RMIT
Classi-
fica-
tion:
Truste
d
ASSIGNMENT 1: WRITTEN REPORT
By submitting this assignment, I hereby attest that this work is my own.
PROBLEM SUMMARY
Nowadays, technological advancement is incredible; therefore, more and more
high-tech applications have been invented, as well as more delicate cyber-attacking meth-
ods, one of which is the cyber-attack on the Papaya International Hospital in May 2023.
This event started with an adroitly encrypted email that was sent to the hospital by a
group of cybercriminals and opened by an unsuspecting employee, marking the starting
point of a series of coordinated cyber-offensives.
This is the content of the encrypted email:
“ti epsi pqjvakig cei qkigifcapnr du rdoi wdvk rvxxnaikr pfg qvrcdoikr vrafm p
upli tihraci. ti tann qdooifqi pf pccpql df wdvk rwrcior rddf. rcdx vr au wdv qpf!!
-cei gdoafadf”
And after decoding it:
“WE HAVE ACQUIRED THE CREDENTIALS OF SOME YOUR SUPPLIERS
AND CUSTOMERS USING A FAKE WEBSITE. WE WILL COMMENCE AN AT-
TACK ON YOUR SYSTEMS SOON. STOP US IF YOU CAN!!
-THE DOMINION”
At the beginning of this attack, the hackers perforated into the hospital’s digital
system, and then it rose rapidly to a huge cyber-attack which paralyzed the whole infor-
mation systems of the hospital. During the process, the attackers had the right to access
many devices and systems in the hospital within the organization, they deployed malware
including ransomware, which encrypted essential files and systems. Thus, they stole pa-
tients’ important information because it could be a significant profit when sold on the
dark web. Consequently, the attacked company faced difficulties financially and reputa-
tional, but the attackers were never caught.
� RMIT
Assignment 1 Classi-
fica-
tion:
ANALYSIS Truste
d
Figure 1: Attack Tree Diagram
Threats/Risks Confidentiality Integrity Availability Risk Score
Spear-Phishing 3 2 2 7
Sniffing 3 2 1 6
DDoS 1 1 3 5
Malware 3 3 2 8
Figure 2: CIA Triad Risk Table
The given Attack Tree Diagram and CIA Triad Risk Table above show that during
the attack period, the hospital faced numerous serious damages due to many factors.
Regarding the CIA Triad Table, Spear-Phishing is the element which causes the
most serious damage to the hospital. Hackers can manipulate victims [1] in order to ap-
proach sensitive data by using emails likely sent by the victim’s nearby people, therefore,
they can meet the demands of obtaining personal information such as account credentials
or individual emails which can cause significant damage to the hacked person that the
reason why I scored its Confidentiality 3. In addition, the Integrity is marked 2 because
the attackers cannot change the target information directly, however, they can use it for
other purposes which will impact the data integrity. Despite this cyber-attack secondary
effects could damage the system availability; its main purpose is data theft within disrup-
tion so that it has the 2 for Availability.
Secondly, because of its stealthy nature, Sniffing has the potential to apprehend
essential data which are being transmitted by the hospital's internal network including
users’ passwords, files, and texts [2], also, it can be a significant risk for the hospital since
it may undetected during stealing big-data process; thus, it has 3 for the Confidentiality.
The primary effect of this threat is to take the information, nevertheless, it can apply in
other attacks as man-in-the-middle [3] that compromise the data integrity; therefore, it
gets a score of 2 for Integrity. Moreover, I did not overvalue this threat Availability be-
cause the network services were not impacted directly.
2
� RMIT
Classi- Ngoc Kim
fica-
tion:
The DDoS attacks typically goal to overwhelm the system with the access volume
Truste
and make the functions inoperable, as a result, they prevent the patient from approaching
the hospital’s digital services,dmaking it harsh and inconvenient. That is the reason why
this type of attack is not overvalued.
Last but not least, the malware is judged to have the most serious impact on the
system. It is designed to infiltrate servers within a detection and perform malicious ac -
tions that have the worst effects on confidentiality such as stealing patients’ proprietary
information. Also, altering system functions, demolishing files, or manipulating progress
made it become a high-risk threat to information integrity. On the one hand, the goal of
malware is not to make the server disconnect; on the other hand, it can slow down the
system performance or lock users down.
POTENTIAL SOLUTIONS
Via the event of Papaya International Hospital, in my point of view, the
DDoS attack seems to have the lowest damage to the system; however, I scored it
5 out of 10 which means it needs to be circumspect by each employee in compa-
nies. Therefore, in this part, I will introduce 3 security mechanisms in order to
mitigate this cyber problem.
First and foremost, due to the fact that hackers always try to access the systems
via the Internet or network vulnerability, in my opinion, users or companies should im-
prove their network protection by using advanced filtering. This method is related to the
upgradation of firewalls and encroachment prevention systems that can scrutinize the net-
work approach traffic. They work by recognizing and preventing access volume that has
expression of DDoS attacks as unusual volume, for instance. The impact of these sys-
tems on the early forecast and limitation of the number of DDoS attacks is listed in Rei -
her and Mirkovic’s research [4], it provides people with a taxonomy of DDoS defense
mechanisms in detail. Moreover, the report by Zargar, Joshi, and Tipper provides people
with the difficulties and benefits of some defense strategies, it highlights the essential role
of the network protection of advanced filtering [5].
In addition, some protection services applying Cloud technology such as AWS
and Cloudflare are providing people with more modern and more effective solutions that
companies can use to check and load the access volume which may relate to DDoS risks.
An analysis of Guenane, Nogueira and Serhrouchni's study mentions cloud-based meth-
ods against DDoS risks [6]. Also, the importance of applying Cloud technology in pre-
venting the network from DDoS threats is discussed in the research of Darwish, Ouda
and Capretz [7]. As a result, this helps us to figure out the advantages of this technology
as scalability and adaptability which can become the potential aspects that make it an in -
dispensable component of the cybersecurity strategy.
Finally, the third mechanism will be generated by AI. Regarding ChatGPT, people
need to deal with this problem in a multifaceted way. First, unusual access traffic which is
a common sign of DDoS attacks can be detected by using analysis methods despite there
being some blockers that make it difficult to distinguish between legal approaches and il-
legal ones. Besides, the detection using machine learning algorithms can dawn and differ-
entiate between anomaly and normal traffic, then make a complex and effective solution
3
� RMIT
Assignment 1 Classi-
fica-
tion:
even though this is sometimes resource intensive. Another solution is to apply Content
Truste
Delivery Networks (CDNs) to mitigate this phenomenon by filtering malicious volume
and distributing network load, also restrictingd user requests can limit the effectiveness of
the DDoS attacks. Nevertheless, there are differences in effectiveness, cost, and adapt-
ability between solutions, so the most effective one is combining these approaches and
updating new technology advancement [8][9].
Note: Text and references in the final solution are paraphrased from the generated
by AI one. The platform used is ChatGPT (November 2023). Prompt: “Generate a PO-
TENTIAL SOLUTION for DDoS attacks by identifying, describing, and evaluating if
you have references, please have at least 2 academic references”
REFERENCES
[1] B. Parmar, “Protecting against spear-phishing,” Computer Fraud & Security, vol.
2012, no. 1, pp. 8–11, Jan. 2012, doi: 10.1016/S1361-3723(12)70007-6.
[2] A. Kulshrestha and S. Kumar Dubey, “A Literature Review on Sniffing Attacks in
Computer Network,” International Journal of Advanced Engineering Research and Sci-
ence (IJAERS), vol. 1, no. 2, pp. 32–36, Jul. 2014.
[3] M. A. Al-shareeda, M. Anbar, S. Manickam, and I. H. Hasbullah, “Review of Preven-
tion Schemes for Man-In-The-Middle (MITM) Attack in Vehicular Ad hoc Networks,”
International Journal of Engineering and Management Research, vol. 10, no. 3, pp. 154,
Art. no. 2250–0758, Jun. 2020, doi: 10.31033/ijemr.10.3.23.
[4] J. Mirkovic and P. Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mecha-
nisms∗,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 2, pp. 39–53,
Apr. 2004, doi: 10.1145/997150.997156.
[5] S. Taghavi Zargar, J. B. D. Joshi, and D. Tipper, “A Survey of Defense Mechanisms
Against Distributed Denial of Service (DDoS) Flooding Attacks,” IEEE Communications
Surveys & Tutorials, vol. 15, no. 4, pp. 2046–2069, Nov. 2013, doi: 10.1109/
SURV.2013.031413.00127.
[6] F. Guenane, M. Nogueira and A. Serhrouchni, "DDOS Mitigation Cloud-Based Ser-
vice," 2015 IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, 2015, pp. 1363-1368,
doi: 10.1109/Trustcom.2015.531.
[7] M. Darwish, A. Ouda and L. F. Capretz, "Cloud-based DDoS attacks and defenses,"
International Conference on Information Society (i-Society 2013), Toronto, ON, Canada,
2013, pp. 67-71.
[8] Xiang, Y., Li, K., & Zhou, W. (2011). Low-Rate DDoS Attacks Detection and Trace-
back by Using New Information Metrics. IEEE Transactions on Information Forensics
and Security, 6(2), 426-437.
[9] Badis, H., & Doyen, G. (2014). A Survey on Speculative Packet Marking for IP
Traceback. Computer Networks, 56(15), 3425-3452.
4
� RMIT
Classi- Ngoc Kim
fica-
tion:
APPENDIX Truste
Technical Video Demonstration: d
- The playlist combines all the below video:
https://www.youtube.com/playlist?
list=PLFkK0LBDArzAiTWYE5gTS6n_RtfiCGj_O
1. Video 1: Decipher the hackers’ message.
https://youtu.be/eahovAYi_H4?si=TopsqED5g06ctyjc
2. Video 2: Symmetric Cryptography Demonstration AES and DES
https://youtu.be/MpO872mSvxA?si=3vWzQAUNrxBbP0qM
3. Video 3: Asymmetric Cryptography Demonstration Public Key Cryptography and
Digital Signature
https://youtu.be/6lN0Crpcf4I?si=npZmsNkSk9NjGTDf
