Advanced Ethical Hacking Assignment Sample

I. Introduction

According to the reports [2], the world has seen a surge in cyber-attacks and ransomware in the past year, which is around 105%. The primary motive of the following attacks was to cripple the people or the organization or businesses and make the system unusable until they are paying the ransom or money to the attacker. Moreover, some reports also show that the government has seen an increase of around 1886% in ransomware attacks. While in the health sector, the surge in cyber-attacks will be about 766% in 2021 [3]. In North America, the surge in cyber-attacks has seen an average increase of around 106%, as per the report. One of the primary reasons for the following increase in cyber-attacks is the work from a home culture where the privacy and the security of the individual and the organization are being hampered [4].

Therefore, in the following report, the discussion is based on the attack faced by one of the major pipeline companies in the U.S.A., which is a colonial pipeline. The company, situated in Texas, suffered one of the major cyber-attacks or ransomware in 2021, which led to the halting of the entire system, and the supply of oil and gas was stopped till the revival of the company. They are transporting more than 2.5 million barrels per day of gasoline and other fuel over 8750 km of a pipeline linking the refiners of the gulf coast and the eastern and southern United States. It is estimated that the ransom asked by the attacker was around $4.4 million within the next several hours after the attack was initiated [1]. Therefore, in the following project, the technical aspect of the attack will be discussed along with the privacy and security aspects of the attack. The legal and ethical aspects of the attacks will also be taken into consideration, based on which recommendations for future attacks and research could be considered.

II. Technical aspects

The attack or the hack that took place on the United States Colonial Pipeline on April 29^th led to the shortage of gasoline in the major parts of the East coast. The consultant of the cybersecurity experts has provided shows that the primary reason for the attack is getting access to the network of the company through an account of a Virtual private network [5]. The account is discovered to be in the batch of the leaked passwords present on the dark web [6]. The group claimed to be in the following attack is Dark Side. They are known for ransomware attacks, taking down some large organizations and businesses worldwide. Using the following password, which the employee has not changed, has been used to gain access to the company’s network and attack the vulnerable area of the company, which is the operating pipeline of the company [7]. Therefore, there was a major security breach because the company employee had not changed the password and is using a similar one at present.

Virtual private network:

VPN, or the virtual private network, is known as the backbone of the security of the company operating online. Hence, a majority of the companies, including both private and the government, are taking steps to operate remotely [8]. Therefore, to operate remotely and not provide remote access to sensitive data and information to the company, VPN is considered. It makes sure that the organization is safe by changing its I.P. address with a random I.P. address around the world which prevents the attacker from using the I.P. information for attacking the system [9]. However, on the other hand, in the majority of the cases, the use of a VPN is one of the major gateways for most of the attacks and one being the Colonial Pipeline.

Vulnerable VPN devices and targets with no downtime:

One of the cases that appeared in January 2018 was where the attacker exploited one of the vulnerabilities in the FortiGate VPN servers, which are known as CVE-2018-13379 [10]. The company has been releasing the security update; however, since there is no downtime in the VPN server, the security patch has not been installed in the system, which led the criminals to be able to deploy the exploit against anyone. Without the proper downtime, the security patch has not been exploited. Therefore, because of the unpatched VPN applications, the attacker could log in using the username and password, which allowed them to enter the system [10]. Furthermore, using the Mimi Katz software, they can gain the authentication credentials and use them to steal the username and the passwords. However, the attack was successful, but it could be seen that the primary reason for the attack to be a success because of the lack of applying the security patch to the system.

Based on the understanding of the following incident, it could be suggested that a similar could be the case with Colonial Pipeline ransomware. Using the past password, which has been leaked, the attacker was able to gain access to the credentials of the rest of the employees within the organization and attack the vulnerable part of the system, which is the pipeline operating. There are reports from the VPN companies that suggest that because of the costs they have to incur, they cannot have a scheduled downtime and, therefore, make the VPN server vulnerable and accessible for most of the attackers.

Compromised VPN device:

One of the major causes that could be found in the cyberattack history is the Capcom Ransomware attack, where the gang of attackers could take down the system using the old VPN devices. In the following attack, the attacker targeted the old VPN devices within the internal system, which were located in California [12]. Using the following, the attacker pivoted to the offices present in the U.S. and Japan and then detonated the file encryption malware, which caused the email and the server files to be taken offline. Below is the diagram which is illustrating the following case.

The following impact hit more than 15000 individuals within the organization and who are related to the organization [13]. The information leaked in the following was related to personal information such as the name and payment details, phone numbers and the email addresses of every individual.

Similar is the case with the colonial pipeline, where more than 100 GB of data have been compromised by the attacker and gained access to some of the major information related to the company and the personal information of the employees who are working at the organization [14]. However, the significant differences between the two cases are that in the case of the colonial pipeline, the company was attacked with the password that the company had leaked. The primary reason was the lack of internal security precautions taken by the employees and the company authorities because some of the employees are still using the same password as before [15].

III. Privacy and security

The colonial pipeline company was attacked in May 2021 by one of the famous groups which go by the name of Darkside. The oil and gas company is the reason for the delivery and supply of more than 45% of the oil and gas in the U.S.A. and other markets [15]. Therefore, the group demanded around $4.4 million from the company, equivalent to around 75 bitcoins.

Coming to the impact which the company had to face because of the attack, the primary impact which was experienced was in the supply and operation of the company—one of the biggest airline companies in the U.S.A. American Airlines is taking their jet’s fuel from the colonial pipeline. Therefore, there was a lack of jet fuel because of the attack. Moreover, the lack of fuel and gas was experienced in major parts of the country where the fuel is being supplied by the company [16]. Apart from all the impacts of the supply side, there has also been an impact the country faced because of the following: privacy impact. The employees’ privacy within the organisation and the organisation’s management has been faced.

Moreover, the primary task of the VPN is to keep the data private, and this is done by spoofing the I.P. address with random I.P.s around the world. However, most VPN companies are claiming that they are not saving the company’s personal information, and hence they are safe from the attacker. However, on the other hand, according to [17], they are saving the information, which the attackers can then access if they get hold of the key for the VPN server. Therefore, the attacker was able to get the I.P. address of the company and the details of the employees and the staff who are working at the organisation, including their names, phone numbers and email I.D.s. Moreover, the attacker was also able to get hold of the higher authority’s private and personal information or the organisation’s management [18].

Certain security and privacy tools and steps could be used to enforce the security of the data and the traffic within the organisation. According to the U.S. Department of Homeland security, they have been instructed to improve the security and the privacy of the oil and gas pipeline operators. Moreover, certain password protocols need to be used to make the passwords strong for the employees working in such sophisticated organisations, which can hamper the country’s integrity [17].

There needs to be hiring done for the cybersecurity expert and coordinator whose primary responsibility is to deal with the possible breaches that can occur and go through the privacy issues within the organisation. The Colonial Pipeline also needs to go through the vulnerability assessment, which is done as per the guidelines provided by T.S.A. pipeline security [19]. Therefore, using the tools and practices, they would be able to understand the present security condition of the company but will also be able to identify any gaps that might need to be fulfilled in the future to make the company more secure.

IV. Incident response and disaster recovery:

Historically according to [20] majority of the ransomware cases, the primary motive of the attacker is to ask for the ransom in return for the information and data blocked by the attacker behind the paywall. Therefore, a similar case has been witnessed in the case of Colonial Pipeline, where the company was asked to pay a ransom of around $4.4 million. According to the reports [21], when the attack took place, the company’s immediate response was to shut down the system and bring the system offline so that the attacker was not able to harm other vulnerable areas of the company. Moreover, according to C.E.O. Joseph Blount, the company paid the ransom being asked against the attack. The reason to take the following decision was to bring the company back online as they are the reason for 45% of the supplies in the country. Moreover, there are more than 100 GB of the company’s data, including the employees’ information [14]. Therefore, they took the following incident response and disaster recovery steps to overcome the situation and minimise the risk of further spreading the exploit.

According to [21], when the system is attacked, shutting down the system is one of the better responses to deal with the situation. It helps minimise the risk to spread the impact in other vulnerable areas of the company. Moreover, [22] added that it does not allow the attackers to access other parts of the system, which might be more vulnerable and could cause major impacts on the organisation. However, on the other hand, [19] argued that shutting down the system can protect the system from further damage. While on the other hand, the attacker still has access to the data which already been captured, which in the case of Colonial Pipeline was around 100GB of data [14]. Therefore, there is no surety or guarantee that the data will not be uploaded or shared on the dark web on the internet, and there are chances that privacy can be hampered.

There are certain strengths and weaknesses to the approaches which Colonial Pipeline has taken against the ransomware attack, and they are as follows:

Strengths:

1. It protected other weaker vulnerable areas within the company from being attacked and exploited.
2. Already 100 GB of the data have been captured; the immediate response stopped more data and information from within the organisation to be leaked [14].
3. Better decisions could be taken while offline and borrow more time without further hampering the organisation’s data and information.

Weakness:

Some of the weaknesses of the following steps are:

1. The surety of the 100 GB of data not being shared online on the dark web could be a key for the next big attack on the colonial pipeline.
2. Being responsible for 45% of the supply in the U.S.A. therefore, the company’s supply has been cut off, which cost them a million and caused panic in the market [16].

V. Legal and ethical issues:

Over the years, ransomware has been one of the virulent crimes in cybersecurity. Over the years, they are more focused and costly for companies to deal with. Therefore, there are decisions that the companies and the victims need to take regarding engaging with the attacker and paying them the amount of negotiating with them. More than $20 billion in damage will be costed in 2021 due to ransomware [23]. However, certain ethical and legal aspects are associated with the following. Hence, there are certain regulations that the company needs to follow, which are applicable in the case of the Colonial Pipeline. Moreover, there are also legal and ethical implications as to whether the colonial pipeline took the right decision to pay the attacker in the first place.

According to [24], under the international emergency economic powers act and trading with the enemy act, U.S. companies and persons are prohibited from engaging in any kind of transactions directly or indirectly with the specially designated nationals and blocked person list. They are going against the rules and regulations of the country and hampering the harmony and integrity of the nation. However, from the commercial point of view, the production and the delivery of the products halted due to ransomware attacks could be causing the company to breach certain service agreements, purchase orders or other contracts with other companies. While on the other hand, [25] waiting for the legal and the ethical aspects could complicate the situation; therefore, companies need to have a certain incident response plan which can contemplate the attack even before the attack takes place. The guidance that the treasury department of the U.S.A. provides mentions that payment of any kind is a violation of the rules and the regulations of the country. Moreover, it will encourage future attacks and demands both for the company and provide risks for other companies within the country [26].

Coming to the ethical point of view, two ethical aspects could be considered for the following case: the deontological approach and the utilitarian approach. The former suggests taking actions as per the rules set by the organisation or by the national authority for safeguarding [27]. The latter suggests that it is more important for understanding the greater good than for a significant number of people. Taking both the ethical aspects, which are applicable in the following, the C.E.O. of the company Colonial Pipeline took the route of utilitarian philosophy. According to the C.E.O. of the company, it is important to understand the greater good of the company and the people associated with the company at large rather than the number of people who are associated with the organisation, which are less significant.

VI. Conclusion and recommendations:

Conclusion:

The purpose of the study is to understand and analyse the case of colonial pipeline attacks which took place in the year 2021. There are a plethora of attacks that took place in the year 2021. However, one of the most prominent ones is the colonial pipeline, which hampered the supply of gas and oil to the country by making the company stop operating for a while and hampered the company and the country financially. Therefore, in the following study, the background of the case study is being discussed as to how $4.4 million have been asked as ransom by a group named DarkSide. Therefore, the technical aspect of the study is also taken into consideration and concluded that using VPN is safe for the companies. However, there are loopholes such as no downtime and no patch, leading the attacker to exploit them and ask for ransom.

Moreover, the following study has also discussed the intricacies that hackers use for attacking VPNs. Furthermore, the privacy and the security aspects of the attacks have been discussed as to how they impacted the organisation as a whole and the methods and tools which could be used for increasing the privacy and the security aspects of the colonial pipeline. Here, the tool used is the leaked password of the old VPN server, which was found on the dark web and using that information, the attacker was able to gain access to the company. Shutting down the system was one of the incident response and disaster recovery used for the system, which had both its strengths and weaknesses. Finally, despite the ethical and legal implications of the decision made by the company to pay the attacker, the C.E.O. chose utilitarian philosophy to safeguard the nation as a whole rather than just the company.

Recommendations:

Some recommendations which could be implemented for the management and contain the impact are as follows:

• An assessment of all the major areas of colonial pipeline needs to be done, which could be under attack in the future and take some precautionary steps beforehand. Moreover, the assessment standard needs to be increased, which can assure protection during zero-day exploits [28].
• Frequent changing of the passwords and assessment of the employees’ accounts should be done, which can help in ensuring more protection both for the employees and the organisation as a whole [29].
• If The company uses VPNs, they should be considered, and a proper assessment should be done if they are not storing the data within their server. The primary reason is that it can hamper the privacy and security of the data of companies stored on the server [30].
• The use of personal drives and devices with the system should be avoided to prevent the delivery of malware from the devices to the system [28]. Moreover, proper steps should be taken to block the websites, which are unnecessary for the organisation as this could lead to phishing and stealing company data.
• Frequent backups of the system without storing them in the company network. Therefore, even if the system is compromised, they have the backup to start over again without the fear of losing the data [29].

VII. References

• Turton and K. Mehrotra, “Bloomberg – Hackers Breached Colonial Pipeline Using Compromised Password”, Bloomberg.com, 2022. [Online]. Available: https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password. [Accessed: 08- Apr- 2022].
• China, J. and Madding, R. Cyberattacks and threats during COVID-19: A systematic literature review. South African Journal of Information Management, 23(1), pp.1-11, 2021.
• Gafni, R. and Pavel, T. Cyberattacks against the health-care sectors during the COVID-19 pandemic. Information & Computer Security, 2021.
• Yamin, M.M., Ullah, M., Ullah, H. and Katt, B. Weaponized A.I. for cyber-attacks. Journal of Information Security and Applications, 57, p.102722, 2021.
• Knebel, S., Schultz, M.D. and Seele, P. Cyberattacks as “state of exception” reconceptualising cybersecurity from prevention to surviving and accommodating. Journal of Information, Communication and Ethics in Society, 2021.
• Kaur, S. and Randhawa, S. Dark web: A web of crimes. Wireless Personal Communications, 112(4), pp.2131-2158, 2020.
• Cascadilla, G., Tamburri, D.A. and Van Den Heuvel, W.J. Cybercrime threat intelligence: A systematic multi-vocal literature review. Computers & Security, 105, p.102258, 2021.
• Ezra, P.J., Misra, S., Agrawal, A., Oluranti, J., Maskeliunas, R. and Damasevicius, R. Secured communication using virtual private network (VPN). Cyber Security and Digital Forensics, pp.309-319, 2022.
• Sharma, Y.K. and Kaur, C. The Vital Role of Virtual Private Network (VPN) in Making Secure Connection Over Internet World. International Journal of Recent Technology and Engineering (IJRTE) vol, 8, pp.2336-2339, 2020.
• Fadlallah, Y., Sbeiti, M., Hammoud, M., Nehme, M. and Fadlallah, A, June. On the Cyber Security of Lebanon: A Large Scale Empirical Study of Critical Vulnerabilities. In 2020 8th International Symposium on Digital Forensics and Security (ISDFS) (pp. 1-6). IEEE, 2020.
• Stevens, R., Dykstra, J., Everette, W.K. and Mazurek, M.L. It lurks within: a look at the unexpected security implications of compliance programs. IEEE Security & Privacy, 18(6), pp.51-58, 2020.
• Ilascu, “Capcom: Ransomware gang used old VPN device to breach the network”, BleepingComputer, 2022. [Online]. Available: https://www.bleepingcomputer.com/news/security/capcom-ransomware-gang-used-old-vpn-device-to-breach-the-network/. [Accessed: 08- Apr- 2022].
• Threats, O.L.B., Banking, O.L. and His, T.J.G. Q-News, 2021.
• O’Connor, P. 2021: hackers value quality over quantity. NOW, 63(4), pp.48-49, 2021.
• Yunus, Y.K.B.M. and Ngah, S.B. August. Ransomware: stages, detection and evasion. In 2021 International Conference on Software Engineering & Computer Systems and 4th International Conference on Computational Science and Information Management (ICSECS-ICOCSIM) (pp. 227-231). IEEE, 2021.
• Keary, J. Rebuffing Russian Ransomware: How the United States Should Use the Colonial Pipeline and JBS USA Hackings as a Defense Guide for Ransomware, 2022.
• Analytica, O. Us pipeline hack to make ransomware risks a priority. Emerald Expert Briefings, 2021.
• Hobbs, A. The colonial pipeline hack: Exposing vulnerabilities in us cybersecurity. SAGE Publications: SAGE Business Cases Originals, 2021.
• Hunter, B. ‘til the Next Zero-Day Comes: Ransomware, Countermeasures, and the Risks They Pose to Safety. Safety-Critical Systems eJournal, 1(1), 2022.
• Gager, J. Ransomware Education: Availability, Accessibility, and Ease of Use, 2021.
• Chen, Q. and Bridges, R.A., December. Automated behavioral analysis of malware: A case study of wannacry ransomware. In 2017 16th IEEE International Conference on machine learning and applications (ICMLA) (pp. 454-460). IEEE, 2017.
• Malecki, F. Best practices for preventing and recovering from a ransomware attack. Computer Fraud & Security, 2019(3), pp.8-10, 2019.
• Pawlicki, A., Choraś, M., Pawlicki, M. and Kozik, R. A $10 million question and other cybersecurity-related ethical dilemmas amid the COVID-19 pandemic. Business Horizons, 64(6), pp.729-734, 2021.
• Blanken-Webb, J., Palmer, I., Campbell, R., Burbules, N.C. and Bashir, M. Cybersecurity Ethics. Foundations of Information Ethics, pp.91-101, 2019.
• Herbert-Lowe, S. Cyber extortion-a guide to your legal and ethical considerations. Australasian Law Management Journal, (Apr 2021), pp.1-4, 2021.
• Loi, M. and Christen, M. Ethical frameworks for cybersecurity (Vol. 21, pp. 73-95). Cham, Switzerland: Springer, 2020.
• Manjikian, M. Cybersecurity ethics: an introduction. Routledge, 2017.
• Avanzini, G.B. and Spessa, A, March. Cybersecurity Verification Approach for the Oil & Gas Industry. In Offshore Mediterranean Conference and Exhibition. OnePetro, 2019.
• Nguyen, T., Gosine, R.G. and Warrian, P. A systematic review of big data analytics for oil and gas industry 4.0. IEEE Access, 8, pp.61183-61201, 2020.
• Ramjattan, R., Ramsookb, D. and Hosein, P. Cybersecurity Threat Analysis for an Energy Rich, Small Island Developing State. West Indian Journal of Engineering, 43(2), 2021.