Your Perfect Assignment is Just a Click Away

We Write Custom Academic Papers

From as Little as $6

100% Original, Plagiarism Free, Customized to your instructions!

glass
pen
clip
papers
heaphones

New England College Cyber Attacks during Coronavirus Pandemic Discussion

New England College Cyber Attacks during Coronavirus Pandemic Discussion

Question Description

Need help with my Computer Science question – I’m studying for my class.

Hi, Questions 1&2 read and responses are incomplete. Attached are the responses acquired.

Question 1:

“Read and respond to at least two other students Discussions.”

1st read & response: Rivera Beach City Ransomware Attack

As the COVID-19 crisis toll escalates so are the cyber-attacks both locally and ecumenically. The cyber attackers have capitalized on this pandemic to exploit systems of government agencies, institutions, e-commerce enterprises, health facilities, etc. Recently, the cyberattacks cases have been on ascending and composed part of the circadian news. In April 2020 alone, there were 67 cyber-attack incidences with at least 832 million records breached (Irwin, 2020). According to Verizon, 94% of all cyber-attacks were caused by malware which found its way to the systems via e-mail (Verizon, 2019). Most of the recent hacks can be attributed to the transitioning of systems from Windows 7 to Windows 10 or a higher version than Windows 7 and the COVID-19 crisis and this dyad have some devastating capabilities infused in the hacking jargon.

In precise, let’s shift our attention to the Rivera Beach City Ransomware Attack. It was on May 29 when a ransom attack targeting Rivera Beach City systems commenced. As reported, a police department employee clicked on a mail attachment that was infected with malware allowing the assailer to seize the city-systems by encrypting its data (Doris, 2019). The aftermath was a calamitous encounter that crippled most of the city’s online operations for around one full week until the city official decided to pay a ransom worth $592,000, which was paid apprise of bitcoin cryptocurrency (Mazzei, 2019). The payment method opted by the attacker – cryptocurrency bitcoin, was a well-schemed method since bitcoin currency provides in-nominate transactions over the cyber world insinuating that tracking the assailant would be a hectic endeavor. More so, bitcoin payments are irreversible but can only be restituted by the person receiving the funds (bitcoin, n.d).

Despite the inability to access the encrypted data, the city numerous operations such as the electronic-mail system was incapacitated, traffic tickets were to be handwritten, the payment process of employee and vendors shifted to the manual way and the security department could not enter the 911 calls into the computer systems. That week proves that the city had undergone an abundance of chaos and hassle. After all options deeming and hitting the wall, the city official then commenced on acceding to pay the ransom so as the assailant to decrypt the files. After the ransom payment was done, the IT department embarked on reconstituting the systems and reconfiguring it to mitigate future attacks as well as incrementing their system redundancies to avail in backup and recovery processes (Doris, 2019).

Ransomware attacks have been preferred by the attackers since holding the data forces the victim into digging to their financial reserves for their data to be relinquished and decrypted. The attacks are becoming increasingly sophisticated daily posing great threats to the public, businesses, and government. Its high time for the IT security personnel to enforce full security measures and train the staff on cyber-attacks and how to obviate them.

2nd read & response: Pitney Bowes hacked for the 2nd time

Pitney Bowes is an American technology company most known for its postage meters and other mailing equipment and services, and with expansions, into e-commerce, software, and other technologies. Most fortune 500 companies and small / medium business outsource their services to Pitney Bowes, this was one of the main reasons the hackers targeted them to see if they can get into multiple organizations and get a big bounty.

On October 15th, 2019, Pitney Bowes was attacked by a group of hackers using Maze Ransomware, they encrypted multiple systems and servers ensuing the impact was high making sure 1.5 million customers worldwide lost access. Hackers were very smart to hijack the system and add sophistication to this long-used form of malware to fool companies that are unaware of how insecure their systems–as well as the systems of business partners–really are, security experts noted. The hackers demanded huge ransom and Pitney Bowes was not able to pay out the ransom, rather organization hired cyber forensic experts to investigate this issue and help them with a fix and was announced the issue was resolved in 2019.

Again on May 11th, 2020, The cybercriminal the group behind the increasingly dangerous Maze ransomware strain claimed they were successfully to encrypt systems at mailing and shipping services firm Pitney Bowes, less than a year after it was hit by a similar attack. previous major attack. The group behind Maze, which specializes in double extortion, a type of attack that increases pressure on its victims to pay by threatening to release important data in addition to encrypting systems confirmed the attack on Pitney Bowes

Brett Callow, a threat analyst with Emsisoft, says that because Pitney Bowes was previously hit with ransomware, the original attackers may have left a backdoor in the network that Maze either found or gained access to with the help of another cybercriminal gang.

“Ransomware groups frequently leave behind backdoors to maintain post-attack access to the networks they have compromised, and this is one of the reasons we recommend that companies completely rebuild their networks rather than simply decrypting their data,” Callow tells ISMG. “The backdoors are typically ‘owned’ by affiliates, and those affiliates may change allegiance or sell or trade them with other groups.”

Looking at these recent incidents most organizations have started to ramp up their cyber teams, monitoring system, and infrastructure to protect their organization.

Question 2:

“Reply to two classmates’ posting in a paragraph of at least five sentences by asking questions, reflecting on your own experience, challenging assumptions, pointing out something new you learned, offering suggestions. These peer responses are not ‘attaboys’.”

1st read & response: Medical Records, a Lucrative source of income for the hackers.

In the present era where data is rapidly growing in every business sector. It is a liability of the organization collecting the data to ensure they are used for authorized purposes, stored securely, and destroyed. Data breaches are one of the most common issues faced by all the organizations which can put the organization’s reputation at stake and may cost them a lot of money and time to recover from the negative publicity, loss to business and lawsuits from the customers.

When an organization loses sensitive information of a customer like legal name, date of birth, social security numbers, addresses, driver licenses, and financial information which is accessed, misused, or destroyed by an unauthorized party for their benefit is defined as a data breach. “According to news originating from San Antonio, Texas, by Vertical News correspondents, research stated, Data breaches through hacking incidents have become a significant phenomenon in the world of online shopping. These breaches can result in loss of personal data belonging to customers.” [1]

In the US alone as per a case study done by IBM, the average cost of a data breach in 2006 was $3.45 Million and rose to $8.19 Million in 2019, which as a 130 % increase in the last 14 years. The average cost to the organization per record compromised in 2019 was estimated at $242. The average number of records stolen per breach in the US was 32,434 [2].

Every industry is prone to cyber-attacks and has been a victim of the data breaches. Health care industry’s data is more valuable on the black market, where the average cost per patient record was being sold for $429 resulting in $6.45 M average cost per data breach[3], the health care industry has been an easy target to the cybercriminals, since the healthcare sector does not focus on investing on their IT infrastructure and security .

Top Sectors

Industries

Average Total cost per data breach

1

Health Care

$ 6.45 M

2

Banking and Financial

$ 5.86 M

3

Industrial and Retail

$ 5.20 M

4

Education

$ 477 M

5

Public Sector

$1.29 M

Table 1: Top 5 industry and the average cost per data breach in the united states.[3]

Concluding the attacks are prominent in industries where the cybercriminals can demand ransom or sell the data for a high value in the black market causing financial loss and damage to the reputation of the victim organization.

When we state the health care industry on an average spends about $6.45 M on a data breach there are multiple factors that add up the cost. Analyzing and Identifying the data breach, negative publicity impacting the business, lawsuits from the customers, and organizations involved in the data breach and remediations to ensure the environment is contained and secured to prevent future breaches.

Health care in prominently in public and private sectors are not ready to invest more on IT data security , which makes it easy for the hackers to target the specific sectors for data which is high turn over for each record they capture.

2nd read & response: Electronic Health Records (EHRs)

With the rise of technology, every major industry in the world is starting to rely on machines and computers more with each passing day. Good technology and software play a pivotal role in automating key tasks and storing swathes of data. Up until recently, in the field of medicine, patients were given handwritten medication prescriptions, a practice which can result in errors (there are several historical examples of this). This is why Electronic Health Records (EHRs) were created, to digitalize the medical industry. “EHRs are defined as “a longitudinal electronic record of patient health information generated by one or more encounters in any care delivery setting. Included in this information are patient demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data, and radiology reports.””(“Benefits and Drawbacks of Electronic Health Record Systems”, Nir Menachemi, Taleah Collum, 2011).

EHRs have several benefits. They provide ease of access to doctors and patients with regards to their medical history, while allowing access to evidence based tools that providers can use to make decisions about a patient’s care and health. EHRs basically save a lot of time for doctors by automating and streamlining the whole medical process. The medical/healthcare industry as a whole has benefited from EHRs to become more effective and cost-saving. “The widespread adoption and use of electronic health records (EHRs) will make an unprecedented amount of information available for health-related research.”(“Research use of electronic health records: patient’s perspectives on contact by researchers”, Kathleen M, Susan Spratt, Laura Beskow, 2018).

However, there are several drawbacks related to use of EHRs. Some of these include financial losses, and a temporary loss of productivity. More pertinently, however, its ease of access makes it highly susceptible to cyber attacks from hackers. According to a recent report, almost half of all cyberattacks occur in the healthcare sector. EHRs appear very appealing to cyber attackers primarily because they contain a lot of valuable personal information with regards to a patient, information that includes SSN, credit card details, and details of family members.

In 2018, a major phishing attack occurred at UnityPoint Health, which dangerously compromised around 1.4 million patient records. The phishing emails appeared to be sent from a senior executive within the company, and when an employee clicked on the email, the hackers were able to gain access to patient records. While the billing systems weren’t impacted, it was suspected that the hackers were attempting to divert vendor or payroll payments. UnityPoint eventually worked on a mitigation strategy by resetting passwords on the compromised accounts, conducting phishing education for employees, and improving the security tools to identify vulnerabilities. This example shows that hackers have a lot to gain from maliciously manipulating patient health records. A crucial facet that makes healthcare more appealing for hackers is, healthcare data cannot be blocked. Unlike in the financial industry, where if a user is hacked into, he can block his account and change his credit card details, the healthcare industry cannot suddenly give a patient a new record to work with.

EHR systems have their issues in implementation. “It is clear that EHR systems have particular complexities and should be implemented with great care, and with attention given to context, content, and process issues and to interactions between these issues.”(“Implementing electronic health records in hospitals : a systematic literature review”, Albert Boonstra, Arie Verslius, Janita Vos, 2014). As they are being embraced by the healthcare industry the world over, it is important to ensue data privacy and security, crucially protecting patient information. When used in an appropriate manner, EHRs will enhance the patient doctor experience, improving the healthcare sector immeasurably.