Advanced Persistent Threat Australian Healthcare
Question
Task: Write a reflective journal on computer architecture assignment analysing the theoretical concepts captured from the weekly material.
Answer
1. Introduction
Australian health sector organizations face critical issues regarding cybercrime conducted by the APT (Advanced Persistent Threat). In this report, Identification and summarizing the types of advanced persistent threatagainst the computer systems will be discussed. The IoT applications like health monitoring and real time locators used by the health professionals of the organization will also a point of focus in recent times. The applications of IoT have a great impact on the recent market and it is trending all over the world. IoT have shown its uses on both the personal purpose and commercial purpose. The report will discuss the threats and the assets linked with them.
2. Can you list the advanced persistent threat that are facing by the “Australian Health Sector Organization"?
Type of threats |
Description |
Brute Force Attacks |
Brute Force attack is one of the significant advanced persistent threatto the Australian Health sector. It is estimated that 20 % of the overall network security attacks in 2017 have been conducted with Brute force (Salamatian, et al., 2019). In these types of attacks, the intruder submits the common passwords to login within the victim computer or IOT devices. These security threats can stealthe sensitive data of the health sector. The Australian health sector is researching on different medical developments. The APT ("Advanced Persistent Threat") attackers seek to steal those research data that are extremely sensitive and have a higher global value. |
Ransomware |
It is a malware program that targets the data and files of the target computer. It usually encrypts the sensitive data within the target computer. It asks for a massive amount of money to decrypt the files(Richardson & North, 2017) as the Australian health sector has a large amount of sensitive data on their research and development for health care. It is an extreme risk factor for the Organization to get victimized by this type of security attack. In addition to the loss of money, it could damage or steal sensitive data also. |
Phishing |
This type of attack is also called as "social engineering" attack that is used to steal identities like login credentials or bank account hacks. Sending forged mails, the victim is redirected to a false web page that looks like the same as the original website (Aleroud & Zhou, 2017). Logging in to the site, the credentials are directly received by the attackers. It can collect the personal information of the health sector employees and their other sensitive information associated with the Organization. Moreover, bank account, credit card numbers could be hacked with this type of attack. |
Remote Desktop Protocol (RDP) threats |
RDP provides the service that encrypts data traveling between the server and client-side computers. Authentication is not provided in this protocol to verify the "Terminal Server." It allows the advanced persistent threatto intercept the established connection between the server and the client-side computers. DNS ("Domain Name System") and ARP ("Address Resolution Protocol") spoofing is also required to perform an RDP attack that sends the data to the intruder before sending it to the server. This type of attack is highly risky as the health sector servers contain patient records and other sensitive data(Fuentes, 2017). The leakage of such essential data could be an excellent risk for the Organization as it can be used to obtain drugs and other credentials of illegal patients. |
"Malicious COVID-19 Websites" |
Several cybercriminals are looking for financial profits during any natural disaster or dangerous event. "Malicious COVID-19" websites are one of the types of hacking techniques. These websites are designed in such a way that it will look legitimate and containing contents related to the pandemic (Khan, et al., 2020). It is difficult to detect any suspicious activity from such websites. The attackers inject various trojan programs or ransomware into the personal or organizational computers and harvest the login credential or bank details of the user. Cybercriminals can access user data, bank accounts, or other online accounts for personal and illegal profits using this technique. |
3. Identification and discussion of the categories assets based on the Organization’s system elements. The main assets of the Australian health sector organizations are:
- People -staff and employees
- Procedures-the processes followed by the organization
- Data-Digital information stored within the server and computers
- Software-applications that are used in health care sectors
- Hardware and networking-Medical equipment, tools and networking devices.
a. People
Australian health sector organization operates with several sections to cope up with advanced persistent threat, and various types of people are related to it. Research and development include doctors, patients, nurses, non-medical staff, and the Information Technology team. All the details and the credentials of these people are saved in the centralized servers. Moreover, also in the other computers of the organizations. These details could include the critical research papers of the Organization, patient details, and other staff credentials. These assets are crucial for the Organization as they control all the activities of the individuals related to the health sector.
b. Procedures
The Organization is related to operating with different procedures like keeping the health record of the patients, keeping the records for the medical pieces of equipment required for the Organization, and the research and development techniques that are extremely important. Moreover, the health sector is also associated with other health networks and government responsibilities.It could also include the various transactional data of the Organization that are sensitive. These system elements are generally hidden from the public and are used when required. It could be stated as the category asset for the procedure system of the Organization.
c. Data and Information
The health sector is always responsible for providing information to the administration. It may contain subsystems like the surveillance system and the "epidemiological information system." Some of the information may be publicly visible if provided by the Organization, but it also contains secret data and information. These are much important for the Organization to keep it safe from advanced persistent threat without tampering. The patient information is also stored in the central database containing prescriptions and other details. It could be identified as a category asset of this system element.
d. Software
As the health care sector operates with numerous patients and employees, it is impossible to main all the procedures manually. Software is an essential requirement for the medical industry that can make the job easier for the sector. Various types of software that could be called as the assets of the Australian Health Sector are:
- Health record software (Electronic)
- Hospital Management Software
- E-prescribing Software
- Hospital Management Software
The Organization also uses other types of accounting software for maintaining employee records and for purchasing pieces of equipment.
e. Hardware and Networking
The health care system is digitalized, and the Australian health sector is using it for the Organization. The hardware and networking system is complicated and requires numerous equipment and machinery to avoid advanced persistent threat.
These assets could be listed by:
- Centralized servers including FTP (File Transfer Protocol), Email and data servers
- Computers for doctors, nurses, and other employees
- Routers
- Switches
- Firewall system
- Specialized medical equipment for patients
Moreover, the hardware and networking system also involves within the help desk and the support system of the Organization.
4. Identification and Prioritization of advanced persistent threatfor each type of "assets"
Asset Type |
Elements |
Threat |
Threat Priority |
Description |
Staff and employees |
People |
Brute Force, Phishing |
High |
The credentials of the people are stored within the centralized server of the health sector, such as: · Email address · Residential address · Telephone number · Patient records · Prescriptions These all credentials could be attacked by using the Brute force or phishing attacks resulting in reputation damage for the Organization (Yadav, et al., 2017). It is also anadvanced persistent threatagainst the IoT devices and applications |
The processes followed by the organization |
Procedure |
Brute Force |
High |
The Australian health sector is working on several kinds of research and developments, including vaccine developments. Brute force attack by the advanced persistent threatcould steal these sensitive data which is a great advanced persistent threatfor the Organization |
Digital information stored within the server and computers |
Data and Information |
Ransomware |
High |
Ransomware is a significant advanced persistent threatto data and information. It will infect all the computers resulting in encrypting sensitive information resulting in a substantial financial loss for the sector(Paul III, et al., 2018). |
Applications that are used in health care sectors |
Software |
Remote Desktop Protocol |
Medium |
Attackers generally target the credential and sensitive data for illegal financial profits. Still, there is a probability of attacks that could infect legitimate software and creating a risk. |
Medical equipment and tools |
Hardware |
Remote Desktop Protocol |
Low |
Hardware is referred to as the physical components of the computer systems. According to the present scenario, the attackers target the data information and credentials, not the hardware. According to the case study, the type of attacks that are mentioned could not harm the hardware components of the computer system. |
Networking devices |
Networking |
Trojan programs, malware |
High |
Networking is an essential part of which all the computers are connected. If a malware or trojan program is injected with the legitimate nodes of the network, it could affect the overall computer systems of the Organization that are connected across the network. Moreover, cybercriminals can penetrate the network firewall too, and it is a high risk for the Organization if the whole network is infected. |
5. Analyze five "fundamental security principles" for security mitigation and control, as proposed by the "ACSC."
a. Layering
Eight mitigation theories based on advanced persistent threat, as proposed by the ACSC, must be applied to it. The theories are listed below: -
- “Enabling Multi-Factor Authentication” (MFA)- It helps to prevent the Brute Force attacks in the server. Thus, acts as an adversary for stealing the legitimate information saved on the server.
- “Block Macros”- In the layering process, the macros must be blocked so that no illegitimate data can enter into the process.
- Implementation of regular patching in applications and systems- Patching helps to fix flaws in the layering process.
- Creating a backup of databases and systems- During the layering, the backup must be kept of databases to retrieve it if it gets hacked.
- Provide basic knowledge to the staff- Staff must have basic knowledge of all the five principles so that they should not respond to the unusual links and emails.
- Scan of Email content- Before responding to any email, the content should be scanned as it may affect the layering.
- Updating the incident “response plans”- The “incident response plan” must be planned during the layering. It helps to isolate the affected system for the whole server.
- Implementation of Network Segregation and Segmentation- layering must be made in such a way so that there should be proper communication between services and hosts. Then the process can be divided into smaller networks.
b. Limiting
Eight mitigation theories, as proposed by the ACSC, must be applied to limiting. The theories are listed below: -
- “Enabling Multi-Factor Authentication” (MFA)- MFA acts as an adversary for stealing the legitimate information saved on the server.
- “Block Macros”- In the limiting process, the macros must be blocked so that no illegitimate data can enter into the process.
- Implementation of regular patching in applications and systems- Patching helps to fix flaws in the limiting process.
- Creating a backup of databases and systems- During the limiting, the backup must be kept of databases so that it can be retrieved if it gets hacked(Australian Government, 2020). The backup must be limited to some users.
- Provide basic knowledge to the staff- Staff must have basic knowledge of all the five principles so that they should not respond to the unusual links and emails.
- Scan of Email content- Before responding to any email, the content should be scanned as it may affect the limiting.
- Updating the incident “response plans”- The “incident response plan” must be executed during limiting. It helps to isolate the affected system for the whole server.
- Implementation of Network Segregation and Segmentation- Limiting must be made in such a way so that there should be a proper communication must be restricted between services and hosts. Then the process can be divided into smaller networks.
c. Diversity
Eight mitigation theories, as proposed by the ACSC, must be applied to diversity. The theories are listed below: -
- “Enabling Multi-Factor Authentication” (MFA)- MFA acts as an adversary for stealing the legitimate information saved on the server.
- “Block Macros”- In the diversity process, the macros must be blocked so that no illegitimate data can enter into the process.
- Implementation of regular patching in applications and systems- Patching helps to fix flaws in the storage area of diverse information.
- Creating a backup of databases and systems- During the diversification, the backup must be kept of databases so that it can be retrieved if it gets hacked(Australian Government, 2020). The backup must be limited to some users.
- Provide basic knowledge to the staff- Staff must have basic knowledge of all the five principles so that they should not respond to the unusual links and emails.
- Scan of Email content- Before responding to any email, the content should be scanned as it may affect diversity.
- Updating the incident “response plans”- The “incident response plan” must be executed during diversification. It helps to isolate the affected system for the whole server.
- Implementation of Network Segregation and Segmentation- Diversification must be made in such a way so that there should be a proper communication must be restricted between services and hosts(Australian Government, 2020). Then the process can be divided into smaller networks.
d. Obscurity
Eight mitigation theories, as proposed by the ACSC, must be applied to Obscurity. The theories are listed below: -
- “Enabling Multi-Factor Authentication” (MFA)- MFA acts as an adversary for stealing the legitimate information saved on the server.
- “Block Macros”- In the obscurity process, the macros must be blocked so that no illegitimate data can enter into the process.
- Implementation of regular patching in applications and systems- Patching helps to fix advanced persistent threatin the storage area of obscure information.
- Creating a backup of databases and systems- During the Obscurity, the backup must be kept of databases so that it can be retrieved if it gets hacked(Australian Government, 2020).
- Provide basic knowledge to the staff- Staff must have basic knowledge of all the five principles so that they should not respond to the unusual links and emails.
- Scan of Email content- Before responding to any email, the content should be scanned as it may affect the Obscurity.
- Updating the incident "response plans"- The "incident response plan" must be executed during Obscurity. It helps to isolate the affected system for the whole server.
- Implementation of Network Segregation and Segmentation- Obscurity must be made in such a way so that there should be a proper connection that must be restricted between services and hosts(Australian Government, 2020). Then the process can be divided into smaller networks.
e. Simplicity
Eight mitigation theories based on advanced persistent threat, as proposed by the ACSC, must be applied to Obscurity. The theories are listed below: -
- “Enabling Multi-Factor Authentication” (MFA)- MFA acts as an adversary for stealing the legitimate information saved on the server.
- "Block Macros"- In the simple process, the macros must be blocked so that no illegitimate data can enter into the process.
- Implementation of regular patching in applications and systems- Patching helps to fix flaws for maintaining the simplicity of information.
- Creating a backup of databases and systems- During the simplicity, the backup must be kept of databases so that it can be retrieved if it gets hacked(Australian Government, 2020). The backup must be limited to some users.
- Provide basic knowledge to the staff- Staff must have basic knowledge of all the five principles so that they should not respond to the unusual links and emails.
- Scan of Email content- Before responding to any email, the content should be scanned as it may affect the Obscurity.
- Updating the incident "response plans"- The "incident response plan" must be executed during Obscurity. It helps to isolate the affected system for the whole server.
- Implementation of Network Segregation and Segmentation- Obscurity must be made in such a way so that there should be a proper communication must be restricted between services and hosts(Australian Government, 2020). Then the process can be divided into smaller networks.
6. Conclusion
The report presents the different types of security threats from advanced persistent threatand other cyber criminals against the Australian Healthcare and also have categorized thee assets based on the elements of the organization. The advanced persistent threat proposes a great impact on the Australian health sector organizations with huge financial and reputational damage.Moreover, the five “fundamental security principles” have been analyzed based on the eight mitigation factorsproposed by the ACSC.
7. Bibliography
Aleroud, A. & Zhou, L., 2017. Phishing environments, techniques, and countermeasures: A survey. Advanced persistent threatComputers & Security, Volume 68, pp. 160-196.
Australian Government, 2020. 2020-009: Advanced Persistent Threat (APT) actors targeting Australian health sector organisations and COVID-19 essential services. Australian Cyber Security Centre, Issue 1.0, p. 6.
Fuentes, M. R., 2017. Cybercrime and other threats faced by the healthcare industry. Trend Micro. Khan, N. A., Brohi, S. N. & Zaman, N., 2020. Ten Deadly Cyber Security Threats Amid COVID-19 Pandemic.
Paul III, D. P., Spence, N., Bhardwa, N. & PH, C. D., 2018. Healthcare Facilities: Another Target for Ransomware Attacks.
Richardson, R. & North, M. M., 2017. Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), p. 10.
Salamatian, S. et al., 2019. Why botnets work: Distributed brute-force attacks need no synchronization. IEEE Transactions on Information Forensics and Security, 14(9), pp. 2288-2299.
Yadav, A., Raisurana, S. & Lalitha, P., 2017. Information security in healthcare organizations using low-interaction honeypot intrusion detection system. Advanced persistent threatInternational Journal of Security and Its Applications, 11(9), pp. 95-108.