Cybersecurity Threats and Prevention Measures for Lelong.my

Verified

Added on 2023/06/11

AI Summary

This article discusses the internal and external cybersecurity threats faced by Lelong.my, an e-commerce online market located in Malaysia, and the prevention measures to protect against them. Internal threats include information leakage, downloading malicious internet content, and malicious cyberattacks, while external threats include rogue software, man in the middle (MITM), and denial-of-service (DoS) attacks. The article provides recommendations for preventing these threats and protecting the network of the company.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Table of Contents
INTRODUCTION................................................................................................................................1
INTERNAL ATTACKS.......................................................................................................................1
Information leakage.........................................................................................................................2
Downloading malicious internet content........................................................................................2
Malicious cyberattacks.....................................................................................................................3
EXTERNAL ATTACKS......................................................................................................................4
Rogue Software.................................................................................................................................4
Man in the Middle (MITM).............................................................................................................5
Denial-of-Service (DoS) Attacks......................................................................................................6
Conclusion.............................................................................................................................................6
References.............................................................................................................................................7

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

LELONG.MY
INTRODUCTION
Lelong.my is an e-commerce online market located in Malaysia. It provides customers
with the experience of shopping online that besides supporting transactions of customer to
customer, it also supports relationships of business to business. Lelong.my also provides
several categories of products which customers can choose when buying products such as
watches, electronics, books, cameras among others from a several stores that sell online and
sellers in Malaysia. This is carried out in a safe and convenient environment. The market is
always working throughout and is open to everyone. Lelong.my also offers sellers a platform
whereby they are able to own a store that is personalized using a cost that is low. They also
offer lessons to sellers on becoming successful in selling online. Customer care team of
support is also provided in case of any enquiries.
Lelong.my has implemented principles of compliance and personal data protection
which is according to the PDA (Personal Data Protection Act 2010) which is meant to protect
the personal information of the customer. SSL Certificates are also employed to provide
strong encryption on the customer data which makes it secure as it becomes difficult for the
attackers to penetrate though it. Firewalls are also another aspect that ought to be considered
on the network of the Lmall. They offer protection to the network against any kind of threats
and malware that is advanced, malicious traffic of the internet and viruses. They continuously
scan the activities of the server and they are also designed in a manner that they are able to
adapt to the threats introduced through intrusion prevention that is based on signature without
causing the traffic to slow down.
INTERNAL ATTACKS
Some study carried out by the US Cert (Computer Emergency Response Team)
suugested that about 40% of the Security threats of IT are instigated by the employees of a
company. The attacks of the criminals are most likely to be carried out from within the
company: a study carried out recently indicated that 90% of the crimes that are criminal
performed on computers were done by the employees of the company they worked for. Either,
some carried out the attacks since they wanted to revenge for being fired or due to persinal
grudges or just lack of satisfaction in terms of the payments. Businesses that are coming up or
just small businesses are most likely to be attacked by the security breaches of IT since they
1

may not be able to afford systems of detection of intrusion and monitoring that are
sophisticated compared to the enterprises that are already established or large enterprises. The
internal attacks comprises of the following;
Information leakage
There are numerous ways through which information can be collected from the network of
the computer that you are using and shared with the outsiders of the organization. It can be
either through the CD-ROM, USB stick of data, MP3 player or even through the digital
cameral. According to Ring (2014), the named devices are significantly highly portable and
also the hard drives contain large volumes as an employee can easily walk away with almost
60GB of data using the stick of the USB. Through that, the employees of today may easily
collect a good amount of the database of the customer outside and use it for their personal
gain. According to Troyansky (2013), one quarter of workers in a certain country who work
using PCs in an organization admitted that they usually copy data into their mobile devices for
more than once in a week. Additionally, 40% of them also admitted that they also use the
sticks of USB in circulating data and one fifth admitted that they have exposed their
passwords to outsiders or third parties. Using the data collected from those portable devices
and exposure of the credentials of the employees, they are likely to be used by the criminals in
performing the attacks on the network of a company, steal the information of the customers
and use it for fraud.
It is advisable thatcompanies implement usage of software in specifying policies on the
kind of devices which are allowed to be linked with the network of the company and the kind
of data that is allowed for downloading. The company ought to enforce that and also educate
the workers the reason as to why they are enforcing the policies, otherwise the employees
would just find a way of breaking the policies. It is also recommended that, a company ought
to consider blocking the access of the email that is web-based and services of data storage like
the Gmail since once confidential documents are stored to a storage site that is online,then, the
information turns out to be out of the control of human. Finally, networks should be locked to
prevent access of wireless thriugh the use of Wi-fi or Bluetooth apart from the users that are
authorized with devices that are authorized. (Greenemeier, 2016)
2

Downloading malicious internet content
Some study carried out indicate that an average worker of a small or growing business
uses almost one hour per day browsing the website for their own use, may be watching or
looking at a video or websites that share files, using websites of social media like the
facebook or perhaps playing games. Besides costing an individual time, the activity,
according to some reports given by analyst indicate that the number of threats of virus and
malware is becoming higher with the rate of more than 50% every year and a numerous
number of these payloads that are destructive may be brought about to the network by the
workers of the companies or businesses. According to Scott (2015), an example rootkit
malware may be easily hidden in a clip of video or in a game which the common user may not
easily recognize while watching or playing the game. When the malware is introduced on the
network, it can the n be used by the criminal to commit crimes.
To avoid or curb this, a company is advised to update and patch the systems of IT
constantly to make sure that the systsmes are secure against attacks as they are perpetrated.
The companies should not rely on the security downloads that are done monthly or quarterly.
This is because, the time between discovery and exploitation of the vulnerabilities shrinks all
the time, therefore it is essential that the antivirus and the pacthes should be regularly updated
and also use more than one type of the products of antivirus instead of one. Additionally, one
ought to consider whether the software of antivirus they are using can monitor, filter or block
the content of a video. Only very few antivirus products can filter that, for example, a video
showing an individual falling over may offer cover for the purpose of downloading all kinds
of contents to a given network. (Hausken, 2009)
Malicious cyberattacks
A survey carried by Cert has discovered that the perpetrators of the cyberattacks are
likely to be the IT staff or the administrators of the systems who have already acquired the
priviledges of access of the system. Technically, employees who are proficient may use their
access to the system to unlock the back doors and enter into the systems of the computer or
just place programs on the networks in order for them to steal information or just cause
damage.
In the year 2006, Roger Duronio, an IT programmer was confined since he accepted
injecting Unix logic bombs, which is a malware in the network of UBS which is an
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

investment bank (Chaikin, 2006). This resulted to the company suffering the cost of damage
which was more than $3m. The reason as to why Durogio resulted to doing that was because
the company had offered a bonus that did not quite satisfy him as it was low. After following
up the matter through filing complaints, the company did not listen to him and hence he
decided to resign from the job. Since he already had access to the network of the systems, he
was able to easily use the knowledge to commit fraud by commiting the crime. (Nykodym et
al, 2010)
For a company to protect itself against such kind of attacks, the company ought to
monitor its employees closely and also take note of employees who are disgruntled since they
can decide to abuse the positions they are holding. Additionally, it is advisable that the access
of networks and passwords of the employees should be immediately cancelled after leaving
the company in order to prevent any chances of them abusing their passwords in accessing the
network in days to come.
EXTERNAL ATTACKS
Cyber-criminals are hackers who besides being coders who are brilliant, they also
comprehend in detail how people carry out their businesses and will always come up with a
way which they will use in hacking systems when they put their minds into it. They use
viruses and other methods such as phishing in order to externally gain access to a software,
site or a network. A firm ought to have a repertoire of good security in order for it to handle
the threats and ways of preventing the risks of external cybersecurity no matter they form they
used to penetrate into the network or site. The cybercriminals continue to reside within the
network after gaining access of the network for a number of months, without anyone noticing
them and in the process they extract information from the network. A number of them go
unnoticed and moreso, they go undiscovered until the time the results will start showing. A
firm is likely to face a large number of external aatcks compared to the number of internal
attacks, therefore it is only advisable that, firms harden their perimeter in order for them to
keep the attackers out. These perimeters may be developed in the right manner through the
use of the correct type of penetration testing carried out by a firm of cybersecurity that is
experinced. The external attacks include the following;
4

Rogue Software
This is a malware that disguises itself as a software that is legitimate and important
software of security that will enhance the security of the system.the designers of this malware
develop windows that pop-up and also create alerts which appear to be legitimate. The alerts
provide suggestions to the user that they download the software of security, come to an
agreement with the terms or proposes to them that in order for their systems to stay protected
they ought to update the software they are using currently. Once they agree to that by clicking
Yes, they unknowingly download the software that is rogue. After downloading the software,
it enters into the system and starts extracting vital information regarding the customer details
as well the accounts of the company and then abuses the information in committing crimes for
their onw benefit. (Taylor et al, 2014)
In order for the company to protect itself against such kind of attacks, they can apply
the slogan that, The Best Defense is a Good Offense, whereby they ought to regularly update
their firewall. One needs to ensure that in the office there is a firewall that is already
functioning and it is protecting everyone in the firm against these kinds of attacks. Also
during the installation of anti-spyware and anti-virus, it would be advisable to ensure that
those program software originate from trusted sources and that they have the ability to
discover threats like the software that is rogue. (Waxman, 2011)
Man in the Middle (MITM)
This kind of attack occurs whereby an attacker impersonates the endpoints of the
exchange of information carried out online, that is, the connection carried out between the a
smartphone and a site. Through this, the man in the middle is able to collect data from the
client and the entity that they are conversing with. For example, when shopping online and
then you try to reach a customer care for some queries, the man in the middle will reach you
by impersonating the customer care of your online shop and then communicate with the
customer care by impersonation you as the client. Through that, the man in the middle will be
able to obtain all the information exchanged between the client and the customer care which
may comprise of data that is sensitive like the account of the customer and their credit card
numbers and other details. (O'Rourke, 2013)
The MITM performs this kind of attack through gaining access by use of a wireless
point of access that is not encrypted, that is, the network that does not implement measures of
5

security such as the WAP, WPA2, WPA among others. Through that, they can then gain
access of all the data that is being exchanged between the parties involved in a transaction.
Man in the middle attack however can be prevented by use of wireless point of access
that is encrypted which also uses security of WPA or greater. When connecting to a website,
it is advisable to ensure that it is using the connection of HTTPS or to ensure improved
security, investing in a VPN should be considered. This is because HTTP applies certificates
which validates the servers’ identity which one is intending to connect to through the use of
the third parties like VeriSign. On the other hand, VPNs enable an individual to connect to a
webiste through the private networks that are virtual. (Hovav and D'Arcy, 2013)
Denial-of-Service (DoS) Attacks
This kind of attack concentrates on disruption of service to a network. The criminals
send large volumes of traffic or data through the use of the network, that is, creating
numerous numbers of requests of connection, until they are able to overload the network
which results to the network becoming non-fucntional. There are a number of ways through
which the criminal can achieve the DoS attackers though the commnly used method is the
DDoS (Distributed-Denial-of-Service) attack. This is whereby an attacker uses several
computers to send data or traffic which would be used to overload a system. In most of the
cases, an individual may not even recognize that the computers they are using have been
hijacked and that they are a part of the reason as to why the DDoS attack is happening.
DoS can be prevented by ensuring that the system is secure by regularly updating
software, online monitoring of security and also monitoring the flow of data in order to
discover any suspicious or spikes that are threatening in traffic before they result into an issue.
Another way of preventing DoS attacks is through cutting of a cable or disconnecting the plug
which connects the server of the webiste to the internet. Another recommendation is due
dilligence in monitoring physically the connections. (Fung and Evans, 2011)
Conclusion
Like any other kind of criminal activity, its better to be vigilant as a key method of
preventing any kind of security attack on the networks of frims. The rate at which threats are
occuring to businesses and people is increasing and continually growing as the number of
transactions migrating to the online platform increase and the criminals who commit crimes of
6

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

cyber attacks tend to become more sophisticated. In order fro individuals to prepare
themselves and their businesses against these attacks, they ought to take their time for them to
secure their systems and prioritize cyber security. Other ways of remaining vigilant against
crimes of cyber attacks suggets that an individual ought to begin at home.
7

References
Chaikin, D. (2006). Network investigations of cyberattacks: the limits of digital evidence.
Crime, law and social change, 46(4-5), 239-256.
Fung, D. Y., & Evans, S. C. (2011). U.S. Patent No. 7,865,414. Washington, DC: U.S. Patent
and Trademark Office.
Greenemeier, L. (2016). Insider Threats. INFORMATION WEEK-MANHASSET-, 1118, 25.
Hausken, K. (2009). Information sharing among firms and cyber attacks. Journal of
Accounting and Public Policy, 26(6), 639-688.
Hovav, A., & D'Arcy, J. (2013). The impact of denial‐of‐service attack announcements on the
market value of firms. Risk Management and Insurance Review, 6(2), 97-121.
Nykodym, N., Kahle‐Piasecki, L., & Marsillac, E. L. (2010). The managers guide to
understanding, detecting, and thwarting computer crime: An international performance
issue. Performance Improvement, 49(5), 42-47.
O'Rourke, M. (2013). Cyberattacks prompt response to security threat. Risk Management,
50(1), 8.
Ring, T. (2014). Threat intelligence: why people don't share. Computer Fraud & Security,
2014(3), 5-9.
Scott, D. M. (2015). The new rules of marketing and PR: How to use social media, online
video, mobile applications, blogs, news releases, and viral marketing to reach buyers
directly. John Wiley & Sons.
Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital crime and digital terrorism.
Prentice Hall Press.
Troyansky, L. (2013). U.S. Patent No. 8,407,784. Washington, DC: U.S. Patent and
Trademark Office.
Waxman, M. C. (2011). Cyber-attacks and the use of force: Back to the future of article 2 (4).
Yale J. Int'l L., 36, 421.
8

1 out of 9

+13062052269

info@desklib.com

Cybersecurity Threats and Prevention Measures for Lelong.my

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

IT Security: Types of Risks, Organizational Procedures, Impact of Firewall Configuration, Implementation of DMZ, Static IP and NAT

IS Security and Risk Management

Smartphones Security Issues and Mitigation Tools

Challenges and Approaches to Overcome Session Hijacking and Intrusion Detection Systems

Computer Security: Elements, Issues, and Frameworks

Network Intrusion Detection Systems (NIDS) Analysis