Cyber Security Breaches: Case Studies and Solutions Analysis
VerifiedAdded on  2020/03/01
|9
|2593
|39
Report
AI Summary
This report provides an in-depth analysis of cyber security breaches, focusing on two significant incidents: the California Association of Realtors (CAR) data breach and ransomware attacks. The CAR case study details how a real estate business service suffered a major data breach due to malware, resulting in the theft of sensitive customer information like credit card details and personal data. The report explores the nature of the attack, the vulnerabilities exploited, and potential solutions such as enhanced security measures, user notifications, data encryption, and alternative payment methods. Part B of the report addresses ransomware attacks, examining their spread through websites and emails, the affected groups, and methodologies employed by attackers. It highlights the diverse impact on individuals and institutions, including the England National Health Service (NHS). Proposed solutions include employee education, IT system lock-down, email vigilance, and online transaction limitations. Overall, the report emphasizes the importance of robust security protocols and proactive measures to mitigate cyber threats and protect sensitive information.
Running head: CYBER SECURITY BREACHES 1
Cyber security breaches
Name
Institution
Professor
Course
Date
Cyber security breaches
Name
Institution
Professor
Course
Date
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
CYBER SECURITY BREACHES 2
Part A.
California Association of Realtors cyber security
Introduction
On July 2017 a California Real Estate Business Service (REBS) was at the center of data
breach where it lost very sensitive information from its customers. REBS has online payment
system helps the organization in selling its real estate products such as software, forms, blank
home sales contracts and classes. The payment system was infected with malware which was
believed to be active in the system up May 15 2017 when it was recognized by one of the
customer and reported the instance (Robbins, 2017). Malware target was to extract some
information when user of the system made their payment. Customers’ personal information was
being copied by the malware to a third party who could then use information for personal gain.
Some of the information that was lost by the company include; credit card numbers and credit
card expiry date, user names, home addresses and transaction verification code. The hacker
gained access to California Association of Realtors (CAR) by affiliating themselves to
Association of Realtors (AOR) website. In the data breach, it was estimated that over 1,000
members users’ information had been fraudulently accessed. Despite having installed the
malware and virus protection software, hackers were still able to get access to the system and
copy some sensitive information.
Similarly, an extensive analysis of the problem shows how the system was poorly
protected. If the company had invested heavily on security of its system, it would be difficult for
the hackers to bypass security features that were in place. Due to lack of strong security features,
customers’ credit card numbers and their security codes were stolen. Stolen information was
Part A.
California Association of Realtors cyber security
Introduction
On July 2017 a California Real Estate Business Service (REBS) was at the center of data
breach where it lost very sensitive information from its customers. REBS has online payment
system helps the organization in selling its real estate products such as software, forms, blank
home sales contracts and classes. The payment system was infected with malware which was
believed to be active in the system up May 15 2017 when it was recognized by one of the
customer and reported the instance (Robbins, 2017). Malware target was to extract some
information when user of the system made their payment. Customers’ personal information was
being copied by the malware to a third party who could then use information for personal gain.
Some of the information that was lost by the company include; credit card numbers and credit
card expiry date, user names, home addresses and transaction verification code. The hacker
gained access to California Association of Realtors (CAR) by affiliating themselves to
Association of Realtors (AOR) website. In the data breach, it was estimated that over 1,000
members users’ information had been fraudulently accessed. Despite having installed the
malware and virus protection software, hackers were still able to get access to the system and
copy some sensitive information.
Similarly, an extensive analysis of the problem shows how the system was poorly
protected. If the company had invested heavily on security of its system, it would be difficult for
the hackers to bypass security features that were in place. Due to lack of strong security features,
customers’ credit card numbers and their security codes were stolen. Stolen information was
CYBER SECURITY BREACHES 3
used by hackers to bill fraudulent charges to customers once they used their cards on the REBS
website for payments. Therefore, the main issues in this case are security of the system and
losses that REBS might have suffered as a result of security breach (Olenick et al, 2017). As a
result of the security lapse, it is now evident how organization has made its customers’ suffer
financial losses which should have been prevented. If REBS case is not well handled, such
scenario might end up repeating itself hence compromising integrity of the organization. The
problem which faced REBS can mainly be attributed to technological hitches that were either
poor or not properly implemented to secure organizational information. Since its very clear
system security has been a major problem, organization did not put security alerts on the system
to make sure in case of any problem, either the customer or the company gets a notification.
Nature of occurrence
The REBS data breach occurred through a hacker installing a malware on the payment
system which helped in collecting personal information which was later used to defraud
customers. By installing some malware on the payment system, hackers were able to collect
information and send it to a third party. Through Association of Realtors (AOR) website, hacker
managed to infiltrate and get access to REBS system. Once required information was collected, it
become possible for hackers to start charging customers unrealistic arrears from their credit cards
once they made payment through REBS payment system. The main reason of the attack was to
get information which could later help in siphoning some cash from innocent customers without
their knowledge (Spacek, 2017). The other main reason for the attacker might be to compromise
integrity of the company where another company would benefit by attracting customers from the
latter. By damaging image of a competitor, the beneficiary gains a lot because some of the
customers form the competitor might end up acquiring services from the other company.
used by hackers to bill fraudulent charges to customers once they used their cards on the REBS
website for payments. Therefore, the main issues in this case are security of the system and
losses that REBS might have suffered as a result of security breach (Olenick et al, 2017). As a
result of the security lapse, it is now evident how organization has made its customers’ suffer
financial losses which should have been prevented. If REBS case is not well handled, such
scenario might end up repeating itself hence compromising integrity of the organization. The
problem which faced REBS can mainly be attributed to technological hitches that were either
poor or not properly implemented to secure organizational information. Since its very clear
system security has been a major problem, organization did not put security alerts on the system
to make sure in case of any problem, either the customer or the company gets a notification.
Nature of occurrence
The REBS data breach occurred through a hacker installing a malware on the payment
system which helped in collecting personal information which was later used to defraud
customers. By installing some malware on the payment system, hackers were able to collect
information and send it to a third party. Through Association of Realtors (AOR) website, hacker
managed to infiltrate and get access to REBS system. Once required information was collected, it
become possible for hackers to start charging customers unrealistic arrears from their credit cards
once they made payment through REBS payment system. The main reason of the attack was to
get information which could later help in siphoning some cash from innocent customers without
their knowledge (Spacek, 2017). The other main reason for the attacker might be to compromise
integrity of the company where another company would benefit by attracting customers from the
latter. By damaging image of a competitor, the beneficiary gains a lot because some of the
customers form the competitor might end up acquiring services from the other company.
CYBER SECURITY BREACHES 4
Therefore, the usefulness of the data has gained substantial importance and such data might be
used to gain competitive market advantage as well as monetary value to hackers who billed
unnecessary charges to customers.
Possible solutions
To solve data breaches faced by REBS Company, it would have been important to
employ security measures which would guarantee organizational security to its operational data
and customers. Some of the possible solutions includes; putting down all operations on the
system and an investigation being carried out to determine the extent of damage that might have
been caused by hackers (Fowler, 2016). This helps in ensuring there are no other malicious
operations that could continue within the system. Evaluation is essential to determine how the
access was made and the motive behind the attacker so that necessary security features can be
taken to protect the organizational data. Next, according to Gupta, Walp, & Sharman (2012), all
users of the system need to be notified so that they are able to monitors their credit cards
activities. This would help customers to avoid extra charges that might be imposed by hackers
without their knowledge. To enhance security customers, their credit cards should be able to
generate an alert message on any activities done (Dawson, Eltayeb & Omar, 2016). Organization
has to take responsibility of advising its customers so that they can be able to monitor any
suspicious transactions. Additionally, Shabtai, Elovici & Rokach (2012) argues that, before
system transaction can be taken put again for use, very strong security features need to be put in
place. Shinder, Diogenes & Shinder (2013) stipulates that, encryption of data is important
because it makes data useless unless hacker has encryption key. This would make sure once data
is keyed into the system, no one can make use of it without required authorization. Finally,
REBS made a good decision of changing their payment method. It shifted all payments from the
Therefore, the usefulness of the data has gained substantial importance and such data might be
used to gain competitive market advantage as well as monetary value to hackers who billed
unnecessary charges to customers.
Possible solutions
To solve data breaches faced by REBS Company, it would have been important to
employ security measures which would guarantee organizational security to its operational data
and customers. Some of the possible solutions includes; putting down all operations on the
system and an investigation being carried out to determine the extent of damage that might have
been caused by hackers (Fowler, 2016). This helps in ensuring there are no other malicious
operations that could continue within the system. Evaluation is essential to determine how the
access was made and the motive behind the attacker so that necessary security features can be
taken to protect the organizational data. Next, according to Gupta, Walp, & Sharman (2012), all
users of the system need to be notified so that they are able to monitors their credit cards
activities. This would help customers to avoid extra charges that might be imposed by hackers
without their knowledge. To enhance security customers, their credit cards should be able to
generate an alert message on any activities done (Dawson, Eltayeb & Omar, 2016). Organization
has to take responsibility of advising its customers so that they can be able to monitor any
suspicious transactions. Additionally, Shabtai, Elovici & Rokach (2012) argues that, before
system transaction can be taken put again for use, very strong security features need to be put in
place. Shinder, Diogenes & Shinder (2013) stipulates that, encryption of data is important
because it makes data useless unless hacker has encryption key. This would make sure once data
is keyed into the system, no one can make use of it without required authorization. Finally,
REBS made a good decision of changing their payment method. It shifted all payments from the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
CYBER SECURITY BREACHES 5
compromised online system to PayPal method where security is guaranteed by Federal
government.
Part B
Ransomware cyber-attack on the web
Introduction
Ransomware cyber-attack was a web-based attack that targeted devices such as
computers, tablets and smartphones. An infected machine could lock itself and request for
Ransomware unlock key. This is a big threat because none of these machine owners could get
unlock key. The malware was being spread from one computer and tablets through websites.
When a user clicked on an infected website while browsing, the malware could enter the
machine and locks it without user’s knowledge. According to Wong & Solon (2017), every
website that had been hacked using Ransomware was itself a victim and could infect other
websites and machines that connect to any of the infected websites. It was so hectic such that,
with every 40 seconds, a company was being infected with Ransomware. The malware was
believed to have originated from cyber weapons attack theft and was highly linked to United
States government. Due to its massive nature of attacker, it has been believed to be an awakening
call to cyber-security experts and organizations.
Affected groups
The effects of Ransomware was quite diverse as it included both individuals and
institutions. The malware was not made for specific group or any target, it was a general
malware which could affect as many groups as possible. Organizations using computers to
connect online was highly affected because Ransomware was being spread online through
compromised online system to PayPal method where security is guaranteed by Federal
government.
Part B
Ransomware cyber-attack on the web
Introduction
Ransomware cyber-attack was a web-based attack that targeted devices such as
computers, tablets and smartphones. An infected machine could lock itself and request for
Ransomware unlock key. This is a big threat because none of these machine owners could get
unlock key. The malware was being spread from one computer and tablets through websites.
When a user clicked on an infected website while browsing, the malware could enter the
machine and locks it without user’s knowledge. According to Wong & Solon (2017), every
website that had been hacked using Ransomware was itself a victim and could infect other
websites and machines that connect to any of the infected websites. It was so hectic such that,
with every 40 seconds, a company was being infected with Ransomware. The malware was
believed to have originated from cyber weapons attack theft and was highly linked to United
States government. Due to its massive nature of attacker, it has been believed to be an awakening
call to cyber-security experts and organizations.
Affected groups
The effects of Ransomware was quite diverse as it included both individuals and
institutions. The malware was not made for specific group or any target, it was a general
malware which could affect as many groups as possible. Organizations using computers to
connect online was highly affected because Ransomware was being spread online through
CYBER SECURITY BREACHES 6
websites or any sharable link. By comparing the nature of the attacker, it can be deduced that
organizations and that mostly depends on legacy systems were more vulnerable to the attacker. A
good example of an organization that was hit by Ransomware was England National Health
Service (NHS) where hospital staff were locked out of their computers (Ransomware cyber-
attack strikes world's biggest firms, 2017).This was very devastating as it forced some of the
hospitals to divert its patients to other unaffected hospitals. Emphasis cannot be subjected to
large organizations only because Ransomware had capability of locking even small gadgets such
as smartphones and tablets leaving their owners unable to access them. The malware infects the
subject machine, encrypts users’ data and demands for some payments in order to unlock the
data.
Methodologies of the attacker
The REBS attacker was made so easy but complex to avoid because targeted it was
spreading through websites which are commonly used by internet users. It was very unfortunate
for organizations that uses online systems because they had to connect online for transactions to
be done. Once online, employees of the organization must visit other sites such as social network
using same machines. In such a scenario, it would be very difficult to avoid Ransomware
attacker. According to Turner, Kotoky & Wienberg (2017), by just clicking any link that leads to
an infected website, the subject machine would still get infected. Next, the Ransomware attacker
was happening through emails, an email could be sent to a target individual, once the user clicks
on the email, it could open resulting to locking of the computer. Taking an account of how the
attacker was being spread, it was very easy to become a victim and that was the main reason it
was being estimated that, after every 40seconds, an organization was getting infected with the
websites or any sharable link. By comparing the nature of the attacker, it can be deduced that
organizations and that mostly depends on legacy systems were more vulnerable to the attacker. A
good example of an organization that was hit by Ransomware was England National Health
Service (NHS) where hospital staff were locked out of their computers (Ransomware cyber-
attack strikes world's biggest firms, 2017).This was very devastating as it forced some of the
hospitals to divert its patients to other unaffected hospitals. Emphasis cannot be subjected to
large organizations only because Ransomware had capability of locking even small gadgets such
as smartphones and tablets leaving their owners unable to access them. The malware infects the
subject machine, encrypts users’ data and demands for some payments in order to unlock the
data.
Methodologies of the attacker
The REBS attacker was made so easy but complex to avoid because targeted it was
spreading through websites which are commonly used by internet users. It was very unfortunate
for organizations that uses online systems because they had to connect online for transactions to
be done. Once online, employees of the organization must visit other sites such as social network
using same machines. In such a scenario, it would be very difficult to avoid Ransomware
attacker. According to Turner, Kotoky & Wienberg (2017), by just clicking any link that leads to
an infected website, the subject machine would still get infected. Next, the Ransomware attacker
was happening through emails, an email could be sent to a target individual, once the user clicks
on the email, it could open resulting to locking of the computer. Taking an account of how the
attacker was being spread, it was very easy to become a victim and that was the main reason it
was being estimated that, after every 40seconds, an organization was getting infected with the
CYBER SECURITY BREACHES 7
malware. Once the attacker occurred, the device could be unlocked by making some payment to
the hackers in order to unlock the infected computer or tablet.
Possible solution to prevent the attacker
Being very simple but sophisticated attacker, it was difficult to prevent it but once
information about the malware hit the sky, it was possible for an infected organizations to avoid.
After detecting it was being spread through visiting websites and emails, organization should
have taken measures of educating their employees on how to avert the attacker (Gupta, Agrawal
& Yamaguchi, 2016). Through education, organizational employees who are daily users of
organizational computers would avoid online activities as much as possible. After making them
aware of the malware availability, organizational IT expert groups should have gone ahead to
unlock all computers in order to prevent them from connecting online (Thomas, 2014).
Additionally, organization should remind employees of any suspicious emails, if they have
suspicion of any email in their working emails, they should immediately alert IT professionals to
have a check on them and take necessary actions. This could be done by configuring
organizational firewall such that it does not allow any online activity from within the
organization (Mellado, 2013).
Similarly, since employees have their own devices such as smartphones and tablets and
they are in their control, organization should prohibit connection of their personal devices with
organizational computers. This would solve a problem where they visit some websites such as
social network sites then try to connect their devices with organizational computers. Finally, to
malware. Once the attacker occurred, the device could be unlocked by making some payment to
the hackers in order to unlock the infected computer or tablet.
Possible solution to prevent the attacker
Being very simple but sophisticated attacker, it was difficult to prevent it but once
information about the malware hit the sky, it was possible for an infected organizations to avoid.
After detecting it was being spread through visiting websites and emails, organization should
have taken measures of educating their employees on how to avert the attacker (Gupta, Agrawal
& Yamaguchi, 2016). Through education, organizational employees who are daily users of
organizational computers would avoid online activities as much as possible. After making them
aware of the malware availability, organizational IT expert groups should have gone ahead to
unlock all computers in order to prevent them from connecting online (Thomas, 2014).
Additionally, organization should remind employees of any suspicious emails, if they have
suspicion of any email in their working emails, they should immediately alert IT professionals to
have a check on them and take necessary actions. This could be done by configuring
organizational firewall such that it does not allow any online activity from within the
organization (Mellado, 2013).
Similarly, since employees have their own devices such as smartphones and tablets and
they are in their control, organization should prohibit connection of their personal devices with
organizational computers. This would solve a problem where they visit some websites such as
social network sites then try to connect their devices with organizational computers. Finally, to
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CYBER SECURITY BREACHES 8
organizations that work online, it would be wise to start putting down their online transaction to
avoid malware attacker (Moore, 2017). It would not be of any value to continue with operations
that would later be very devastating. Imagining an organization is a hospital system such as
England case, waiting until an attacker happens may be very dangerous because it may result to
patient harm or even death. According to Eyob (2009), looking for an alternative in advance
once news about the malware come up might be the best option rather than waiting for disaster
by use of ostrich method approach. Therefore, taking all of these measures would have averted
the malware attacker. Hence saving organizational money and disruption that might occur.
References
Dawson, M., Eltayeb, M., & Omar, M. (2016). Security Solutions for Hyperconnectivity and the
Internet of Things. Hershey: IGI Global.
Doug Olenick, O., Abel, R., Olenick, D., Masters, G., & Olenick, D. (2017). Data Breach hits
California Association of Realtors. SC Media US. Retrieved 27 August 2017, from
https://www.scmagazine.com/data-breach-hits-california-association-of-
realtors/article/673795/
Eyob, E. (2009). Social implications of data mining and information privacy: Interdisciplinary
frameworks and solutions. Hershey: Information Science Reference.
Fowler, K. (2016). Data breach preparation and response: Breaches are certain, impact is not.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (2016). Handbook of research on modern
cryptographic solutions for computer and cyber security. Hershey: Information Science
Reference.
Gupta, M., Walp, J., & Sharman, R. (2012). Strategic and practical approaches for information
security governance: Technologies and applied solutions. Hershey, PA: Information
Science Reference.
Mellado, D. (2013). IT security governance innovations: Theory and research. Hershey, PA:
Information Science Reference.
Moore, M. (2017). Cyber security breaches and issues surrounding online threat protection.
Ransomware cyber-attack strikes world's biggest firms. (2017). ITV News. Retrieved 27 August
2017, from http://www.itv.com/news/2017-06-27/ransomware-cyber-attack-strikes-
worlds- biggest-firms/
organizations that work online, it would be wise to start putting down their online transaction to
avoid malware attacker (Moore, 2017). It would not be of any value to continue with operations
that would later be very devastating. Imagining an organization is a hospital system such as
England case, waiting until an attacker happens may be very dangerous because it may result to
patient harm or even death. According to Eyob (2009), looking for an alternative in advance
once news about the malware come up might be the best option rather than waiting for disaster
by use of ostrich method approach. Therefore, taking all of these measures would have averted
the malware attacker. Hence saving organizational money and disruption that might occur.
References
Dawson, M., Eltayeb, M., & Omar, M. (2016). Security Solutions for Hyperconnectivity and the
Internet of Things. Hershey: IGI Global.
Doug Olenick, O., Abel, R., Olenick, D., Masters, G., & Olenick, D. (2017). Data Breach hits
California Association of Realtors. SC Media US. Retrieved 27 August 2017, from
https://www.scmagazine.com/data-breach-hits-california-association-of-
realtors/article/673795/
Eyob, E. (2009). Social implications of data mining and information privacy: Interdisciplinary
frameworks and solutions. Hershey: Information Science Reference.
Fowler, K. (2016). Data breach preparation and response: Breaches are certain, impact is not.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (2016). Handbook of research on modern
cryptographic solutions for computer and cyber security. Hershey: Information Science
Reference.
Gupta, M., Walp, J., & Sharman, R. (2012). Strategic and practical approaches for information
security governance: Technologies and applied solutions. Hershey, PA: Information
Science Reference.
Mellado, D. (2013). IT security governance innovations: Theory and research. Hershey, PA:
Information Science Reference.
Moore, M. (2017). Cyber security breaches and issues surrounding online threat protection.
Ransomware cyber-attack strikes world's biggest firms. (2017). ITV News. Retrieved 27 August
2017, from http://www.itv.com/news/2017-06-27/ransomware-cyber-attack-strikes-
worlds- biggest-firms/
CYBER SECURITY BREACHES 9
Robbins, G. (2017). California Association of Realtors subsidiary suffers major data breach.
sandiegouniontribune.com. Retrieved 27 August 2017, from
http://www.sandiegouniontribune.com/news/cyber-life/sd-me-rebs-breach-20170709-
story.html
Shabtai, A., Elovici, Y., & Rokach, L. (2012). A survey of data leakage detection and prevention
solutions. New York: Springer.
Shinder, T. W., Diogenes, Y., & Shinder, D. L. (2013). Windows server 2012 security from end
to edge and beyond: Architecting, designing, planning, and deploying Windows server
2012 security solutions. Amsterdam: Elsevier.
Spacek, R. (2017). Data breach hits California Assn. of Realtors subsidiary. latimes.com.
Retrieved 27 August 2017, from http://www.latimes.com/business/la-fi-reb-data-breach-
20170710-story.html
Thomas, L. M. (2014). Thomas on data breach: A practical guide to handling data breach
notifications worldwide. Eagan, MN: Thomson Reuters/Westlaw.
Turner, M., Kotoky, M., & Wienberg, M. (2017). Ransomware Cyber-attack Goes Global.
Bloomberg.com. Retrieved 28 August 2017, from
https://www.bloomberg.com/news/articles/2017-06-28/cyberattack-reaches-asia-as-new-
targets-hit-by-ransomware-demand
Wong, J., & Solon, O. (2017). Massive ransomware cyber-attack hits nearly 100 countries
around the world. the Guardian. Retrieved 27 August 2017, from
https://www.theguardian.com/technology/2017/may/12/global-cyber-attack-ransomware-
nsa-uk-nhs
Robbins, G. (2017). California Association of Realtors subsidiary suffers major data breach.
sandiegouniontribune.com. Retrieved 27 August 2017, from
http://www.sandiegouniontribune.com/news/cyber-life/sd-me-rebs-breach-20170709-
story.html
Shabtai, A., Elovici, Y., & Rokach, L. (2012). A survey of data leakage detection and prevention
solutions. New York: Springer.
Shinder, T. W., Diogenes, Y., & Shinder, D. L. (2013). Windows server 2012 security from end
to edge and beyond: Architecting, designing, planning, and deploying Windows server
2012 security solutions. Amsterdam: Elsevier.
Spacek, R. (2017). Data breach hits California Assn. of Realtors subsidiary. latimes.com.
Retrieved 27 August 2017, from http://www.latimes.com/business/la-fi-reb-data-breach-
20170710-story.html
Thomas, L. M. (2014). Thomas on data breach: A practical guide to handling data breach
notifications worldwide. Eagan, MN: Thomson Reuters/Westlaw.
Turner, M., Kotoky, M., & Wienberg, M. (2017). Ransomware Cyber-attack Goes Global.
Bloomberg.com. Retrieved 28 August 2017, from
https://www.bloomberg.com/news/articles/2017-06-28/cyberattack-reaches-asia-as-new-
targets-hit-by-ransomware-demand
Wong, J., & Solon, O. (2017). Massive ransomware cyber-attack hits nearly 100 countries
around the world. the Guardian. Retrieved 27 August 2017, from
https://www.theguardian.com/technology/2017/may/12/global-cyber-attack-ransomware-
nsa-uk-nhs
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.