is also very hard to mitigate the effects brought about by the MED JACK where even many of
the hospitals don’t know if this happens. As a result many of the hospitals are not able to
remediate or detect on the med Jak . It’s is true that the most common problem in the hospitals is
the clinical officer having no clue about the hacked information or detect attackers moving
laterally from these compromised devices.
Health care is the most affected by the malware. Hackers attack these sectors because it is
clear that the hackers will pay randomly for the patient’s data. Most health care sectors are
unaware of the breaches and will remain to be vulnerable to many advanced attacks through the
medical devices. The mid class health sectors will be targeted more because they have no much
power to fight with these hackers and to retain their data they have to compromise with the
attackers. More advanced equipment may not always give security and the internet of new things
will help more in generation of new attack sectors. If these hackers are compromised this create
more room for them to attack these hospitals the more. The health sector will be forced to Project 4 Lewis 8 implement more security practices in order to curb the problem of hacking and at the same time
secure their data from getting into the wrong hands.
The local government has a role to play in guarding the information the hospital has. This
can only be done by improving the health sector operation systems and at the same time giving
them more finances to ease management .It is a bit hard to ensure that the health system security
is fixed to the level best. The major reasons why hospitals are attacked is because the
government or the health sector will never compromise money for a patient health. The hospital
will always give in to their demands in order to get their patients records back. There is need to
look for the best way to avoid these attacks by coming up with new ways of storing and at the
same time preserving data.
Providing the web portal for the log in especially before using the website can at time be
effective. This will provide more security to the data that have been stored. Tools like Cain are
much better in case the hacker has changed the password it is easy for them to recapture and
mend it. The nmap and nessus are also good tools in re-evaluating if hackers have taken any
data,. Data los is dangerous especially in the health sectors and hospitals. This can lead to loss of
lives and uncontrolled activities in the most important sectors.
References Attack on MedStar http://fortune.com/2016/03/29/hackers-medstar-cyber-attack/
Ransomware attack on hospitals: http://www.politico.com/story/2016/07/cyber-ransom-attacks-panichospitals-congress-225791
Increase in attacks on hospitals: http://www.politico.com/states/new-york/albany/story/2016/04/as- Project 4 Lewis 9 cyber-attacks-rise-hospitals-seek-to-protect-medical-records-067223
Hospitals as critical infrastructures http://icitech.org/wp-content/uploads/2016/01/ICIT-Brief-HackingHealthcare-IT-in-2016.pdf
Top cyber attacks on hospitals http://resources.infosecinstitute.com/the-5-most-visible-cyber-attacks-onhospitals/
Countering ransomware http://www.healthcareitnews.com/news/tips-protecting-hospitals-ransomwarecyber-attacks-surge
Hospitals, the hackers new targets?
https://www.washingtonpost.com/news/wonk/wp/2016/04/01/under-pressure-to-digitize-everythinghospitals-are-hackers-biggest-new-target/
Hospital vulnerabilities to cyber attacks https://nakedsecurity.sophos.com/2016/02/26/hospitalsvulnerable-to-cyber-attacks-on-just-about-everything/
2. Cyber attacks on law enforcement
Cyber terrorism on police departments: http://www.policechiefmagazine.org/magazine/index.cfm?
fuseaction=display_arch&article_id=2037&issue_id=32010
Police departments encounters with ransomware: http://www.cnbc.com/2016/04/26/ransomwarehackers-blackmail-us-police-departments.html
Cyber crime investigation by FBI https://www.fbi.gov/investigate/cyber
DHS Report on cyber attacks on police and emergency services: https://publicintelligence.net/dhs-cyberthreats-emergency-services/
FBI warning to law enforcement of cyber threats to them: http://freebeacon.com/national-security/fbiwarns-law-enforcement-on-hacker-attacks/
Police vulnerabilities to cyber threats: https://www.fastcompany.com/3055955/police-departments-arevulnerable-to-cyber-threats-as-evidence-goes-digital?partner=rss Project 4
Lewis10
US-Cert warns of cyber threats on law enforcement: https://www.us-cert.gov/ncas/currentactivity/2015/04/21/IC3-Warns-Cyber-Attacks-Focused-Law-Enforcement-and-Public
Cybersecurity guide for state and local law providers:
https://cchs.gwu.edu/sites/cchs.gwu.edu/files/downloads/NCAPCybersecurityGuide-2016.pdf
INTERPOL report on cyber crime: http://www.interpol.int/Crime-areas/Cybercrime/Cybercrime
Arizona Police Department hacks:
http://www.wsj.com/articles/SB10001424052702304450604576415873494181848
Â
Agency Name
After Action Report/Improvement Plan
(AAR/IP) [Event Name]
[Event Name Continued] [FULL EVENT NAME]
[Event Date(s)] AFTER ACTION
REPORT/IMPROVEMENT PLAN
[Publication Date] Handling Instructions 1
FOR OFFICIAL USE ONLY [Jurisdiction] Agency Name
After Action Report/Improvement Plan
(AAR/IP) [Event Name]
[Event Name Continued] HANDLING INSTRUCTIONS
1. The title of this document is [complete and formal title of document]. 2. The information gathered in this AAR/IP is classified as [For Official Use Only (FOUO)]
and should be handled as sensitive information not to be disclosed. This document should be
safeguarded, handled, transmitted, and stored in accordance with appropriate security
directives. Reproduction of this document, in whole or in part, without prior approval from
AGENCY is prohibited. 3. At a minimum, the attached materials will be disseminated only on a need-to-know basis
and when unattended, will be stored in a locked container or area offering sufficient
protection against theft, compromise, inadvertent access, and unauthorized disclosure. 4. Points of Contact:
[Incident Commander:]
Name
Title
Agency
Street Address
City, State ZIP
xxx-xxx-xxxx (office)
xxx-xxx-xxxx (cell)
e-mail Handling Instructions 2
FOR OFFICIAL USE ONLY [Jurisdiction] Agency Name
After Action Report/Improvement Plan
(AAR/IP) [Event Name]
[Event Name Continued] CONTENTS
Administrative Handling Instructions......................................................2
Contents......................................................................................................3
Executive Summary...................................................................................4
Section 1: Event Overview........................................................................5
Event Details............................................................................................ [5]
Participating Organizations......................................................................[5] Section 2: Improvement Plan....................................................................6
Section 3: Conclusion................................................................................7 Section 3: Analysis of Capabilities 3
FOR OFFICIAL USE ONLY [Jurisdiction] Agency Name
After Action Report/Improvement Plan
(AAR/IP) [Event Name]
[Event Name Continued] EXECUTIVE SUMMARY
Include an overview of the event and the major issues encountered and responded to related to the incident. Major Strengths
The major strengths identified during this event are as follows: [Major strength.] [Additional major strength] [Additional major strength] Primary Areas for Improvement
Throughout the event, several opportunities for improvement in [jurisdiction/organization name]’s ability to respond to the incident were identified. The primary areas for improvement, including recommendations, are as follows: End this section by describing the overall response as successful or unsuccessful, and briefly
state the areas in which future responses to similar events can be enhanced. Section 3: Analysis of Capabilities 4
FOR OFFICIAL USE ONLY [Jurisdiction] Agency Name
After Action Report/Improvement Plan
(AAR/IP) [Event Name]
[Event Name Continued] SECTION 1: EVENT OVERVIEW
Event Details
Event Name
[Insert formal name of event, which should match the name in the header.]
Type of Event
[Insert the type of event: fire, crash, bomb (or threat), chemical release, natural disaster,
disease outbreak, etc.]
Event Start Date
[Insert the month, day, and year that the event began.]
Event End Date
[Insert the month, day, and year that the event ended.]
Duration
[Insert the total length of the event, in day or hours, as appropriate.]
Location
[Insert all applicable information regarding the specific location(s) of the event]
Capabilities
[Insert a list of the target capabilities addressed during incident response.] [Target Capability] [Target Capability] [Target Capability] Participating Organizations SIGNIFICANT EVENTS LOG: Please provide information on any significant events.
Time Section 3: Analysis of Capabilities Event/Action 5
FOR OFFICIAL USE ONLY [Jurisdiction] Agency Name
After Action Report/Improvement Plan
(AAR/IP) [Event Name]
[Event Name Continued] SECTION 2: IMPROVEMENT PLAN
Recommendations:
1. [Complete description of recommendation] 2. [Complete description of recommendation] 3. [Complete description of recommendation] Section 3: Analysis of Capabilities 6
FOR OFFICIAL USE ONLY [Jurisdiction] SECTION 3: CONCLUSION
This section is a conclusion for the entire document. It provides an overall summary to the
report. It should include the demonstrated capabilities, lessons learned, major recommendations,
and a summary of what steps should be taken to ensure that the concluding results will help to
further refine plans, policies, procedures, and training for this type of incident. Appendix D: Acronyms 7
FOR OFFICIAL USE ONLY [Jurisdiction]