logo

Case Study on Cyber Attack - CJ4472

   

Added on  2020-03-07

13 Pages3128 Words148 Views
Running head: CASE STUDY ON CYBER ATTACKCase Study on Cyber AttackName of Student-Student ID-Subject Code-Session-Assessment Number-
Case Study on Cyber Attack - CJ4472_1
1CASE STUDY ON CYBER ATTACKTable of ContentsPart A: Case Study on Gmail Data Breach..........................................................................2Defining the problem.......................................................................................................2How the problem occurred and why................................................................................3Possible solutions that are possible..................................................................................4Case Study on Ransomware Cyber-Attack..........................................................................5What was the problem?...................................................................................................5Who were affected and how?..........................................................................................5How was the attack carried out?......................................................................................7What could have been done to prevent the attack?..........................................................8
Case Study on Cyber Attack - CJ4472_2
2CASE STUDY ON CYBER ATTACKPart A: Case Study on Gmail Data BreachDefining the problemA most concerned web link that was discovered in May 4, 2017 was the data breach ofthe Gmail Accounts across many regions around the world (Kreutz et al., 2017). This data breachmainly involved displaying of passwords, messages that were private and also other data thatwere sensitive from various sites that includes services like Uber, OKCupid and FitBit.The problem rose from a famous company CloudBleed that provides Security Servicesfor Internet, distributed domain name server services and also provided delivery network thatprovided network to Gmail (Solic et al., 2017). The attack was named as CloudBleed as itaroused from CloudFlare. The virus that was detected was similar to that of famous HeartBleedvirus that was discovered in 2015 but was more serious in terms of data leakage. When requestcame to CloudFlare, random pieces of memory were returned from unsafe servers.Moreover, one more serious issue rose from this condition. The search engines werecaching the information that was leaked. CloudFlare hosts content typically from different siteson same server. This created another main issue regarding the data breach (LN, Wibowo &Wells, 2017). A request that is made to one unsafe site reveals the information of other site thatis not related to the site of CloudFlare. For an instance, it someone visited a Uber.com page, apiece of memory that was made previous from another site was displayed on the page. Thatmeans someone else’s password is displayed in some other’s site. Tavis Ormandy, Google bughunter discovered the issue first on February 17.
Case Study on Cyber Attack - CJ4472_3
3CASE STUDY ON CYBER ATTACKHow the problem occurred and whyThe problem arose when CloudFlare modified and determined the web pages when someclients clicked the site. When the data was sent to server, the server failed to determine the dataproperly and distribute some parts of memory bouncing over the design that was made to keepthe information secure (Corrêa, Enembreck & Silla, 2017). The design that the server bouncedinto was called as buffer. The memory that was bounced might have some secret numbers orpasswords or some private messages. Ormandy discovered this issue by aiming a bunch of loaddata at the servers of CloudFlare. This process of aiming bunch of junk data at some server isknown as fuzzing. He discovered the issue because he got back some responses that had datafrom the memory. He was then sure that the sensitive data that returned could be duplicated bysomeone. Google started searching the web to get an idea about the information that had beenbreached (Birje et al., 2017). They came with a conclusion that 161 such domains that wereunique had cached by search engines and all the data was cleaned up. Security researchers of Google, Natalie Silvanovich consider that the data breach wouldlead to severe impact on the reputation of the website. The CloudFlare was continuously tryingto erase the bug from the server but that would also take some time.The bug received bu the users came as inbox email to the users. The email showed anattached doc file showing “GDocs” or “Google Docs” which seemed as a valid contact to theusers. The users were asked to check the attack file. The users were taken to the security pagewhich was a real Google page and users were inquired to give permission to use the email
Case Study on Cyber Attack - CJ4472_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Search the Web for News on Computer Security Breaches
|7
|2118
|43

Assignment on Information Security
|13
|2568
|146

Data Breach and Memory Protection in Information Security
|12
|3163
|23

Report on Information System Security
|5
|760
|60

Information Security Assignment | Voter Records Breach
|10
|2492
|149

Zeus the King of Botnet - Networking Project
|7
|1471
|124