Cyber Attack

Case study: Cyber attack

Author’s name

[Institutional Affiliation(s)]

Author Note

Case Study: Cyber Attack

In the twenty-first century, organizations and governments are more concerned on the security on their cyber front then they are on their physical one. The thoughts of cyber-warfare have echoed throughout the world as the world witnessed one cyber-attack after the next. This paper will discuss a case study in which a gang of hackers disguising themselves as the notorious “fancy bears”, the Russian hackers who were involved in compromising the security of the white house in 2014. The goals and objectives of these hackers along with their techniques will also be discussed in this paper.

Attack Case Study

Overview

The part of the Russian establishment responsible for cyber-attacks is named as fancy bears. This name became a brand after devastating cyber-attacks on the white house in 2014. This attack was based on intimidating the enemy into thinking that the notorious group “fancy bears” was actually trying to attempt a DDOS attack on their server and thus tricking them to pay up ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"SlPAb6NT","properties":{"formattedCitation":"(\\uc0\\u8220{}RDoS attacks by fake Fancy Bear hit banks in multiple locations,\\uc0\\u8221{} n.d.)","plainCitation":"(“RDoS attacks by fake Fancy Bear hit banks in multiple locations,” n.d.)","noteIndex":0},"citationItems":[{"id":136,"uris":["http://zotero.org/users/local/DTmO0ro3/items/WCJX2UKW"],"uri":["http://zotero.org/users/local/DTmO0ro3/items/WCJX2UKW"],"itemData":{"id":136,"type":"webpage","title":"RDoS attacks by fake Fancy Bear hit banks in multiple locations","abstract":"New wave of RDoS attacks by Fancy Bear copycat","URL":"https://www.group-ib.com/blog/fakeapt28","accessed":{"date-parts":[["2019",12,7]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (“RDoS attacks by fake Fancy Bear hit banks in multiple locations,” n.d.).

Perpetrators

Perpetrators of this attack remain anonymous to this day, as they attempted to perform this attack using already compromised bot networks.

Attack Scenario

Goals

The group aimed at exploiting financial firms through sending them an intimidating ransom letter in which it disguises itself as “fancy bear”. The demand of money usually two bitcoins is also mentioned in this ransom letter ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"EDg4nMt1","properties":{"formattedCitation":"(Bussoletti, 2019)","plainCitation":"(Bussoletti, 2019)","noteIndex":0},"citationItems":[{"id":138,"uris":["http://zotero.org/users/local/DTmO0ro3/items/CWREX2JB"],"uri":["http://zotero.org/users/local/DTmO0ro3/items/CWREX2JB"],"itemData":{"id":138,"type":"post-weblog","title":"Cybercrime, a fake Fancy Bear threats companies with DDoS attacks","container-title":"Difesa e Sicurezza (difesaesicurezza.com)","abstract":"Link11 cyber security experts: The crooks claim to be the APT and blackmail organizations for a 2 Bitcoin ransom. But, they don’t bluff warning attacks of up to 60 Gbps.","URL":"https://www.difesaesicurezza.com/en/defence-and-security/cybercrime-a-fake-fancy-bear-threats-companies-with-ddos-attacks/","language":"en-US","author":[{"family":"Bussoletti","given":"Francesco"}],"issued":{"date-parts":[["2019",10,28]]},"accessed":{"date-parts":[["2019",12,7]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Bussoletti, 2019).

Skills / Training

High level of knowledge in the field of network security especially exploit development and vulnerability analysis along with solutions to provide a high degree of anonymity.

Preparation Time

This is hard to estimate. The majority of the time would probably be required to gain the maximum amount of anonymity and to test the weakest point in the backend server. The DDOS attack will then not be much of an issue.

Personnel

A group of people who are highly trained in writing automated exploits on backend servers which have a lack of DDOS mitigation mechanisms.

Equipment

A group of systems or preferably a network of previously compromised bots which would provide the number as well as the anonymity required for the attack.

Timing Constraints

The basic time constraint for this attack will be equal to the time required by the company to install advanced DDOS mitigation mechanisms in its backend server.

How It Happens?

The gang sends a detailed and intimidating ransom letter stating their aim and identity. It at the same time, also sends a small-scale demo DDOS attack for the company to understand the severity of the situation. The ransom letter also mentions the deadline for the money and the time for the attack afterwards ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"IAEFl0M8","properties":{"formattedCitation":"(\\uc0\\u8220{}A DDoS gang is extorting businesses posing as Russian government hackers | ZDNet,\\uc0\\u8221{} n.d.)","plainCitation":"(“A DDoS gang is extorting businesses posing as Russian government hackers | ZDNet,” n.d.)","noteIndex":0},"citationItems":[{"id":140,"uris":["http://zotero.org/users/local/DTmO0ro3/items/NK57G9DR"],"uri":["http://zotero.org/users/local/DTmO0ro3/items/NK57G9DR"],"itemData":{"id":140,"type":"webpage","title":"A DDoS gang is extorting businesses posing as Russian government hackers | ZDNet","URL":"https://www.zdnet.com/article/a-ddos-gang-is-extorting-businesses-posing-as-russian-government-hackers/","accessed":{"date-parts":[["2019",12,7]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (“A DDoS gang is extorting businesses posing as Russian government hackers | ZDNet,” n.d.).

Collateral Results

Several other groups started to use the same technique disguising themselves as a known hacker group and sending ransom letters to companies. Such groups tried to impersonate famous hacking gangs such as Anonymous, Armada Collective etc.

Recommended mitigation

In-time development and installation of DDOS mitigation mechanisms for backend servers to make sure that no downtime is recorded when the DDOS attack occurs.

Risk Management

Cyber-security architecture

The organization at risk for such an attack are those who have not prepared their back-end servers for such attacks. Cyber-security organizations which provide large scale network security services need to adapt quickly to be ready for such future incidents.

Privilege Controls

The authorized users of the bank or the organization should also be given restricted access to the bank’s resources i.e. privileged access can increase the chances of an attack manifold.

References

ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY A DDoS gang is extorting businesses posing as Russian government hackers | ZDNet. (n.d.). Retrieved December 7, 2019, from https://www.zdnet.com/article/a-ddos-gang-is-extorting-businesses-posing-as-russian-government-hackers/

Bussoletti, F. (2019, October 28). Cybercrime, a fake Fancy Bear threats companies with DDoS attacks. Retrieved December 7, 2019, from Difesa e Sicurezza (difesaesicurezza.com) website: https://www.difesaesicurezza.com/en/defence-and-security/cybercrime-a-fake-fancy-bear-threats-companies-with-ddos-attacks/

RDoS attacks by fake Fancy Bear hit banks in multiple locations. (n.d.). Retrieved December 7, 2019, from https://www.group-ib.com/blog/fakeapt28