Information Security : Assignment
11 Pages2578 Words35 Views
Added on 2020-02-24
Information Security : Assignment
Added on 2020-02-24
ShareRelated Documents
Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author Note
Information Security
Name of the Student
Name of the University
Author Note
1INFORMATION SECURITY
Table of Contents
Part A.............................................................................................................................2
OneLogin Data Breach...............................................................................................2
What was the Problem?..........................................................................................2
Who were affected?................................................................................................3
How the attack was carried out?............................................................................3
What could have been done to prevent the Attack?...............................................4
Part B..............................................................................................................................5
WannaCry Ransomware Cyber Attack......................................................................5
What was the problem?..........................................................................................5
Who were affected and how?.................................................................................6
How was the attack carried out?............................................................................6
What could have been done to prevent the attack?................................................7
References......................................................................................................................8
Table of Contents
Part A.............................................................................................................................2
OneLogin Data Breach...............................................................................................2
What was the Problem?..........................................................................................2
Who were affected?................................................................................................3
How the attack was carried out?............................................................................3
What could have been done to prevent the Attack?...............................................4
Part B..............................................................................................................................5
WannaCry Ransomware Cyber Attack......................................................................5
What was the problem?..........................................................................................5
Who were affected and how?.................................................................................6
How was the attack carried out?............................................................................6
What could have been done to prevent the attack?................................................7
References......................................................................................................................8
2INFORMATION SECURITY
Part A
OneLogin Data Breach
On May 31 2017 around 2 a.m. PST, it was reported that there has been a data breach
and the data had been compromised in OneLogin, which is an online service that enables
users to login to different websites and apps from single platform. It has headquarters in San
Francisco, which provides single identity management and single sign-on for the application,
which are based on cloud storage ("OneLogin breached, hacker finds cleartext credential
notepads", 2017). It has more than 2000 customer companies in around 44 countries in the
globe with more than 300 app vendors and even more than 70 SaaS (Software as a Service)
providers that is becoming trend for all new companies and the companies, which wants
travel with the technology development.
What was the Problem?
As it provides a single platform for accessing different applications, OneLogin
had to save all the credential information related to their identity and the credentials that is
needed to access any application ("OneLogin breached, hacker finds cleartext credential
notepads", 2017). The intruders or the hackers that hacked the OneLogin server were able to
decrypt the encrypted files in which customer’s very personal credentials and information
were saved in those encrypted files. This led the expose of such crucial information which
can lead to serious damaging to the customer, which may include the bank account details
generally, internet banking. This breach was also given a name, “business-existential threat”.
A personal message was sent to the customers regarding the breach “Customer data was
compromised, including the ability to decrypt encrypted data” including steps that can be
taken to ensure that this breach does not affect for later. However, the problem was that the
crucial and very personal information were stolen and might be used by the intruders to make
Part A
OneLogin Data Breach
On May 31 2017 around 2 a.m. PST, it was reported that there has been a data breach
and the data had been compromised in OneLogin, which is an online service that enables
users to login to different websites and apps from single platform. It has headquarters in San
Francisco, which provides single identity management and single sign-on for the application,
which are based on cloud storage ("OneLogin breached, hacker finds cleartext credential
notepads", 2017). It has more than 2000 customer companies in around 44 countries in the
globe with more than 300 app vendors and even more than 70 SaaS (Software as a Service)
providers that is becoming trend for all new companies and the companies, which wants
travel with the technology development.
What was the Problem?
As it provides a single platform for accessing different applications, OneLogin
had to save all the credential information related to their identity and the credentials that is
needed to access any application ("OneLogin breached, hacker finds cleartext credential
notepads", 2017). The intruders or the hackers that hacked the OneLogin server were able to
decrypt the encrypted files in which customer’s very personal credentials and information
were saved in those encrypted files. This led the expose of such crucial information which
can lead to serious damaging to the customer, which may include the bank account details
generally, internet banking. This breach was also given a name, “business-existential threat”.
A personal message was sent to the customers regarding the breach “Customer data was
compromised, including the ability to decrypt encrypted data” including steps that can be
taken to ensure that this breach does not affect for later. However, the problem was that the
crucial and very personal information were stolen and might be used by the intruders to make
3INFORMATION SECURITY
intrusion in the other applications. By this intrusion, they were able to manipulate and access
those data and information, as the needed credentials were all pre-available to them after the
breach. In this case hackers were introduced by ‘threat actors’, who have gain access to the
database in which information about the apps, users and many other crucial information were
being saved including the credentials that will give access to those application ("OneLogin
breached, hacker finds cleartext credential notepads", 2017).
Who were affected?
All the customers among those 2000 companies were affected by this intrusion and
thousands of personal account in those companies had to suffer by this data breach.
OneLogin was useful application for accessing many application using one credential and
single platform but at the cost of the security and privacy (Martin, Borah & Palmatier, 2017).
Obviously, the information and data that were being saved was for the organizational purpose
only and certain specific details of the organization related to the business and transactions
made with the contractors and the business partners. This threat caused risks to all the
information that were being saved on the cloud using SaaS application. Certain individuals
were also affected by this intrusion as many individuals used OneLogin for their personal
benefits (Martin & Murphy, 2017). This attack was done on the single database but has
affected globally to the threats and risks of privacy and security of the organization or the
individuals who were using OneLogin application.
How the attack was carried out?
Chief information security officer of OneLogin, Alvaro Hoyos, said that an unknown
intruder was able to gain unauthorized access to the server of the OneLogin that was running
on the United States database. This attack was started by the attempts made by the intruder to
obtain set of AWS keys and used them to get access to AWS API application programming
interface through another service provider other than OneLogin’s server (Spillner, 2017).
intrusion in the other applications. By this intrusion, they were able to manipulate and access
those data and information, as the needed credentials were all pre-available to them after the
breach. In this case hackers were introduced by ‘threat actors’, who have gain access to the
database in which information about the apps, users and many other crucial information were
being saved including the credentials that will give access to those application ("OneLogin
breached, hacker finds cleartext credential notepads", 2017).
Who were affected?
All the customers among those 2000 companies were affected by this intrusion and
thousands of personal account in those companies had to suffer by this data breach.
OneLogin was useful application for accessing many application using one credential and
single platform but at the cost of the security and privacy (Martin, Borah & Palmatier, 2017).
Obviously, the information and data that were being saved was for the organizational purpose
only and certain specific details of the organization related to the business and transactions
made with the contractors and the business partners. This threat caused risks to all the
information that were being saved on the cloud using SaaS application. Certain individuals
were also affected by this intrusion as many individuals used OneLogin for their personal
benefits (Martin & Murphy, 2017). This attack was done on the single database but has
affected globally to the threats and risks of privacy and security of the organization or the
individuals who were using OneLogin application.
How the attack was carried out?
Chief information security officer of OneLogin, Alvaro Hoyos, said that an unknown
intruder was able to gain unauthorized access to the server of the OneLogin that was running
on the United States database. This attack was started by the attempts made by the intruder to
obtain set of AWS keys and used them to get access to AWS API application programming
interface through another service provider other than OneLogin’s server (Spillner, 2017).
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Computer Security Breaches (2017) Name of the University Authorlg...
|10
|2520
|395
Assignment on Internet Securitylg...
|10
|2633
|51
Affected Computer Systems - Doclg...
|8
|518
|28
Search the Web for News on Computer Security Breacheslg...
|7
|2118
|43
Data Breach - Cyber Securitylg...
|4
|752
|406
Security Breach in the University of Oklahomalg...
|10
|2646
|54