Added on - 17 Oct 2019
Executive SummaryIn recognition to the importance of proactive cyber security management of a social networkingwebsite PeopleSharz, we have tried to lay down a risk-based cyber security framework that is aset of industry standards and best practices in the field of managing cyber security risks. Thevoluntary guidance provided here offers the capability to customize and enhance the qualityadjustments to the cyber security programs that utilize cost effective security controls and thevarious techniques regarding risk management. The employees of the organization should have asound understanding as to how the basic security is to be provided for the computer systems andnetworks. This report also provides cost-effective approach to secure the computer systemplatforms as per the business needs.The key points of this report are that it provides an essential organization wide cyber securityplan, the utilization of different methodologies for data collection, the effective and efficientways with which the threats could be analyzed, the information regarding different forms cybersecurity threats and their utilization by the hackers, the effective use of threat metrics and threatmodels in the analysis of the security threats of the organization and finally, the key successfactors and valuable recommendations for the cyber security threats.Background and Problem AnalysisA website has various important elements that make it function properly and, therefore, theseelements are needed to be working in sync. Today, millions of users frequently visit thousands ofsocial networking websites without any idea that their accounts are at the mercy of potentialhackers. So, once information is posted in a social networking platform, it is not a privateinformation any longer and the more information is being posted, the more vulnerable it gets.The IT infrastructure houses various web servers, which in turn houses Domain Name Systemwith which various websites are registered to. Thus, a complex ecosystem is created that hasnumerous interconnected nodes around the internet. Most of these features are provided byservice providers that make it relatively easy for the businesses to make an online presence.These service providers also provide hosting space that makes operating of websites easy.In the present scenario, firstly we have to analyze that whether the problem is at the server sideor client side. So, as per the facts of the case, at the very outset, the vulnerability seems to be atthe client side. The hackers of a social networking website have various methods by which theybreak into users’ account and steal crucial information from there. The SQL injection is the mostcommon server-side vulnerability that allows the hackers to inject the code into the database of awebsite(Al Hasib, 2009). There are other vulnerabilities such as Remote Code Execution (RCE)as well at the dispensation of attackers, which enables the hackers to interact with the systemdirectly. Most probably, the hackers of PeopleSharz might have used Trojan horses, malwares,logic bombs, computer worms, snipping tools, phishing tools and a wider spectrum of othersources. This attack must have been a coordinated one as they might have been successful inlocating flaws in network topologies as well as bugs and defects in software configuration. Thesedays, with the help of Netspionage, it is relatively for the attackers to access highly sensitiveinformation from the accounts of the social media users.
There is an equal possibility that the hackers have utilized Server Side Request Forgery (SSRF)that might have enabled them to read all the files and raw tables of the database of PeopleSharz.The technique of phishing must have been used in this case, where the hackers had targetedPeopleSharz with a keen focus on the vulnerabilities as well as used social engineering tricks.Also, there are certain techniques meant for the authorization bypass. The other possible attacksare Cross Site Scripting (XSS) attacks and Broken Authentication and Session Managementattacks. The hackers must have sent file packet to the web browser and bypass the validationprocess. It causes the user’s session ID to be sent to the attacker’s website, allowing the hacker tohijack the user’s current session(Tankard, 2011). The website was attacked in such a mannerthat the relevant information was scrapped directly from the database. The following reportcontains a thorough analysis of threat faced by PeopleSharz, dependencies on critical successmeasures followed by the recommendations.Threat AnalysisBeing an IT security consultant and analyst, my job is to delve deeper and deeper to probePeopleSharz security and also to determine potential entry points that could have exploited bythe hackers. It should be noted that the social media websites are needed to take extra caution forthe cyber security threats, so the possibilities also are that PeopleSharz had spared no expenseregarding cyber security system. I can expect that the administrators had been conscientiousabout ensuring that all the security patches and antivirus updates had applied to their processes. Itcan be said that someone would be impressed with the level of security that this website had putin place(Gao, Hu, Huang, Wang, & Chen, 2011). However, after the extensive assessment, itwill certainly be revealed that PeopleSharz was still extremely vulnerable to a security breach.In order to analyze, the cyber security breach, I will perform data collection and vulnerabilityanalysis. While the Scope will provide information as to what needs to be included and whatneeds to be excluded in the process of analysis. So, in case of cyber security, the items that willbe considered will be those aspects of PeopleSharz that must be protected and they will beidentified first.(a)Data CollectionIn almost all the social media companies there are certain kind of policies and procedures that arerequired to be identified for the compliance purposes. In actuality around one-fourth securitymechanisms that the organizations have, miserably fail to fulfill minimum security standards. So,the first step will be to collect the detailed information regarding the security breach. Such asURLs to virus links, phishing email header and content, malicious command and controls anddomain names and IP addresses etc. As an analyst, it is very important for me to get unrestrictedaccess to data for transforming it into intelligence. My sources of information will be knowledgeof intrusion incidents, detection system logs, firewall logs, reverse engineering of malware, opensource links, honeypots so on and so forth. Once all of this data is collected, the examination andexamination will be done as to whether they match the compliance level in the organization(Ralston, Graham, & Hieb, 2007).