EECT029 Cyber Security

Introduction:

With respect to the significant rise of technologies and digital innovations, businesses across the global business platform have been able to enhance the quality of services offered to them. This has greatly helped the healthcare sector of business to improve the quality of services offered to them, which has also helped increase the quality of medical treatment, significantly improving the lives of humans (Humayun et al. 2021). However, with the significant increase in digital technology usage, the same has been acting as a specific attraction spot for multiple cyber-threats existing online. One such threat is ransomware, which has already placed a noticeable impact upon the ongoing business operations at the medical firms and showcased the intention of stealing confidential medical data belonging to the patients and personal information of the medical staff present within the premise.

In reference to this, the following discussion has clearly highlighted a specific discussion about the vulnerabilities present across the healthcare systems and potential threats likely to be posed at them to steal sensitive information and affect the normal occurrence of healthcare operations. In addition to this, the discussion has clearly documented some of the techniques used to pose such attacks, which will define the various methods chosen by hackers to carry out ransomware threats (Al-rimy, Maarof and Shaid 2018). Along with this, the discussion also clearly describes some of the existing solutions to tackle ransomware threats. The discussion also tends to describe some of the challenges that might occur in the future and the associated impact of them in specific.

Security vulnerabilities: 

This particular section of the document has mainly been documented to consider the specific vulnerabilities in security as well as threats that are likely to be occurring at the computers and systems present at the healthcare organizations. Each of the vulnerabilities present in the current business scenario mainly promotes potential posing of threat, tending to steal sensitive information and at the same time place the significant business operations on halt (Reshmi 2021).

Utilization of digital technologies without adequate protection: Healthcare industry, among the other forms of business industries, have been increasing their usage of technological adoption, which has increased the efficiency of services provided to the patients and, at the same time undertaking business operations have increased significantly. This attracted ransomware threats in specific terms.

However, likely mention needs to be made regarding the absence of any protective measure aligned to the technology adoption that can be considered as the main vulnerability present at the healthcare firms containing confidential medical information (Huang et al. 2018). This has been acting as one of the most considerable vulnerabilities, which requires appropriate treatment.

Unprotected medical information: With the increasing number of incoming patients at the healthcare firms, the patients are required to provide their personal information along with all kinds of data belonging to their medical history. This mainly requires an adequate amount of protection from external access and limitation to protect the personal integrity and privacy of the admitted patients (Alhawi, Baldwin and Dehghantanha 2018). However, the healthcare firms have been failing to understand the capability of online criminals having known different kinds of methods to access such stored information present on their computer systems of the medical staff and steal them without notice. This is one of the essential vulnerabilities, which also demands specific protection to respect the privacy of the patients.

Lack of cybersecurity knowledge: The medical staff employed at the medical firms and healthcare organizations contain minimal knowledge about the increasing aspects of technologies integrated into their daily work by their employing enterprises (Paquet-Clouston, Haslhofer and Dupont 2019). This also states the reduced knowledge among them regarding the increasing criminal activities on the internet and the potential capability of such online criminals or cyber attackers to pose a threat at the existing network of their respective healthcare firm and steal all the readily available sensitive or confidential information without knowledge. Hence, a lack of adequate knowledge regarding cybersecurity and the required steps to be undertaken to significantly increase the protection over patient confidential information is a considerable vulnerability.

Unprotected network access: healthcare firms across the global business environment have all opted for a significant data communication network installed across their premise, which is to enhance the mode of communication as well as allow for a better sharing of information over such networks through digital procedures. However, the installed networks are just for communication purposes but have no specific focus upon protection or privacy over business information sharing or any other form of communication that is carried out over the networks (Alhawi, Baldwin and Dehghantanha 2018). This allows external unauthorized access to connect to the network in a wireless manner, which allows the hackers to gain potential entry into the attached storage and systems of the respective healthcare firm and eventually allow them to steal such information, which is private to the healthcare firm.

Security threats: 

This section of the discussion mainly aims at discussing the various kinds of threats that are likely to occur at the healthcare organizations or firms present across the global industry. Each of the likely threats to occur at the healthcare firms has been outlined in the following points to put forward a clear understanding in specific terms.

• The tendencies of hackers or online criminals to potentially pose threats at the network systems of the healthcare firms and steal sensitive or confidential information present readily on the networks. This is mainly the most likely to occur when it comes to cyber-threats in specific terms.
• Block activation on the working network of the healthcare firms mainly affects the normal functioning of the business operations at the organization on a regular basis (Koket al. 2019). This is carried out by hackers to extract revenue from such organizations, which is to clearly affect the economic conditions of the country and post a national threat in specific terms.
• Information sniffing is one of the likely occurrences for hackers, which are present within the communication channels present on networks and sniff information communicated between two users utilizing that particular channel.

Techniques to attack: 

This section of the document shall be provided with the basic description of the various types of techniques followed by the online hackers or attackers to carry out ransomware attacks and pose the specific threats that are likely to be affecting the business operations carried out at healthcare firms across the industry and tend to steal confidential medical data.

Ransomware attacks contain a common motive of slipping or gaining potential entry into the specific networks installed at the premise of the healthcare firms, which allows them to specifically carry out data communication on a daily basis in respect to the business (Hampton, Baig and Zeadally 2018). As a reason for this, there is a significant utilization of various methods carried out by the hackers to pose ransomware threats at such existing networks for the healthcare firms and other types of business organizations. The following points have clearly identified some of the common forms of techniques, tools or technologies used by hackers to carry out ransomware attacks.

The different ways used by ransomware threats are,  

1. Cryptoworm is a type of worm having the capability of rapidly replicating itself and spreading across the affected network or connected systems.
2. Ransomware-as-a-Service (RaaS), which is mainly sold on the dark web in the form of a distribution kit and is readily available for hackers to purchase and utilize the same to carry out ransomware attacks without fail (Dargahiet al. 2019).

• Automated adversary attack, during which the associated attackers carry out the manual deployment of ransomware that mainly follows an automated scanning of the existent networks at the healthcare firms.

Some of the common types of tools used by the online hackers to pose ransomware threats have been outlined in the following points.

• Cryptographic code signing ransomware: this mainly makes appropriate utilization of a legitimate digital certificate that has been stolen in making attempts to convince a primary security software code, which is not trustworthy as well as does not have the prime requirement of a specific analysis to be carried out.
• Privilege escalation: this mainly carries out the efficient utilization of available exploits such as the likes of EternalBlue, which is mainly used to elevate specific access privileges (Bae, Leeand Im 2020). This also provisions the associated attacker with the specific allowance of installing software programs such as the likes of Remote Access tools (RaTs). In addition to this, the associated hacker also gains the specific capability of viewing, changing or deleting any kind of data or might also be capable of creating new accounts and disabling security software without appropriate authorization.
• Lateral movement as well as hunting across the hospital network: during this specific technique of posing a ransomware threat, within an hour, the attacker gains the potential capability of creating a specific script and then executing the ransomware upon the networked endpoints as well as relative servers. However, to increase the associated pace of the attack, the ransomware might prioritize specific data present on the remote drives, also target smaller documents as well as carry out procedures of encryption simultaneously.
• Remote attack threats: the existent file servers present on the healthcare networks are not affected by ransomware threats, usually. Instead, the existent threat typically is carried out on multiple compromised endpoints, which abuses the account of the privileged user to attach documents in a remote manner (Ozet al. 2021). This specific attack can also be carried out with the help of a Remote Desktop Protocol (RDP) or might be effectively targeting the remote monitoring and management (RMM) solutions. These are efficiently utilized by the present managed service providers (MSP) for carrying out efficient management of the IT infrastructure of the client and their systems.
• Encryption and renaming files: there is a shared existence of multiple methods that are mainly used for carrying out file encryption, including the likes of simple overwriting methods, but are mainly accompanied by either the technique of deletion or might be backup of the original copy for the respective file. This is to put a specific barrier into the procedure of recovery.
  
  

The above points have clearly provided a brief description of the various types of technologies, techniques and methods used by the attackers to pose ransomware threats upon the existing business and network systems at healthcare organizations (Kumari et al. 2019). However, researchers have stated that the traditional methods of ransomware threats are undergoing an evolution, where the attackers are utilizing specific digital technologies to reduce the possibility of detection.

Critical analysis of existing solutions for the threat: 

As stated by Wani and Revathi (2020), MS-ISAC has put forward a specific recommendation that backs up the important forms of data that is considered as the singular effective method of recovering from a ransomware infection. There is a shared existence of multiple considerations, which recommends backup files that also require adequate protection as well as storing offline that cannot be posed with a specific threat by the ransomware attackers. In addition to this, efficient utilization of cloud-based services can also provide a helping hand in mitigating a ransomware infection that also requires retaining all the previous versions of files, which allows rolling back to an unencrypted version.

As added by Lee, Kim and Kim (2019), the creation of a specific incident response plan required for IT security contains the specific knowledge of effectively dealing with a ransomware event. Such a plan has the primary containment of putting forward a definition of roles as well as communication that is specifically extracted from a ransomware attack. This shall also include a specific list of contacts, such as the contact information of the partners or associated vendors who shall be notified during an active attack as well. In addition to this, the existence of an email policy that prevents the employees or medical staff of a healthcare organization from accessing emails incoming to their official email accounts from unknown sources. Such email policies also prevent the users from clicking on links present within such emails, which might be phishing links to spoof websites.

As highlighted by Sharmeen et al. (2020), carrying out an efficient review of port settings, where multiple ransomware variants take specific advantage of Remote Desktop Protocol (RDP) port 3389 as well as Server Message Block (SMB) port 445. Carrying out an efficient consideration whether the organization requires to keep the ports open as well as specifically consider placing limitations upon connections to allow only the trusted hosts in specific terms. This also makes the companies stay rest assured regarding the settings present on both on-premise as well as cloud-based environments, which allows the existent cloud service provider to specifically disable the unused RDP ports.

According to Kim, Choi and Lee (2018), business organizations or healthcare firms ensure that all of the connected computing and networking systems have been configured with appropriate security to provide protection against such ransomware threats. Efficiently securing the configuration settings can also provide a helping hand in limiting the threat surface of the healthcare organization as well as closing on the security gaps that are still present having default form of configurations (Mayers 2021). The associated CIS Benchmarks provide an efficient as well as a no-cost choice for the healthcare firms to effectively implement configurations upon leading towards industries as well as developed consensus. This helps the healthcare firms stay aware of the various kinds of likely threats which might pose a ransomware attack and end in affecting the integrity of the business and privacy of the patients and their confidential medical data in particular terms.

As opposed by Genç, Lenzini and Sgandurra (2019), the mentioned countermeasures have been able to prevent the occurrence of ransomware attacks to a certain level. However, the existence of an experienced hacker having knowledge of different techniques that are detectable, instilling the medical staff regarding the types of threats likely to pose a ransomware attack and the associated steps to be carried out to prevent the likely possibility of the same is considered to be the most effective measures of protection in specific terms (Paik et al. 2022). This mainly aims at enhancing the security of such applications by updating the installed security patches to the latest version. This also allows to close on in the security gap efficiently scan and detect any vulnerability that exists in particular. This also relates to the automated update to the latest security patch and enhances the required security to an increased level.

As added by Hu, Zhang and Cui (2020), the installation of capable network and data monitoring systems are one of the effective measures when it comes to appropriately dealing with the likely occurrence of ransomware attacks and potential entry of unauthorized access through the entry point of the network. Hence, installation of an Intrusion Detection System (IDS) at the entry point of the network present at the respective healthcare organization, which will keep on constantly monitoring the incoming data, detect any hacker presence and notify the firewall present right next to it to undertake effective steps in preventing the same.

Challenges in the future: 

The previous section has clearly discussed all the likely protective measures in preventing a ransomware attack from occurring and affecting the healthcare proceedings at a medical firm, which also contains a huge amount of confidential medical information of the patients associated with the healthcare firm, respectively (Malecki 2019). However, the mentioned protection against ransomware threats is likely to attract challenges in the future, relevant to the rising usage of digital technologies and the evolution of methods to pose threats.

Some of the protective measures, such as the installation of IDS, are a part of digital technologies, which are constantly undergoing advancements. On the other hand, the techniques or methods utilized by the hackers present online are also advancing, where such hackers are specifically utilizing different techniques, which are not known by such an IDS and might fail to detect the potential entry of ransomware attacks posed with such newly developed methods. This eventually fails to prevent the post ransomware attack in particular.

Additionally, scheduling training programs to provide knowledge to the medical staff regarding such kinds of threats and vulnerabilities might allow potential entry of ransomware threats. This knowledge is supported with adequate examples, where the attendees might obtain knowledge about the traditional forms of methods used by the hackers (Farion-Melnyk et al., 2021). However, the newly developed methods used by the hackers are still unknown, and this might be completely new for the medical staff of the respective healthcare organization. This will allow the entry of such threats without getting detected by the trained employees and fails to protect the medical information from such ransomware attacks.

Carrying out regular updates on the allocated workstations and systems connected to the existing network at the respective healthcare organization. This protective measure mainly aims at enhancing the security of the systems by updating the security patches on the installed software applications to the latest versions (Karambelas 2020). This also ensures that the installed applications will not get affected by any kind of virus or malware trying to affect the normal working of the respective system and, in turn, pose a ransomware attack upon the whole network and connected systems. On the other hand, hackers might tend to use stronger combinations of such techniques, which might end in failing to prevent the occurrence of ransomware threats and, eventually, steal the confidential medical information of patients.

Figure-1: Intrusion Detection System (IDS)

Endpoint security is considered an effective solution to prevent ransomware attacks from occurring on networks present at healthcare facilities. However, there might be issues with the multiple endpoints present on a specific network (Ophoff and Lakay 2018). This might allow the hackers to get past an endpoint that is not at all secure and allows a smooth entry of them to affect the network. Hence, this also fails to properly work as a protective measure against ransomware attacks, allowing the hacker to get access and steal sensitive medical information without getting detected and getting trapped by any of the security measures.

Conclusion: 

Ransomware threats have been increasing on a toll and affecting healthcare facilities, tending to steal confidential medical information. As a reason, the above document has been prepared to study the likely vulnerabilities and threats allowing the occurrence of ransomware threats. Additionally, the discussion has highlighted existent solutions and critically analyzed the effectiveness of the existing solutions. Lastly, the solution has also highlighted some of the challenges based on the existing solutions, which might occur in the future.

References: 

Alhawi, O.M., Baldwin, J. and Dehghantanha, A., 2018. Leveraging machine learning techniques for windows ransomware network traffic detection. In Cyber threat intelligence (pp. 93-106). Springer, Cham.

Al-rimy, B.A.S., Maarof, M.A. and Shaid, S.Z.M., 2018. Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions. Computers & Security, 74, pp.144-166.

Bae, S.I., Lee, G.B. and Im, E.G., 2020. Ransomware detection using machine learning algorithms. Concurrency and Computation: Practice and Experience, 32(18), p.e5422.

Dargahi, T., Dehghantanha, A., Bahrami, P.N., Conti, M., Bianchi, G. and Benedetto, L., 2019. A cyber-kill-chain based taxonomy of crypto-ransomware features. Journal of Computer Virology and Hacking Techniques, 15(4), pp.277-305.

Farion-Melnyk, A., Rozheliuk, V., Slipchenko, T., Banakh, S., Farion, M. and Bilan, O., 2021, September. Ransomware Attacks: Risks, Protection and Prevention Measures. In 2021 11th International Conference on Advanced Computer Information Technologies (ACIT) (pp. 473-478). IEEE.

Genç, Z.A., Lenzini, G. and Sgandurra, D., 2019, June. On deception-based protection against cryptographic ransomware. In International conference on detection of intrusions and malware, and vulnerability assessment (pp. 219-239). Springer, Cham.

Hampton, N., Baig, Z. and Zeadally, S., 2018. Ransomware behavioural analysis on windows platforms. Journal of information security and applications, 40, pp.44-51.

Hu, J.W., Zhang, Y. and Cui, Y.P., 2020, July. Research on Android ransomware protection technology. In Journal of Physics: Conference Series (Vol. 1584, No. 1, p. 012004). IOP Publishing.

Huang, D.Y., Aliapoulios, M.M., Li, V.G., Invernizzi, L., Bursztein, E., McRoberts, K., Levin, J., Levchenko, K., Snoeren, A.C. and McCoy, D., 2018, May. Tracking ransomware end-to-end. In 2018 IEEE Symposium on Security and Privacy (SP) (pp. 618-631). IEEE.

Humayun, M., Jhanjhi, N.Z., Alsayat, A. and Ponnusamy, V., 2021. Internet of things and ransomware: Evolution, mitigation and prevention. Egyptian Informatics Journal, 22(1), pp.105-117.

Karambelas, C., 2020. Health Care Technology: Ransomware Risk and Protection. American Bankruptcy Institute Journal, 39(5), pp.30-57.

Kim, D.Y., Choi, G.Y. and Lee, J.H., 2018, January. White list-based ransomware real-time detection and prevention for user device protection. In 2018 IEEE International Conference on Consumer Electronics (ICCE) (pp. 1-5). IEEE.

Kok, S., Abdullah, A., Jhanjhi, N. and Supramaniam, M., 2019. Ransomware, threat and detection techniques: A review. Int. J. Comput. Sci. Netw. Secur, 19(2), p.136.

Kumari, A., Bhuiyan, M.Z.A., Namdeo, J., Kanaujia, S., Amin, R. and Vollala, S., 2019, July. Ransomware attack protection: A cryptographic approach. In International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage (pp. 15-25). Springer, Cham.

Lee, S., Kim, H.K. and Kim, K., 2019. Ransomware protection using the moving target defense perspective. Computers & Electrical Engineering, 78, pp.288-299.

Malecki, F., 2019. Best practices for preventing and recovering from a ransomware attack. Computer Fraud & Security, 2019(3), pp.8-10.

Mayers, J., 2021. The Importance of Ransomware Threat Protection & Recovery (Doctoral dissertation, Utica College).

Ophoff, J. and Lakay, M., 2018, August. Mitigating the ransomware threat: a protection motivation theory approach. In International Information Security Conference (pp. 163-175). Springer, Cham.

Oz, H., Aris, A., Levi, A. and Uluagac, A.S., 2021. A survey on ransomware: Evolution, taxonomy, and defense solutions. arXiv preprint arXiv:2102.06249.

Paik, J.Y., Kim, G., Kang, S., Jin, R. and Cho, E.S., 2022. Data Protection Based on Hidden Space in Windows Against Ransomware. In Proceedings of Sixth International Congress on Information and Communication Technology (pp. 629-637). Springer, Singapore.

Paquet-Clouston, M., Haslhofer, B. and Dupont, B., 2019. Ransomware payments in the bitcoin ecosystem. Journal of Cybersecurity, 5(1), p.tyz003.

Reshmi, T.R., 2021. Information security breaches due to ransomware attacks-a systematic literature review. International Journal of Information Management Data Insights, 1(2), p.100013.

Sharmeen, S., Ahmed, Y.A., Huda, S., Koçer, B.?. and Hassan, M.M., 2020. Avoiding future digital extortion through robust protection against ransomware threats using deep learning based adaptive approaches. IEEE Access, 8, pp.24522-24534.

Wani, A. and Revathi, S., 2020. Ransomware protection in loT using software defined networking. Int. J. Electr. Comput. Eng, 10(3), pp.3166-3175.

Are you in dire need of assignment help in the UK? Can’t figure out who can help you whenever you find yourself thinking, “Wouldn’t it be great if I could pay someone to do my assignment?” With Myassignmenthelp.co.uk, you can fulfil your desires without any hassle.

Send us your requirements, and our paper writers will take care of your assignment worries quickly. So now, you don't have to worry about, "Where can I find someone to do my assignment for me in the UK?” Instead, let our experts provide you with the best assignment help in London, Bristol, Manchester, Liverpool and more!