Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Cybersecurity Threats and Data Breaches

Verified

Added on 2020/02/24

AI Summary

This assignment requires a critical analysis of the OneLogin data breach of 2017, focusing on the compromised customer data and the implications for cybersecurity. Additionally, it necessitates an examination of the WannaCry ransomware attack that impacted systems worldwide, analyzing its impact, vulnerabilities exploited, and preventative measures against similar attacks in the future.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INTERNET SECURITY
Assessment item 2
[Student Name Here]
[Institution’s Name Here]
[Professor’s Name Here]
[Date Here]

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

INTERNET SECURITY 2
Table of Contents
Contents Page
Part A: OneLogin data breach..........................................................3
The Problem.......................................................................................3
How and why the attacked occurred..................................................3
Possible solutions...............................................................................5
Part B: May ransomware attack.......................................................6
The root or problem...........................................................................6
Who was affected and how................................................................6
The attack method and steps..............................................................7
Solution..............................................................................................8
References............................................................................................9

INTERNET SECURITY 3
Part A: OneLogin data breach
The Problem
Authentication is a vital aspect of the modern technological landscape as most of the digital
platforms are facilitated by personalised accounts and portals. This outcome forces users to
use multiple authentication systems that are supported by many passwords which make their
management a difficult undertaking. As a solution, OneLogin offers a one stop shop for
managing logins into applications (Apps) and online sites. Now, even before mentioning the
attack at hand, as a cyber-security expert one can foresee the problems with this systems if
compromised, as it gives intruders the access needed to compromise multiple user systems
(OneLogin customer) (Coldewey, 2017).
In all, the company suffered a breach in its security systems earlier in the year where
customers’ data was exposed. Furthermore, the intruders proceeded to compromise the
operational structure of the company’s system which affected the ability to decrypt data. To
understand, how the operation structure of the system was affected, one needs to understand
the foundation of the service offered. OneLogin uses a cloud infrastructure to store and
manage its customer’s vital information such as usernames and passwords. This infrastructure
is necessary owing to the extent of the services offered as they span over 44 countries and
have over 2000 companies. Therefore, the cloud solutions increase the availability and
mobility of resources. However, to ferry the said resources over the internet they are
encrypted to unreadable formats which when supplied to customers is decrypted revealing the
access details. Therefore, when the decryption facility was affected, this functionality was
compromised plus the data exposed (Fiveash, 2017).
How and why the attacked occurred
In its official statement, OneLogin failed to outline the nature of the attack, only assuring the
customers that investigations to the problem would be conducted. However, the worrying

INTERNET SECURITY 4
outcome of the attack was the steps outlined by the company, as they tried to secure the
accounts used by their customers. The steps included the generation of new API (Application
Program Interface) keys and OAuth tokens (the general system for accessing the accounts).
Moreover, the organization also requested the customers to create new security certificates
and recycle all security features within the OneLogin accounts. Finally, the customers were
then asked to update their access passwords (OneLogin). A quick glance at these security
precautions outlines the how and maybe the why the attack happened. For one, the hosting
system used by the company must have been completely compromised to gain primary access
or admin credentials which necessitated a complete change in functionalities.
How? An independent observer highlighted that the intruders accessed the company’s system
by gaining access to a number of AWS keys, the cloud infrastructure used by OneLogin.
Amazon Web Service (AWS) is a cloud solution that is used by multiple companies across
the globe to host their services, and OneLogin equivalently hosted its services across its
multiple platforms. Now, having acquired the access passwords/keys, the intruder then used
them to access the overall AWS APIs through a subsidiary hosting service offered by an
intermediary organization within the United States. The criminal then further created several
infrastructure instances within the AWS to perform a general reconnaissance. It is through
this assessment that the intruder viewed and accessed the database tables holding the
customers access data i.e. the username and passwords (OneLogin).
Why? The intruders were only able to access the company AWS infrastructure using a set of
legitimate keys used by the organization which means there was an initial breach that was
used to acquire the company’s access passwords. However, since the organization failed to
disclose the methods used to access them, speculations were used to answer the questions.
For one, cloud infrastructures and solutions are known to have many security procedures that
regularly exposes them to misconfiguration instances. Therefore, OneLogin could have failed

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

INTERNET SECURITY 5
to implement certain security procedures to safeguard the root access to the AWS servers
which ultimately gave the intruders primary access. The second option is that of negligence
where the systems admins exposed the set of keys used to a third party member who
subsequently used them to trigger the attack (Barrett, 2017).
Possible solutions
Single sign-on (SSO) organizations are generally discouraged as they are a single point of
failure if compromised. In essence, these systems like any other cyber feature will have
multiple vulnerabilities and unlike other systems will have multiple assets that heavily
exposes the users. Therefore as an isolation tactic, they are never used as they grant intruders
an all access point to any assets owned by a user. So, the first and most important solution to
the problem at hand is to avoid the service in general, other than for supplementary features
that have minimal confidential information (Kerbs, 2017).
Nevertheless, when used, several solutions exist more so to the supporting organization i.e.
OneLogin. The company should reassess their security policy as it gave access to a third
party member. In the future, the AWS infrastructure should have multiple check points before
being deployed online. These points or access procedures would verify the applications used
before they are deployed. Furthermore, the same system would help account for access, a
functionality that helped contain the problem in this instance. Therefore, the existing
intrusion detection systems should continue to be used as it helped manage the situation and
even avoided any financial damage. On behalf of the users, they should regularly update their
access procedures as outlined by the host company. Furthermore, they should never store
their passwords using the automatic features available in web browsers (10 basic
cybersecurity measures: best prcatices to reduce exploitable weaknesses and attacks, 2017).

INTERNET SECURITY 6
Part B: May ransomware attack
One of the most troubling and extensive attacks occurred earlier in the year where millions of
cyber systems users were attacked by a vicious malware program known as WannaCry. As a
malware program, WannaCry is the complete definition of a ransomware as it was able to
penetrate many systems throughout different networks demanding ransoms in exchange for
restoring services. Furthermore, the malware was a complete revolution of the existing
programs that had been neutralised using several vulnerabilities that they held. In
comparison, WannaCry was quick and invisible to security protocols which made it difficult
to contain it, in fact, it was only detected after the damage was done (Greenberg, 2017).
The root or problem
WannaCry started its attacks in May, where it affected thousands of computers worldwide
using the internet connection. According to Kerbs (2017), the attack was witnessed in over
100 countries after its access methods were unveiled in the United States. Now, the access
method was done using a vulnerability in Windows computer system, an outcome that was
instigated by a rogue hack group called Shadow Brokers that gained access to NSA hack
tools. Therefore, using the hack tools the intruders infected multiple cyber systems in an
attempt to gain some financial returns (Gibbs, 2017).
Who was affected and how
According to Greenberg (2017), the heaviest attack was witnessed across 150 countries
where approximately 200,000 systems were compromised. These systems failed to work for
hours and some of them lost their content permanently as they were reconfigured to stop the
spread of the malware. Nevertheless, some countries were more affected as compared to
others, the likes of United Kingdom (UK), Russia, Spain and China. In the UK for instance,
the ransomware viciously infected the medical industry to an almost crippling effect as many
systems were compromised. To the medical personnel, the attack halted their work as it
demanded a ransom of $300. Similarly, the patients and other affiliated users of the NHS

INTERNET SECURITY 7
(National Health System, UK) had to live with extended delays as medical records went
missing (Sherr, 2017).
On the other hand, Russia had to deal with a worrying possibility of losing a grip on its public
systems including the Health and Interior ministries. Furthermore, the country’s railway
system was affected and so was the private sector after an extensive attack targeted the
banking industry. The same outcome was also witnessed in Spain as the country’s
telecommunication and electrical industry was affected by the attacks on Telefonica (Spain’s
second largest telecommunication company) and Iberdrola (electrical company) (Hern &
Gibbs, 2017).
The attack method and steps
The National Security Agency (NSA) was the root of the problem as their access systems
provided the foundation of the intrusion. This organization holds several hacking tools or
techniques that they use as cyber-weapons, among these tools was the Windows vulnerability
witnessed in this attack. In the attack, the EternalBlue vulnerability was used where it
accessed Window messaging blocks, through the server messaging block protocol (SMB). In
all the SMB protocol can serve as an all access item if compromised, an outcome that was
verified by the WannaCry attack. As a protocol, SMB will enable machines connected in
networks to access, read and write files which facilitate the different functionalities of
computers. Moreover, the same protocol will enable the same machines to request services
and even resources through the connected networks (News, 2017).
Now, WannaCry banked on this vulnerability to attack machines as an access to one
computer gave complete access to the connected networks, in fact, the attack process was
aided by the same systems that facilitated the operations of the networks.
Attack procedure: At the start, the intrusion first targeted unsecured networks as identified by
unprotected access ports. Through these ports, the malware’s starter (stager) was uploaded

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

INTERNET SECURITY 8
into a machine while being encrypted. In the next stage, the encrypted file was decrypted and
the malware activated to perform its illicit operations. Furthermore, while conducting its
activities, the malware also scanned for other unsecured ports where it sent the starter
program to start the process all over again. Therefore, at the end of the attack, a complete and
self-replicating program was used to infect thousands of machines without any form of
human intervention (McGoogan, Titcomb, & Krol, 2017).
Solution
A strong reminder of why machines and networks should have secured ports at all time with
the unused ports being deactivated. In most cases, networks are infiltrated because of the
negligence witnessed in setting them up. Therefore, even though the malware was stopped by
its own vulnerabilities, its overwhelming success was propelled by networks problems
because the users failed to implement the best security features. In some networks, the users
had rogue access points through their mobile devices which facilitated the malware’s success
as these devices lacked the necessary security countermeasures (labs, 2016).
However, while outlining the solutions that might have been used to avoid the attack, one
cannot overlook the contribution of the vulnerability exploited by WannaCry (EternalBlue).
Windows like any other modern organization prioritised on system deployment as compared
to the security features, which was verified by them releasing an update patch. Furthermore,
the users of the said systems should have had adequate security procedures to detect the faults
in the messaging blocks before they were exploited. Therefore, these organization should
restructure their security policies to have procedures that continuously evaluate their access
protocols, the ultimate solution to the problem (labs, 2016).

INTERNET SECURITY 9
References
10 basic cybersecurity measures: best prcatices to reduce exploitable weaknesses and attacks.
(2017). WaterISAC, Retrieved 28 August, 2017, from:
https://www.mamsb.org.my/wp-content/uploads/10_Basic_Cybersecurity_MeasuresO
ct20162.pdf.
Barrett, B. (2017). Security News This Week: OneLogin Had One Very Bad Breach. Wired,
Retrieved 28 August, 2017, from: https://www.wired.com/2017/06/security-news-
week-onelogin-one-bad-breach/.
Coldewey, D. (2017). OneLogin admits recent breach is pretty dang serious. Tech crunch,
Retrieved 28 August, 2017, from: https://techcrunch.com/2017/06/01/onelogin-
admits-recent-breach-is-pretty-dang-serious/.
Fiveash, K. (2017). OneLogin suffers breach—customer data said to be exposed, decrypted.
Retrieved 28 August, 2017, from:
https://arstechnica.com/information-technology/2017/06/onelogin-data-breach-
compromised-decrypted/.
Gibbs, S. (2017). WannaCry: hackers withdraw £108,000 of bitcoin ransom. The guardian,
Retrieved 28 August, 2017, from:
https://www.theguardian.com/technology/2017/aug/03/wannacry-hackers-withdraw-
108000-pounds-bitcoin-ransom.
Greenberg, A. (2017). The WannaCry Ransomware Hackers Made Some Real Amateur
Mistakes. Wired, Retrieved 28 August, 2017, from:
https://www.wired.com/2017/05/wannacry-ransomware-hackers-made-real-amateur-
mistakes/.
Hern, A., & Gibbs, S. (2017). What is WannaCry ransomware and why is it attacking global
computers? . The guardian, Retrieved 28 August, 2017, from:
https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-
attack-what-is-wanacrypt0r-20.
Kerbs. (2017). OneLogin: Breach Exposed Ability to Decrypt Data. Kerbs on security,
Retrieved 28 August, 2017, from: https://krebsonsecurity.com/2017/06/onelogin-
breach-exposed-ability-to-decrypt-data/.
labs, F. s. (2016). Ransomware: How to predict, prevent, detect and respond. F secure,
Retrieved 28 August, 2017, from:
https://www.f-secure.com/documents/996508/1030745/Ransomware_how_to_ppdr.p
df.
McGoogan, C., Titcomb, J., & Krol, C. (2017). What is WannaCry and how does
ransomware work? The Telegraph, Retrieved 28 August, 2017, from:
http://www.telegraph.co.uk/technology/0/ransomware-does-work/.

INTERNET SECURITY 10
News, B. (2017). Massive ransomware infection hits computers in 99 countries. BBC News,
Retrieved 28 August, 2017, from: http://www.bbc.com/news/technology-39901382.
OneLogin. (n.d.). May 31, 2017 Security Incident (UPDATED June 8, 2017). Onelogin
block, Retrieved 28 August, 2017, from: https://www.onelogin.com/blog/may-31-
2017-security-incident.
Sherr, I. (2017). WannaCry ransomware: Everything you need to know. Cnet, Retrieved 28
August, 2017, from: https://www.cnet.com/news/wannacry-wannacrypt-uiwix-
ransomware-everything-you-need-to-know/.

1 out of 10

+13062052269

info@desklib.com

Cybersecurity Threats and Data Breaches

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Preventing Ransomware Attacks

WannaCry Ransomware Attack Analysis

Cybersecurity Threats and Prevention Strategies

Affected Computer Systems - Doc

Cybersecurity Threats and Data Breaches

WannaCry Ransomware Attack Analysis