Exploring WannaCry and Petya Ransomware Attacks


Added on  2019-09-23

11 Pages3802 Words406 Views
Exploring WannaCry and Petya Ransomware Attacks_1

Task 1: PART AThe cyber security breaches have become one of the most threatening factors for the internetusers. The users of internet often need to share their personal information over internet. However, due to increasing use of internet, everyday this huge amount of data , uploaded by the users arebeing exposed to thousands of security threats on regular basis (Buczak & Guven, 2016).Although the sites on the internet are taking several steps to protect themselves from the securitythreats, still there are many instances which reveal vulnerability of the data shared on internet.The current research deals with analysis on the recent incident of data security breach from thehealth app, MyFitnessPal. In March, 2018, the security of the personal data of the millions ofMyFitnessPal users was compromised (An & Kim, 2018). In the research , nature of the problemwas analyzed and discussed. The research also includes discussion on how and why the problemhas occurred. In this study, the researcher has also discussed how the incident of security breachcould have been prevented.Analyzing the problem:The fitness app, MyFitnessPal has approximately 150 million users. The app collects personaldetails of the users. Recently, in March 2018, the personal data of the 150 million users wasaffected due to the security hacks (An & Kim, 2018). As reported by the owner organization,Armour , it is one of the biggest security hacks in the history. As notified by the organization,Armour, the names of the users, their e-mail addresses and the passwords. In addition, the ownerorganization has also informed that the payment details of the users were not affected due to thesecurity hack. The accounts of the users were hacked in February, 2018. The incident of hackingreduced share of the organization down upto 3% in the after-hours trade (Ivanchenko eyal.2018). The company has not recognized the breach till 25th march and informed its users 4days later. Discussion on the cyber security breach of MyFitnessPal indicates that security of the financialdata of the users was not compromised. However, security breach of the e-mail addresses of theusers can have devastating effects. Stealing of the data stored by MyFitnessPal App is consideredas several times more valuable than the financial data stealing. The app, MyFitnessPal, stores2
Exploring WannaCry and Petya Ransomware Attacks_2

huge amount of personal data which can be effective for tracking an individual. The personalinformation regarding the individuals is considered as an excellent source of intelligence for thehackers. In case of MyFitnessPal app, the location as well as the performance of the individualsaccording to privacy policy of the app. In addition, the information shared by the usersvoluntarily with the app also can be used as a source of intelligence.How and why the problem has occurred:The data breach of the MyFitnessPal app has occurred in February 2018 although theorganization had discovered it in March, 2018 (Ivanchenko ey al.2018). The hackers who werebehind the data security breach are not identified yet. The organization has informed that it isstill working with the leading data security firms to explore the reasons behind the securitybreach. The organization has not provided any detailed information regarding how the hackerswere able to get access to the data.However, after the breach has been occurred, the password of the accounts and the links fromsuspicious sources were considered as vulnerable for the data security. Therefore, the users wererequested to review their accounts and change the password after the security breach wasidentified. The app does not deal with the information like the driving license number or thesocial security number. So, such information of the users has not been disclosed due to thesecurity breach. The financial details of the users such as the credit card related information isprocessed differently than the other types of information. So, the financial data security was notaffected any way.As the risks of hacking are increasing every day, no app or website can be considered ascompletely safe (Gupta et al.2016). The hackers are always looking for new ways to breach thesecurity of information spread over the internet. Therefore, the organizations, which share thedata of customers over the internet, require focusing on enhancing the security of theinformation. The potential reasons behind the security attack can be the phishing, hacking andthe malware threats, mistakes done by the employees or any improper action taken by them, theexternal theft related activity, the internal theft , the risks posed by the vendors and the improperdisposal of the data.3
Exploring WannaCry and Petya Ransomware Attacks_3

Phishing, hacking and malware attacks:In 2014, the human error was considered as one of the leading causes behind the data securityattack. Often the individuals who use the data published over internet do not remain aware of thesecurity risks as well as the best practices to protect the data from a number of security threats.Because of the improper actions taken by these individuals, the data shared on the internet getexposed to the higher security risk. In case of MyFitnessPal app, the management has suspectedthat the hacking can be done through the suspicious links on the app and so, suggested the usersnot to click on such links for avoiding the risk of security threats. Exposing the confidentialinformation such as the password to unauthorized individuals can be threatening for the securityof the shared data. For the app also, the management has considered the threats posed due tounauthorized access to the data and so, recommended the users to change their password.Employee action or mistake:The employees of an organization need to be aware of the best practices to handle the data(Gordon et al.2015). Lack of knowledge among the employees also can be effective to enhancethe risk to the data security.External and Internal Theft:The data theft is considered as the act of copying the confidential information in an unauthorizedor illegal way (Liu et al.2015). The illegal transfer of confidential or personal informationregarding an individual or the corporation is also considered as the data theft. The types of datasuch as the passwords, algorithms, the copyright material, the process oriented data, the softwarecode and the credit card related information can be susceptible to the security theft related attack.The external and internal theft of data also increases the risk to data security to a great extent.Limiting the access to the data can be an effective way for reducing the risk of confidential dataloss.Vendor:Often the businesses take help from external vendors to handle the data of their customers(Fielder et al.2016). In such cases, the businesses require ensuring that the vendors are adhering4
Exploring WannaCry and Petya Ransomware Attacks_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Cyber Security Breaches: Analysis of MyFitnessPal Incident

Data Breach - Cyber Security

Under Armour Data Breach

Computer Security Breaches

Affected Computer Systems - Doc

CYBER FRAUD. CYBER FRAUD Name of the Student Name of th