logo

WannaCry Attack on Verizon Data Breach

11 Pages2624 Words272 Views
   

Added on  2020-02-24

About This Document

3 The possible solutions 5 Part b: WannaCry, Ransomware attack 6 WannaCry problem 6 Those affected and how 6 Attack researchers process 7 Preventing the attack (Solution) 8 References 10 Part a: Verizon data breach The problem As a telecommunication giant, Verizon serves millions of customers who rely on its infrastructure to conduct their communications. Moreover, the customers affected did not prescribe to any unique service or product but included all the customers that contacted the customers care service within the six months prior to the attack (

WannaCry Attack on Verizon Data Breach

   Added on 2020-02-24

ShareRelated Documents
Running head: INFORMATION SECURITYAssignment [Student Name Here][Institution’s Name Here] [Professor’s Name Here][Date Here]
WannaCry Attack on Verizon Data Breach_1
INFORMATION SECURITY2Table of ContentsContents PagePart a: Verizon data breach..............................................................3The problem.......................................................................................3The attack, how and why?.................................................................3The possible solutions........................................................................5Part b: WannaCry, Ransomware attack..........................................6WannaCry problem............................................................................6Those affected and how.....................................................................6Attack process....................................................................................7Preventing the attack (Solution)........................................................8References..........................................................................................10
WannaCry Attack on Verizon Data Breach_2
INFORMATION SECURITY3Part a: Verizon data breachThe problem As a telecommunication giant, Verizon serves millions of customers who rely on itsinfrastructure to conduct their communications. This outcome makes the company a majorsource of information as clients continuously use its systems to exchange data, a facility thatwas breached earlier in the year. As reported by the company’s representatives in July, thecompany’s systems were compromised which left records of more than 14 million customersexposed. Now, according to the company, the attack was propelled by user negligence as thecompany’s subcontracted organization failed to secure the data. In all, the customers affecteddid not prescribe to any unique service or product but included all the customers thatcontacted the customers care service within the six months prior to the attack[ CITATION Sic17 \l 2057 ].Now, the customer care services were held in a separate system as compared to otheroperations which helped isolate the attack. Nevertheless, the separate system did holdcustomers sensitive data including names, addresses and contact numbers as is the norm withmost customer care services. Moreover, some customers did contact the centre to makeinquiries on their access pins which led to their exposure when the breach occurred.However, according to the organization, the data breach was contained after being discoveredby an independent Software researcher who hailed from Upguard security firm[ CITATIONWis17 \l 2057 ]. The attack, how and why?Verizon placed full blame on a third party member, who according to them wassubcontracted to deal with the customer care service. In essence, Verizon had been using acloud facility to host the communications made between its customers and itself. This cloudfacility was set up using the Amazon S3 infrastructure as provided by Amazon web service
WannaCry Attack on Verizon Data Breach_3
INFORMATION SECURITY4(AWS). In addition to this, the company had given another party member the control of thisservice and were thus responsible for monitoring as well as maintaining the system. NICESystems was the organization subcontracted by Verizon to manage the cloud infrastructurethat hosted the customer care service[ CITATION Dea17 \l 2057 ].So how did the breach occur? Well, at the time of the attack, an employee of thesubcontracted company (NICE) failed to secure the data contained within the cloud servers.This error led to the exposure of millions of records as outlined above, moreover, the breachhighlighted the extent of the data contained on the online servers as they had extensive logrecords from residential customers who were in contact with Verizon. However, even moreworrying was the depth of the information uncovered as there were minimal reductions orany form of encryption. In fact, when viewed by the public eye the records contained cleartext data that gave details such as names, security PINs and addresses. Furthermore, somerecords also contained the customer’s account balances. In all, the communications madebetween the organization and its customers were fairly displayed to the masses[ CITATIONWis17 \l 2057 ].Why the attack occurred? (Vulnerability at hand) After the breach had occurred severalinvestigations were conducted by independent researchers who later discovered that thesubcontracted organization (NICE systems) had also undergone into a partnership withanother organization. Therefore, the customer care service owned by Verizon had beensubcontracted to an organization that had also taken another subsequent partner. Now, theother party member involved was Orange, a France based organization that also dealt withtelecommunication services[ CITATION Kum17 \l 2057 ]. Nevertheless, the official cause of theattack was a misconfigured setting within the security protocols of the cloud infrastructure.
WannaCry Attack on Verizon Data Breach_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
The Necessary Security Procedures
|11
|2541
|50

Report on Verizon Data Breach
|12
|2659
|57

Cyber Attacks on Verizon Wireless Network
|10
|1842
|34

Report On Cyber Attacks | ICT In Modern World
|11
|2431
|35

Report on Information Security Breaches 2017
|12
|2809
|29

Search the Web for News on Computer Security Breaches
|7
|2118
|43