logo

System Security: Data Breach Attack on eBay and WannaCry Ransomware Attack

Investigate and discuss the appropriate design and secure solutions for varieties of organisations Implement a process to support the administration and the management of organisations’ security Conduct practical investigations into network systems including industry procedures of information gathering, vulnerability identification, exploitation and privilege escalation.

8 Pages1892 Words123 Views
   

Added on  2023-06-11

About This Document

This article discusses the data breach attack on eBay, its impact, propagation, and mitigation options. It also covers the WannaCry ransomware attack, its impact, propagation, and steps organizations can take to protect their networks and resources. Additionally, it talks about social engineering and its impact on an organization's information security.

System Security: Data Breach Attack on eBay and WannaCry Ransomware Attack

Investigate and discuss the appropriate design and secure solutions for varieties of organisations Implement a process to support the administration and the management of organisations’ security Conduct practical investigations into network systems including industry procedures of information gathering, vulnerability identification, exploitation and privilege escalation.

   Added on 2023-06-11

ShareRelated Documents
Running Head: SYSTEM SECURITY
SYSTEM SECURITY
Insert Your Name Here
Insert Your Tutor’s Name Here
Institution Affiliation
Date
System Security: Data Breach Attack on eBay and WannaCry Ransomware Attack_1
SYSTEM SECURITY
1.
Name of attack: Data Breach
Type of attack: Cross site scripting[6]
Dates of attacks: 21st May 2014
Computers / Organizations affected: eBay
How it works and what it did:
Cross site scripting involves a malicious code that is injected in an organisations website. The attacker
can then use the browser to inject a payload into a web page that the eBay customers would visit [1].
EBay then executed the JavaScript code that was written by the attackers thus displaying malicious
links on the user’s browsers [2]. If any user clicked on the link, then he/she would be redirected to a
phishing login page. The users account and password would be stolen [3].
The attackers also took advantage of the “forgot password” link. Usually, the password request goes
to users email but the attacker directed the request using “requint” value. When the user clicked the
password reset link in email, the attacker used the requinto value to create another HTTP request to
create the password chosen by the attacker [8].
The attacker was able to acquire data of various users. The data accessed by the hackers was for
approximately 145 million users [5]. The types of data include: login credentials, email addresses,
phone numbers and the dates of birth. This results to loss of trust from the customers to the
organization [4].
Mitigation options:
The first step to deal with the data breach attack is to inform the Cyber security organization in the
country [11]. Any response processes should be documented and followed. Data protection should
be priotized. All the important and sensitive information in an organization should be priotized and
protected. To mitigate the data breach the users of the eBay were advised to change their passwords
[7]. The system required use of strong password. The credentials for the users were encrypted and
System Security: Data Breach Attack on eBay and WannaCry Ransomware Attack_2
SYSTEM SECURITY
any other data in the system was also encrypted. The system should be have patch updates installed
in the servers [10]. The organization had to organize an expert response team. The team include
forensic, legal, management experts and investor relations staff. The team was also supposed to
check the website and confirm there is no misplaced information [12]. The team was supposed to try
and remove the vulnerabilities detected [9] on the website. Once the attack is mitigated, it is also a
good practice to use a monitoring system to monitor the traffic of the system that was attacked.
References:
System Security: Data Breach Attack on eBay and WannaCry Ransomware Attack_3

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
cyber security threats and attacks
|4
|749
|141

Assignment on Oracle Virtual Machine Installation
|16
|1480
|225

Software Security Assignment
|5
|999
|61

Ways of Attacking a Web Application in PHP: SQL Injection, XSS, Session Hijacking, Directory Traversal, and Remote File Inclusion
|9
|1493
|176

Cryptojackers and miners PDF
|20
|6739
|86

Cyber Security: Motives of Web Application Attacks and Types of Vulnerabilities
|8
|1561
|362