System Security: Data Breach Attack on eBay and WannaCry Ransomware Attack
VerifiedAdded on 2023/06/11
|8
|1892
|123
AI Summary
This article discusses the data breach attack on eBay, its impact, propagation, and mitigation options. It also covers the WannaCry ransomware attack, its impact, propagation, and steps organizations can take to protect their networks and resources. Additionally, it talks about social engineering and its impact on an organization's information security.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running Head: SYSTEM SECURITY
SYSTEM SECURITY
Insert Your Name Here
Insert Your Tutor’s Name Here
Institution Affiliation
Date
SYSTEM SECURITY
Insert Your Name Here
Insert Your Tutor’s Name Here
Institution Affiliation
Date
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
SYSTEM SECURITY
1.
Name of attack: Data Breach
Type of attack: Cross site scripting[6]
Dates of attacks: 21st May 2014
Computers / Organizations affected: eBay
How it works and what it did:
Cross site scripting involves a malicious code that is injected in an organisations website. The attacker
can then use the browser to inject a payload into a web page that the eBay customers would visit [1].
EBay then executed the JavaScript code that was written by the attackers thus displaying malicious
links on the user’s browsers [2]. If any user clicked on the link, then he/she would be redirected to a
phishing login page. The users account and password would be stolen [3].
The attackers also took advantage of the “forgot password” link. Usually, the password request goes
to users email but the attacker directed the request using “requint” value. When the user clicked the
password reset link in email, the attacker used the requinto value to create another HTTP request to
create the password chosen by the attacker [8].
The attacker was able to acquire data of various users. The data accessed by the hackers was for
approximately 145 million users [5]. The types of data include: login credentials, email addresses,
phone numbers and the dates of birth. This results to loss of trust from the customers to the
organization [4].
Mitigation options:
The first step to deal with the data breach attack is to inform the Cyber security organization in the
country [11]. Any response processes should be documented and followed. Data protection should
be priotized. All the important and sensitive information in an organization should be priotized and
protected. To mitigate the data breach the users of the eBay were advised to change their passwords
[7]. The system required use of strong password. The credentials for the users were encrypted and
1.
Name of attack: Data Breach
Type of attack: Cross site scripting[6]
Dates of attacks: 21st May 2014
Computers / Organizations affected: eBay
How it works and what it did:
Cross site scripting involves a malicious code that is injected in an organisations website. The attacker
can then use the browser to inject a payload into a web page that the eBay customers would visit [1].
EBay then executed the JavaScript code that was written by the attackers thus displaying malicious
links on the user’s browsers [2]. If any user clicked on the link, then he/she would be redirected to a
phishing login page. The users account and password would be stolen [3].
The attackers also took advantage of the “forgot password” link. Usually, the password request goes
to users email but the attacker directed the request using “requint” value. When the user clicked the
password reset link in email, the attacker used the requinto value to create another HTTP request to
create the password chosen by the attacker [8].
The attacker was able to acquire data of various users. The data accessed by the hackers was for
approximately 145 million users [5]. The types of data include: login credentials, email addresses,
phone numbers and the dates of birth. This results to loss of trust from the customers to the
organization [4].
Mitigation options:
The first step to deal with the data breach attack is to inform the Cyber security organization in the
country [11]. Any response processes should be documented and followed. Data protection should
be priotized. All the important and sensitive information in an organization should be priotized and
protected. To mitigate the data breach the users of the eBay were advised to change their passwords
[7]. The system required use of strong password. The credentials for the users were encrypted and
SYSTEM SECURITY
any other data in the system was also encrypted. The system should be have patch updates installed
in the servers [10]. The organization had to organize an expert response team. The team include
forensic, legal, management experts and investor relations staff. The team was also supposed to
check the website and confirm there is no misplaced information [12]. The team was supposed to try
and remove the vulnerabilities detected [9] on the website. Once the attack is mitigated, it is also a
good practice to use a monitoring system to monitor the traffic of the system that was attacked.
References:
any other data in the system was also encrypted. The system should be have patch updates installed
in the servers [10]. The organization had to organize an expert response team. The team include
forensic, legal, management experts and investor relations staff. The team was also supposed to
check the website and confirm there is no misplaced information [12]. The team was supposed to try
and remove the vulnerabilities detected [9] on the website. Once the attack is mitigated, it is also a
good practice to use a monitoring system to monitor the traffic of the system that was attacked.
References:
SYSTEM SECURITY
[1]Eecs.yorku.ca, 2018. [Online]. Available:
https://www.eecs.yorku.ca/course_archive/2015-16/W/3482/Team12_eBayHacks.pdf. [Accessed:
27- May- 2018].
[2]J. DiGiacomo, "10 Common Data Breach Attack Techniques | Revision Legal", Revision Legal, 2018.
[Online]. Available: https://revisionlegal.com/data-breach/attack-techniques/. [Accessed: 27- May-
2018].
[3]Evry.com, 2018. [Online]. Available: https://www.evry.com/globalassets/india/pdfs---white-
papers/mitigating-security-breaches-in-retail-applications.pdf. [Accessed: 27- May- 2018].
[4]S. Doug Drinkwater, D. Drinkwater, T. Morbin and D. Drinkwater, "eBay counts the cost after
'challenging' data breach", SC Media UK, 2018. [Online]. Available:
https://www.scmagazineuk.com/ebay-counts-the-cost-after-challenging-data-breach/article/
541162/. [Accessed: 27- May- 2018].
[5]"Hackers raid eBay in historic breach, access 145 million records", U.K., 2018. [Online]. Available:
https://uk.reuters.com/article/uk-ebay-password/hackers-raid-ebay-in-historic-breach-access-145-
million-records-idUKKBN0E10ZL20140522. [Accessed: 27- May- 2018].
[6]"Types of Attacks", Comptechdoc.org, 2018. [Online]. Available:
http://www.comptechdoc.org/independent/security/recommendations/secattacks.html. [Accessed:
27- May- 2018].
[7]"Hackers steal up to 145 million user records in massive eBay breach", Computer Fraud & Security,
vol. 2014, no. 6, pp. 1-3, 2014.
[8]S. Romanosky, D. Hoffman and A. Acquisti, "Empirical Analysis of Data Breach Litigation", Journal
of Empirical Legal Studies, vol. 11, no. 1, pp. 74-104, 2014.
[9]S. Oh, "Estimates for Reasonable Data Breach Prevention", SSRN Electronic Journal, 2015.
[10]P. Leonard, "The New Australian Notifiable Data Breach Scheme", SSRN Electronic Journal, 2018.
[1]Eecs.yorku.ca, 2018. [Online]. Available:
https://www.eecs.yorku.ca/course_archive/2015-16/W/3482/Team12_eBayHacks.pdf. [Accessed:
27- May- 2018].
[2]J. DiGiacomo, "10 Common Data Breach Attack Techniques | Revision Legal", Revision Legal, 2018.
[Online]. Available: https://revisionlegal.com/data-breach/attack-techniques/. [Accessed: 27- May-
2018].
[3]Evry.com, 2018. [Online]. Available: https://www.evry.com/globalassets/india/pdfs---white-
papers/mitigating-security-breaches-in-retail-applications.pdf. [Accessed: 27- May- 2018].
[4]S. Doug Drinkwater, D. Drinkwater, T. Morbin and D. Drinkwater, "eBay counts the cost after
'challenging' data breach", SC Media UK, 2018. [Online]. Available:
https://www.scmagazineuk.com/ebay-counts-the-cost-after-challenging-data-breach/article/
541162/. [Accessed: 27- May- 2018].
[5]"Hackers raid eBay in historic breach, access 145 million records", U.K., 2018. [Online]. Available:
https://uk.reuters.com/article/uk-ebay-password/hackers-raid-ebay-in-historic-breach-access-145-
million-records-idUKKBN0E10ZL20140522. [Accessed: 27- May- 2018].
[6]"Types of Attacks", Comptechdoc.org, 2018. [Online]. Available:
http://www.comptechdoc.org/independent/security/recommendations/secattacks.html. [Accessed:
27- May- 2018].
[7]"Hackers steal up to 145 million user records in massive eBay breach", Computer Fraud & Security,
vol. 2014, no. 6, pp. 1-3, 2014.
[8]S. Romanosky, D. Hoffman and A. Acquisti, "Empirical Analysis of Data Breach Litigation", Journal
of Empirical Legal Studies, vol. 11, no. 1, pp. 74-104, 2014.
[9]S. Oh, "Estimates for Reasonable Data Breach Prevention", SSRN Electronic Journal, 2015.
[10]P. Leonard, "The New Australian Notifiable Data Breach Scheme", SSRN Electronic Journal, 2018.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
SYSTEM SECURITY
[11]G. Virgo, "Personal and Proprietary Remedies for Breach of Confidence: Nearer to Breach of
Fiduciary Duty or Breach of Contract?” SSRN Electronic Journal, 2014.
[12]"UK data breach fines double", Computer Fraud & Security, vol. 2017, no. 6, p. 3, 2017.
[11]G. Virgo, "Personal and Proprietary Remedies for Breach of Confidence: Nearer to Breach of
Fiduciary Duty or Breach of Contract?” SSRN Electronic Journal, 2014.
[12]"UK data breach fines double", Computer Fraud & Security, vol. 2017, no. 6, p. 3, 2017.
SYSTEM SECURITY
2.
Q1) How it works and what it did?
The WannaCry Ransomware targeted the vulnerable computers operating on Windows operating
system. The malware used EternalBlue and DoublePulsar backdoor malware to get installed in the
system. The EternalBlue.exe script is executed and if successful it checks for DoublePulsar malware. If
available, the DoublePulsar is used to bypass the authentication measure implemented in a system. The
DoublePulsar creates a back door to remote access. If successful the system attacked tend to be in
control of the hacker.
The impact of WannaCry affected many users in around 150 countries. The hackers threatened to delete
file is the owners did not pay an amount they required in form of bitcoins. The attackers asked the
owner to pay the ransom required within seven otherwise, they would delete the data.
Q2) how this attack is propagated?
The WannaCry was distributed to various system via the use of malicious email and the Necurs botnet.
EternalBlue was used to exploit the security loophole. EternalBlue allows malicious code to be spread in
platform meant for sharing files such as droboxes, shared drives and databases. The malware is shared
with no permission from the user.
Q3) Discuss the impact of this attack on the operation of an organization? What are some key steps
organizations can take to help protect their networks and resources?
The organization that complied with the demand of the hacker paid the ransom the attackers required
for the data not to be deleted. Some business that did not pay the ransom as required lost the data. The
business are experience some down time when, the ransomware was effective. Most of the organization
that were infected were the health sector organisations. This resulted to the cancellations of the
scheduled operations and appointments.
Some of the steps the organisation would take to protect their networks include: update their versions
of Windows operating system to window 7 or later versions, install security software, upgrade the
unsupported hardware and remain up-to-date on the software patches.
Q4) Give an example of a duty of the Incident response planning, Disaster recovery planning and
Business continuity planning when having an unexpected event like this attack.
2.
Q1) How it works and what it did?
The WannaCry Ransomware targeted the vulnerable computers operating on Windows operating
system. The malware used EternalBlue and DoublePulsar backdoor malware to get installed in the
system. The EternalBlue.exe script is executed and if successful it checks for DoublePulsar malware. If
available, the DoublePulsar is used to bypass the authentication measure implemented in a system. The
DoublePulsar creates a back door to remote access. If successful the system attacked tend to be in
control of the hacker.
The impact of WannaCry affected many users in around 150 countries. The hackers threatened to delete
file is the owners did not pay an amount they required in form of bitcoins. The attackers asked the
owner to pay the ransom required within seven otherwise, they would delete the data.
Q2) how this attack is propagated?
The WannaCry was distributed to various system via the use of malicious email and the Necurs botnet.
EternalBlue was used to exploit the security loophole. EternalBlue allows malicious code to be spread in
platform meant for sharing files such as droboxes, shared drives and databases. The malware is shared
with no permission from the user.
Q3) Discuss the impact of this attack on the operation of an organization? What are some key steps
organizations can take to help protect their networks and resources?
The organization that complied with the demand of the hacker paid the ransom the attackers required
for the data not to be deleted. Some business that did not pay the ransom as required lost the data. The
business are experience some down time when, the ransomware was effective. Most of the organization
that were infected were the health sector organisations. This resulted to the cancellations of the
scheduled operations and appointments.
Some of the steps the organisation would take to protect their networks include: update their versions
of Windows operating system to window 7 or later versions, install security software, upgrade the
unsupported hardware and remain up-to-date on the software patches.
Q4) Give an example of a duty of the Incident response planning, Disaster recovery planning and
Business continuity planning when having an unexpected event like this attack.
SYSTEM SECURITY
For the business that were attacked such as London's Barts Health NHS Trust are still having a duty of
the incident response planning in order to run its operation normally as others. The hospital activated
the tested contingency plans and are gradually bringing the clinical systems back online. The hospital
began need to process al the huge backlog of messages and the hospital was open for emergency cares
but had cancelled most of its scheduled operations. The hospital apologised for the inconvenience and
directed some patients to other hospitals except for the emergency cases.
Q5) What steps can you take to protect your own PC or laptop computer from this attack and other
attacks?
I would ensure the operating system install in my laptop is genuine and the application are up-to-
date. I would also install some antivirus application for the detection of attacks in the PC.
Q6) Briefly describe the lessons learned from this malware incident
Some of the malware that attack the computer are beyond our control. But to help in the mitigation of
the attack by malware the applications and software in our laptops should be up-to-date.
Q7) If any Australian organization or Australian businesses is infected with attack, who is the main
point of contact for this cyber security issues affecting
Australian Cyber Security Centre (ACSC)
The ACSC should be informed of any cyber security threat in an organization. The ACSC will help the
organization understand the threat environment and will assist the organization affected in mitigating
the attack.
For the business that were attacked such as London's Barts Health NHS Trust are still having a duty of
the incident response planning in order to run its operation normally as others. The hospital activated
the tested contingency plans and are gradually bringing the clinical systems back online. The hospital
began need to process al the huge backlog of messages and the hospital was open for emergency cares
but had cancelled most of its scheduled operations. The hospital apologised for the inconvenience and
directed some patients to other hospitals except for the emergency cases.
Q5) What steps can you take to protect your own PC or laptop computer from this attack and other
attacks?
I would ensure the operating system install in my laptop is genuine and the application are up-to-
date. I would also install some antivirus application for the detection of attacks in the PC.
Q6) Briefly describe the lessons learned from this malware incident
Some of the malware that attack the computer are beyond our control. But to help in the mitigation of
the attack by malware the applications and software in our laptops should be up-to-date.
Q7) If any Australian organization or Australian businesses is infected with attack, who is the main
point of contact for this cyber security issues affecting
Australian Cyber Security Centre (ACSC)
The ACSC should be informed of any cyber security threat in an organization. The ACSC will help the
organization understand the threat environment and will assist the organization affected in mitigating
the attack.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
SYSTEM SECURITY
3. Victims of social engineering
MEMO
To:
From: ABC Auditors
Date: 17/05/2018
Re: Victim of social engineering
Earlier this month, the organization performed an audit. The auditors have found quite a number of
loopholes in the information security throughout the organization. It has come to our notice that the
laid security policies were not followed. A contractor had be hired upgrade the servers. The
administrator gave out the TMS server addresses via phone to the contractors. The contractor also
asked for the password over the phone but the administrator requested the contractor to pass by the
office and be given the password. The contractor did not show up in the office. The contractor was
attempting social engineering. After some follow-up it was noted that the contractor has stolen some
organization’s information from the transaction management system.
Data breach and password hack attack were detected in the system. The contractor used lax security to
get away after stealing data. The transaction system had some faults such not using strong password
and lack of encryption of sensitive data. From the audit, the password that was hacked had only three
characters without any special character.
For the organization staff should follow all the security policy required so as try to mitigated the cases of
social engineering. All system users should change their passwords. The new passwords should be
lengthy and should apply the use of special characters. The system administrator should also encrypt the
sensitive data. The security policies should be followed in order to ensure security in the organization
systems and data.
In case, of any problem realised when using the system, please inform the system administrator. So that
the issue can be addressed.
3. Victims of social engineering
MEMO
To:
From: ABC Auditors
Date: 17/05/2018
Re: Victim of social engineering
Earlier this month, the organization performed an audit. The auditors have found quite a number of
loopholes in the information security throughout the organization. It has come to our notice that the
laid security policies were not followed. A contractor had be hired upgrade the servers. The
administrator gave out the TMS server addresses via phone to the contractors. The contractor also
asked for the password over the phone but the administrator requested the contractor to pass by the
office and be given the password. The contractor did not show up in the office. The contractor was
attempting social engineering. After some follow-up it was noted that the contractor has stolen some
organization’s information from the transaction management system.
Data breach and password hack attack were detected in the system. The contractor used lax security to
get away after stealing data. The transaction system had some faults such not using strong password
and lack of encryption of sensitive data. From the audit, the password that was hacked had only three
characters without any special character.
For the organization staff should follow all the security policy required so as try to mitigated the cases of
social engineering. All system users should change their passwords. The new passwords should be
lengthy and should apply the use of special characters. The system administrator should also encrypt the
sensitive data. The security policies should be followed in order to ensure security in the organization
systems and data.
In case, of any problem realised when using the system, please inform the system administrator. So that
the issue can be addressed.
1 out of 8
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.