Cyber Security Management Assignment 2022
Added on 2022-10-11
11 Pages2597 Words18 Views
Cyber Security Management
8/4/2019
Student’s Name
8/4/2019
Student’s Name
CYBER SECURITY MANAGEMENT 1
Contents
Introduction......................................................................................................................................2
Threats, vulnerabilities and exploits analysis..................................................................................2
Legal and Ethical Issue analysis......................................................................................................4
Consequences..................................................................................................................................5
Lessons Learned..............................................................................................................................6
Recommendation.............................................................................................................................7
References........................................................................................................................................9
Contents
Introduction......................................................................................................................................2
Threats, vulnerabilities and exploits analysis..................................................................................2
Legal and Ethical Issue analysis......................................................................................................4
Consequences..................................................................................................................................5
Lessons Learned..............................................................................................................................6
Recommendation.............................................................................................................................7
References........................................................................................................................................9
CYBER SECURITY MANAGEMENT 2
Introduction
An organization consists of many stakeholders and interest of these people is closely connected
to the working of the company. This is the reason that an organization is required to be
accountable and responsible in its dealings. With the development of technology and passage of
time, every organization uses technology for its workings and do not keep the client data or other
records in physical form. In such a situation, there is always a risk of data breach incidents. A
data breach incident can be understood as a situation where information of an organization gets
unauthorized access of the third party. In recent years, many of the incidents of data breach have
been reported. These incidents contain different legal and ethical issues. For the preparation of
this assignment, the data breach incident of British Airways is selected. The incident happened in
2018 and had many negative consequences. In the presented report, the manner of a data breach,
threats involved in the incident will be addressed. Further legal and ethical issues involved in the
breach will also be discussed. In conjunction with these, the focus will be made to the
consequence of subjective data breach incident and lessons that one learns from the same. Lastly,
a conclusion summarizing the whole report will be drawn upon.
Threats, vulnerabilities and exploits analysis
Before moving towards the methods used in the selected data breach, first, it is necessary to
understand what exactly happened. The incident happened in 2018 when the website of British
Airways (BA) diverted to a fraudulent site. The company carries the business of flag carrier.
Attackers harvest details of about five lakh customers through this fraudulent website. On 6
September 2018, the incident was first disclosed and as per the initial report of BA, 380000
transactions were affected (Bbc.com 2019, para. 7). In order to discuss the type of information
Introduction
An organization consists of many stakeholders and interest of these people is closely connected
to the working of the company. This is the reason that an organization is required to be
accountable and responsible in its dealings. With the development of technology and passage of
time, every organization uses technology for its workings and do not keep the client data or other
records in physical form. In such a situation, there is always a risk of data breach incidents. A
data breach incident can be understood as a situation where information of an organization gets
unauthorized access of the third party. In recent years, many of the incidents of data breach have
been reported. These incidents contain different legal and ethical issues. For the preparation of
this assignment, the data breach incident of British Airways is selected. The incident happened in
2018 and had many negative consequences. In the presented report, the manner of a data breach,
threats involved in the incident will be addressed. Further legal and ethical issues involved in the
breach will also be discussed. In conjunction with these, the focus will be made to the
consequence of subjective data breach incident and lessons that one learns from the same. Lastly,
a conclusion summarizing the whole report will be drawn upon.
Threats, vulnerabilities and exploits analysis
Before moving towards the methods used in the selected data breach, first, it is necessary to
understand what exactly happened. The incident happened in 2018 when the website of British
Airways (BA) diverted to a fraudulent site. The company carries the business of flag carrier.
Attackers harvest details of about five lakh customers through this fraudulent website. On 6
September 2018, the incident was first disclosed and as per the initial report of BA, 380000
transactions were affected (Bbc.com 2019, para. 7). In order to discuss the type of information
CYBER SECURITY MANAGEMENT 3
that affected this is to state that as per Information Commissioner's Office (ICO) such
information included payment card details, login credentials, and travel booking details of
customers in addition to address, and name details.
BA stated that information that has been affected included credit card details of such as credit
card number, CVV code and expiry details of cards (Calder 2019, para. 6). Now moving the
discussion towards threats and vulnerabilities used in the attack, this is to mention that credit
card skimming malware has been installed on BA by attackers. A cybersecurity company named
RiskIQ assessed this incident and published a report on the strategy of hackers used in this
incident. RiskIQ linked the data breach to the gang that was active in 2015. The subjective gang
is known for the practices of credit card skimming and vacuuming data from websites that do not
secure payment-related data. The analyst at RiskIQ stated that probably hackers of this incident
were engaged in cross-site scripting attack. Under this kind of attack, hackers identify websites,
which are poorly unsecured. They develop their own code and inject to the same to these not so
secure website to alter a victim’s site behavior.
Further threat researcher Yonathan Klijnsma also identified other threats that were involved in
the selected data breach incident. He checked all the scripts on the website of BA and found one
javascript that has been modified just before the data breach incident (Newman 2018, para. 6). It
was found that hackers have modified the component of the script with the intention to include
their code into the same. This code was the real threat that has been used in this incident as the
same grabbed all the data from BA’s website such as the personal data of the client. In this
manner, it is clear that the breach has conducted through the website of the company. Further BA
also stated that mobile users also have affected. In the case of the app too, the same JavaScript
Component has been used for website hacking.
that affected this is to state that as per Information Commissioner's Office (ICO) such
information included payment card details, login credentials, and travel booking details of
customers in addition to address, and name details.
BA stated that information that has been affected included credit card details of such as credit
card number, CVV code and expiry details of cards (Calder 2019, para. 6). Now moving the
discussion towards threats and vulnerabilities used in the attack, this is to mention that credit
card skimming malware has been installed on BA by attackers. A cybersecurity company named
RiskIQ assessed this incident and published a report on the strategy of hackers used in this
incident. RiskIQ linked the data breach to the gang that was active in 2015. The subjective gang
is known for the practices of credit card skimming and vacuuming data from websites that do not
secure payment-related data. The analyst at RiskIQ stated that probably hackers of this incident
were engaged in cross-site scripting attack. Under this kind of attack, hackers identify websites,
which are poorly unsecured. They develop their own code and inject to the same to these not so
secure website to alter a victim’s site behavior.
Further threat researcher Yonathan Klijnsma also identified other threats that were involved in
the selected data breach incident. He checked all the scripts on the website of BA and found one
javascript that has been modified just before the data breach incident (Newman 2018, para. 6). It
was found that hackers have modified the component of the script with the intention to include
their code into the same. This code was the real threat that has been used in this incident as the
same grabbed all the data from BA’s website such as the personal data of the client. In this
manner, it is clear that the breach has conducted through the website of the company. Further BA
also stated that mobile users also have affected. In the case of the app too, the same JavaScript
Component has been used for website hacking.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Understanding and Preventing Cyber Fraudlg...
|9
|2125
|442
Cyber Security Information Technology Report 2022lg...
|4
|725
|22
CSE5CRM CYBERSECURITY RISK MANAGEMENT.lg...
|13
|3045
|1
CPIS 606 Internet Security Auditing Reportlg...
|5
|900
|16
Automated Magecart Campaign - Deskliblg...
|4
|730
|408
Case Study: The Home Depot Data Breachlg...
|7
|1152
|186