Cybersecurity Report: Analysis of Recent Cyber Attacks (MIS301)
VerifiedAdded on 2022/02/18
|11
|2405
|96
Report
AI Summary
This report provides an in-depth analysis of recent cybersecurity attacks, focusing on three major incidents: the SIM swapping attack on T-Mobile, the data breach affecting Snapchat users, and the data breach at British Airways. It details the nature of each attack, the vulnerabilities exploited, and the impact on the affected companies and their customers. The report explores the reasons behind these attacks, the loopholes in the organizations' security systems that were exploited, and the short-term and long-term consequences. Furthermore, it includes comments from the companies involved, outlining their responses and measures taken to address the issues. The report also delves into the challenges in cyber attack prevention, discussing the evolving landscape of cyber threats and the difficulties in securing data in an increasingly complex technological environment. It highlights the role of advanced technologies, such as AI, in both defense and offense, and addresses the skills gap that exists between cybersecurity teams and attackers. The report concludes by emphasizing the importance of continuous improvement in security systems and the need for proactive measures to mitigate cyber risks.
MIS301 Cybersecurity
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
1.0 Introduction.....................................................................................................................4
2.0 SIM Swapping: T- Mobile..............................................................................................5
2.1 Introduction to SIM Swapping attack and impact.......................................................5
2.2 Purpose behind the attack............................................................................................5
2.3 Loophole in T- Mobile’s security................................................................................5
2.4 Impact of attack...........................................................................................................5
2.4.1 Short term................................................................................................................5
2.4.2 Long term.................................................................................................................6
2.5 Comments from T- Mobile..........................................................................................6
3.0 Information Leaked: Snapchat........................................................................................6
3.1 Introduction of attack and impact................................................................................6
3.2 Reason behind attack...................................................................................................6
3.3 Loophole in organization’s security............................................................................6
3.4 Impact of attack...........................................................................................................7
3.4.1 Short term................................................................................................................7
3.4.2 Long term.................................................................................................................7
3.5 Comments from Snapchat...........................................................................................7
4.0 Data breach: British Airways..........................................................................................7
4.1 Introduction of attack and impact................................................................................7
4.2 Reason behind attack...................................................................................................7
4.3 Loophole in organization’s security............................................................................8
4.4 Impact of attack...........................................................................................................8
4.4.1 Short Term...............................................................................................................8
4.4.2 Long Term...............................................................................................................8
4.5 Comments from British Airways.................................................................................8
1.0 Introduction.....................................................................................................................4
2.0 SIM Swapping: T- Mobile..............................................................................................5
2.1 Introduction to SIM Swapping attack and impact.......................................................5
2.2 Purpose behind the attack............................................................................................5
2.3 Loophole in T- Mobile’s security................................................................................5
2.4 Impact of attack...........................................................................................................5
2.4.1 Short term................................................................................................................5
2.4.2 Long term.................................................................................................................6
2.5 Comments from T- Mobile..........................................................................................6
3.0 Information Leaked: Snapchat........................................................................................6
3.1 Introduction of attack and impact................................................................................6
3.2 Reason behind attack...................................................................................................6
3.3 Loophole in organization’s security............................................................................6
3.4 Impact of attack...........................................................................................................7
3.4.1 Short term................................................................................................................7
3.4.2 Long term.................................................................................................................7
3.5 Comments from Snapchat...........................................................................................7
4.0 Data breach: British Airways..........................................................................................7
4.1 Introduction of attack and impact................................................................................7
4.2 Reason behind attack...................................................................................................7
4.3 Loophole in organization’s security............................................................................8
4.4 Impact of attack...........................................................................................................8
4.4.1 Short Term...............................................................................................................8
4.4.2 Long Term...............................................................................................................8
4.5 Comments from British Airways.................................................................................8
5.0 Challenges in Cyber-attack: Prevention..........................................................................9
6.0 Conclusion.....................................................................................................................10
7.0 References.....................................................................................................................11
6.0 Conclusion.....................................................................................................................10
7.0 References.....................................................................................................................11
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1.0 Introduction
The Cybersecurity is process of protecting our data. The security provides by the different
tools of by cyber companies from hackers and attackers. There are various cyber-attacks
which lead to data breach of the companies and also face financial loss. In this report, there
were several attacks from which 3 are discussed. The SIM swapping attack of T- Mobile
companies in which data was stolen of millions of users. This report will also include data
breach of Snapchat users where hacker uploaded the database on similar website. That was
just to warn the company and make people aware about the vulnerabilities in the system of
the company. The hackers also claimed that it was too easy to access the data. It does not
cause any financial loss to the user or company. In this report, data breach of British airways
will also be discussed where company was fined with 4% of its income.
The Cybersecurity is process of protecting our data. The security provides by the different
tools of by cyber companies from hackers and attackers. There are various cyber-attacks
which lead to data breach of the companies and also face financial loss. In this report, there
were several attacks from which 3 are discussed. The SIM swapping attack of T- Mobile
companies in which data was stolen of millions of users. This report will also include data
breach of Snapchat users where hacker uploaded the database on similar website. That was
just to warn the company and make people aware about the vulnerabilities in the system of
the company. The hackers also claimed that it was too easy to access the data. It does not
cause any financial loss to the user or company. In this report, data breach of British airways
will also be discussed where company was fined with 4% of its income.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2.0 SIM Swapping: T- Mobile
2.1 Introduction to SIM Swapping attack and impact
This attack uses a mobile carrier to transfer to user’s data, authentication is used as SMS
(Trevor Russo, 2019) . The second authentication method carrier link through data can be
stolen from social media to bank details. In this, attacker also tries to convince the customer
to get a new SIM card or phone. This major impact of this attack is money loss and control
over device to all in attacker’s hand, which leads to data breach. The attackers also try to steal
bitcoins from user phone number using this attack. It also allows accessing all details and
accounts which are linked to that SIM card.
2.2 Purpose behind the attack
The reason behind the attack is clear to get the data of the victim. In this attack, personal data
of various users was stolen by using SIM swapping. The data breach was not of financial
information, so sensitive information containing bank details was secure. The main target of
the attacker was to get all the personal details which may be sold later. This attack can also be
done for defaming the company T- Mobile in the market.
2.3 Loophole in T- Mobile’s security
The hacker uses brute force algorithm to breach the data. The mistakes done by “engineers”
through which, API are allowed to generate the pin for online form unlimited time. The
hacker can use this method and get the exact security used by user. The hacker can do
multiple attempts of logging in with random security pin using specific tools. This process of
access multiple pins to login in makes the company more vulnerable, which can identified by
the hacker and took advantage.
2.4 Impact of attack
The Company T- Mobile, experienced many similar attacks and that also put some impact.
2.1 Introduction to SIM Swapping attack and impact
This attack uses a mobile carrier to transfer to user’s data, authentication is used as SMS
(Trevor Russo, 2019) . The second authentication method carrier link through data can be
stolen from social media to bank details. In this, attacker also tries to convince the customer
to get a new SIM card or phone. This major impact of this attack is money loss and control
over device to all in attacker’s hand, which leads to data breach. The attackers also try to steal
bitcoins from user phone number using this attack. It also allows accessing all details and
accounts which are linked to that SIM card.
2.2 Purpose behind the attack
The reason behind the attack is clear to get the data of the victim. In this attack, personal data
of various users was stolen by using SIM swapping. The data breach was not of financial
information, so sensitive information containing bank details was secure. The main target of
the attacker was to get all the personal details which may be sold later. This attack can also be
done for defaming the company T- Mobile in the market.
2.3 Loophole in T- Mobile’s security
The hacker uses brute force algorithm to breach the data. The mistakes done by “engineers”
through which, API are allowed to generate the pin for online form unlimited time. The
hacker can use this method and get the exact security used by user. The hacker can do
multiple attempts of logging in with random security pin using specific tools. This process of
access multiple pins to login in makes the company more vulnerable, which can identified by
the hacker and took advantage.
2.4 Impact of attack
The Company T- Mobile, experienced many similar attacks and that also put some impact.
2.4.1 Short term
The company informed few of their users about the attack. The short term impact was to
identify the data breach and try to protect the users with similar attack. This attack brings the
CEO into the light to say sorry.
2.4.2 Long term
The company apologised because this was matter of fame in the market because it has
millions of users. It also planned to take a long term partnership with companies providing
cybersecurity. This will leads to improve in security system of the company which can
prevent further similar cyber-attacks.
2.5 Comments from T- Mobile
The company identified the attack and came in front to accept and verify it. The spokesperson
also said that they informed few customers about this illegal activity where number was
altered. The company also said that issue was identified and resolved by the team, using
safeguards and some protective measures. The CEO of the company also said “truly sorry”
and that company has done partnership with Cybersecurity Company to prevent further
attacks and improve the security of the users. The company requested to use different method
of authentication rather than SMS, from password can be stolen easily.
3.0 Information Leaked: Snapchat
3.1 Introduction of attack and impact
This attack was all about data breach of users of Snapchat. The company does not provide
end-to-end encryption, so it also makes this vulnerable. In this Middle man attack, hackers
made some fake accounts which do not need to be verified. The data breach of 4.6 million
Snapchat users was uploaded on a similar website (Lee et al., 2020). The database was
created on the website and username, phone numbers of users was uploaded by the hacker.
3.2 Reason behind attack
The motivation was clear to warn the company’s vulnerabilities. The hacker warned the
company to identify and fix the issue in the app. The hacker commented that they wants to
make people aware about the issue. The security is also important as much as experience of
the user does. There was no data leak of financial details and not having any other strong
motivation behind the attack.
The company informed few of their users about the attack. The short term impact was to
identify the data breach and try to protect the users with similar attack. This attack brings the
CEO into the light to say sorry.
2.4.2 Long term
The company apologised because this was matter of fame in the market because it has
millions of users. It also planned to take a long term partnership with companies providing
cybersecurity. This will leads to improve in security system of the company which can
prevent further similar cyber-attacks.
2.5 Comments from T- Mobile
The company identified the attack and came in front to accept and verify it. The spokesperson
also said that they informed few customers about this illegal activity where number was
altered. The company also said that issue was identified and resolved by the team, using
safeguards and some protective measures. The CEO of the company also said “truly sorry”
and that company has done partnership with Cybersecurity Company to prevent further
attacks and improve the security of the users. The company requested to use different method
of authentication rather than SMS, from password can be stolen easily.
3.0 Information Leaked: Snapchat
3.1 Introduction of attack and impact
This attack was all about data breach of users of Snapchat. The company does not provide
end-to-end encryption, so it also makes this vulnerable. In this Middle man attack, hackers
made some fake accounts which do not need to be verified. The data breach of 4.6 million
Snapchat users was uploaded on a similar website (Lee et al., 2020). The database was
created on the website and username, phone numbers of users was uploaded by the hacker.
3.2 Reason behind attack
The motivation was clear to warn the company’s vulnerabilities. The hacker warned the
company to identify and fix the issue in the app. The hacker commented that they wants to
make people aware about the issue. The security is also important as much as experience of
the user does. There was no data leak of financial details and not having any other strong
motivation behind the attack.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3.3 Loophole in organization’s security
The company said that the username can be accessed with the help of phone numbers. The
huge data base of all the phone numbers of local code can be saved and username can be
accessed. The company also commented that user can not directly search with phone number.
This makes the security system vulnerable of the Snapchat and leads to data breach of around
4.6 million.
3.4 Impact of attack
3.4.1 Short term
The users of Snapchat were scared as the database was leaked by the hacker. The company
added the same guard for protection of the data. The company apologised and requested users
to not panic.
3.4.2 Long term
The company made few changes in the app but the hacker was not satisfied the Snapchat’s
response. The company also gave an option in the security update of app to opt out phone
number linking option. This attack has not created any long term impact on the company’s
profile except the fame in the market.
3.5 Comments from Snapchat
The attack was to make people aware about the vulnerabilities in the app. The company
released a letter to apologise to all the users. The database was uploaded on a website
containing username and phone number of approx. 4.6 million users. The company also
promised to make it more secure and prevention to be made. The new version of app was also
released with security update where they gave an option to opt out of giving phone number to
the app. The hacker was not satisfied by such response of the company and warned them.
4.0 Data breach: British Airways
4.1 Introduction of attack and impact
The attack in 2018 was to collect the data of the customers of British Airways. The hacker
diverted user from the company’s website to a fake website designed by attacker. The
website gets the collection of data of approx. 5 lakhs. The data breach of the customer’s
information including name, credit card details, payment details, phone number and address.
This attack impacted on the company to fine around $230 million.
The company said that the username can be accessed with the help of phone numbers. The
huge data base of all the phone numbers of local code can be saved and username can be
accessed. The company also commented that user can not directly search with phone number.
This makes the security system vulnerable of the Snapchat and leads to data breach of around
4.6 million.
3.4 Impact of attack
3.4.1 Short term
The users of Snapchat were scared as the database was leaked by the hacker. The company
added the same guard for protection of the data. The company apologised and requested users
to not panic.
3.4.2 Long term
The company made few changes in the app but the hacker was not satisfied the Snapchat’s
response. The company also gave an option in the security update of app to opt out phone
number linking option. This attack has not created any long term impact on the company’s
profile except the fame in the market.
3.5 Comments from Snapchat
The attack was to make people aware about the vulnerabilities in the app. The company
released a letter to apologise to all the users. The database was uploaded on a website
containing username and phone number of approx. 4.6 million users. The company also
promised to make it more secure and prevention to be made. The new version of app was also
released with security update where they gave an option to opt out of giving phone number to
the app. The hacker was not satisfied by such response of the company and warned them.
4.0 Data breach: British Airways
4.1 Introduction of attack and impact
The attack in 2018 was to collect the data of the customers of British Airways. The hacker
diverted user from the company’s website to a fake website designed by attacker. The
website gets the collection of data of approx. 5 lakhs. The data breach of the customer’s
information including name, credit card details, payment details, phone number and address.
This attack impacted on the company to fine around $230 million.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4.2 Reason behind attack
The motivation for the attacker was to get money from the users. The British Airways is well
stable company with turnover of $ 4.8 billion, so this company was targeted. The target and
motivation of attacker was clear to get credit card details and personal details of the
customers to make money. It was always for defaming the company in the market. The
attacker also identified vulnerabilities in the security system.
4.3 Loophole in organization’s security
The company has not updated the Modernizr since 2012, it make easy for hackers to divert
the customers. The megacart was the hacking group who target this airways company with
just 22 lines of code. The 22 lines of code used to divert customers to another website which
was designed by hackers. The third party code or application used by the company sent the
data to baways.com which was controlled by hackers and similar to company’s website.
4.4 Impact of attack
4.4.1 Short Term
The breach was of financial data and other personal details of several customers. The hackers
stolen money from harvested credit card details, which defame the company and questions
were raised on such company’s security system. The company was also fined with millions of
dollars as fine.
4.4.2 Long Term
The attack affects the customers as well as company. The customer also reported fraudulent
activity. The impact was seen even after 6-10 months in the company. The hackers keep
sending spam/threat emails, calls to the customers and stolen money. The hackers even tried
to get access stole more data of customer.
4.5 Comments from British Airways
The company announce and shared the details regarding the data breach of thousands of the
customers. The company also accepted vulnerabilities in their system and accepted the loss.
The company agrees to pay thousands of customers. It also apologised in a report and settles
the attack. The company also claims to increase the security and inform to customers about
the attack or such kind of illegal activity. The company was fined with approx. 4% of the
worldwide income, which was around 230 million US dollar. The company paid the fine to
General Data Protection Regulation.
The motivation for the attacker was to get money from the users. The British Airways is well
stable company with turnover of $ 4.8 billion, so this company was targeted. The target and
motivation of attacker was clear to get credit card details and personal details of the
customers to make money. It was always for defaming the company in the market. The
attacker also identified vulnerabilities in the security system.
4.3 Loophole in organization’s security
The company has not updated the Modernizr since 2012, it make easy for hackers to divert
the customers. The megacart was the hacking group who target this airways company with
just 22 lines of code. The 22 lines of code used to divert customers to another website which
was designed by hackers. The third party code or application used by the company sent the
data to baways.com which was controlled by hackers and similar to company’s website.
4.4 Impact of attack
4.4.1 Short Term
The breach was of financial data and other personal details of several customers. The hackers
stolen money from harvested credit card details, which defame the company and questions
were raised on such company’s security system. The company was also fined with millions of
dollars as fine.
4.4.2 Long Term
The attack affects the customers as well as company. The customer also reported fraudulent
activity. The impact was seen even after 6-10 months in the company. The hackers keep
sending spam/threat emails, calls to the customers and stolen money. The hackers even tried
to get access stole more data of customer.
4.5 Comments from British Airways
The company announce and shared the details regarding the data breach of thousands of the
customers. The company also accepted vulnerabilities in their system and accepted the loss.
The company agrees to pay thousands of customers. It also apologised in a report and settles
the attack. The company also claims to increase the security and inform to customers about
the attack or such kind of illegal activity. The company was fined with approx. 4% of the
worldwide income, which was around 230 million US dollar. The company paid the fine to
General Data Protection Regulation.
5.0 Challenges in Cyber-attack: Prevention
The company faces many issues even after working of advanced technologies. The most of
challenges and attacks are even unidentified. The growing time uses advanced technology
which also used by hackers. The Artificial intelligence used by organisations to make system
more secure and it act as defensive tool. The hacker also uses it for phishing as attacking tool.
The companies are moving to cloud platform to store data but even that is not safe. It can be
accessed by the hackers using different VPNs which are more effective and not easy to get
exact IP. The companies are adapting IoT with time but using ransomware; it identifies the
vulnerability and enters in the system to kill it. The biggest challenge faced by the
organisation is skill gap. This explains that hackers are more advanced in the technologies
than companies IT and security team. The attackers can easily generate new malware for the
required system and transfer that without getting caught. The mobile users are continuously
increasing therefore malwares too. The APKs are available on the browser containing
malwares through which hackers can enter into user’s mobile device. The malwares are
strong enough to make system week and sometimes even user cannot identify the problem in
their device. The attackers also used drones now-a-days to get access to the data and harvest
information from the user. There are many more challenges faced by companies and still
improving the security system. The technology is getting advanced and with that risks are
also increasing because that makes things easier. The loopholes stay unidentified for various
months and years, till then hackers keep tracking all the data and affect the systems of the
company or single user.
The company faces many issues even after working of advanced technologies. The most of
challenges and attacks are even unidentified. The growing time uses advanced technology
which also used by hackers. The Artificial intelligence used by organisations to make system
more secure and it act as defensive tool. The hacker also uses it for phishing as attacking tool.
The companies are moving to cloud platform to store data but even that is not safe. It can be
accessed by the hackers using different VPNs which are more effective and not easy to get
exact IP. The companies are adapting IoT with time but using ransomware; it identifies the
vulnerability and enters in the system to kill it. The biggest challenge faced by the
organisation is skill gap. This explains that hackers are more advanced in the technologies
than companies IT and security team. The attackers can easily generate new malware for the
required system and transfer that without getting caught. The mobile users are continuously
increasing therefore malwares too. The APKs are available on the browser containing
malwares through which hackers can enter into user’s mobile device. The malwares are
strong enough to make system week and sometimes even user cannot identify the problem in
their device. The attackers also used drones now-a-days to get access to the data and harvest
information from the user. There are many more challenges faced by companies and still
improving the security system. The technology is getting advanced and with that risks are
also increasing because that makes things easier. The loopholes stay unidentified for various
months and years, till then hackers keep tracking all the data and affect the systems of the
company or single user.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6.0 Conclusion
This report concludes of various cyber-attacks faced by different organisations in last 10
years. It also discussed about the SIM swapping attack which faced by T- mobile. In this type
of attack, hackers manipulate the carrier and illegally different number or phone is assigned
to the user of the company. This attack also involves the data breach of users which are
linked to user’s phone number. The sensitive data like personal information and financial data
too. It also discussed about the Snapchat data breach. This attack was to warn the Snapchat
authority about the exploits and vulnerabilities in the company’s security system. The hacker
reported that this attack was to make public aware about the threats and risk. The company
apologised at the end and claimed to regain the trust with improve in security. This report
includes the data breach of British airways, where data of thousands of user was stolen. The
data was too sensitive because it contains credit cards and payments details of the users. The
attackers kept sending threat mails to the users even after the attack. The company was fined
with around 230 million dollar and accepted the data breach. The Company faces much
financial loss with this breach.
This report concludes of various cyber-attacks faced by different organisations in last 10
years. It also discussed about the SIM swapping attack which faced by T- mobile. In this type
of attack, hackers manipulate the carrier and illegally different number or phone is assigned
to the user of the company. This attack also involves the data breach of users which are
linked to user’s phone number. The sensitive data like personal information and financial data
too. It also discussed about the Snapchat data breach. This attack was to warn the Snapchat
authority about the exploits and vulnerabilities in the company’s security system. The hacker
reported that this attack was to make public aware about the threats and risk. The company
apologised at the end and claimed to regain the trust with improve in security. This report
includes the data breach of British airways, where data of thousands of user was stolen. The
data was too sensitive because it contains credit cards and payments details of the users. The
attackers kept sending threat mails to the users even after the attack. The company was fined
with around 230 million dollar and accepted the data breach. The Company faces much
financial loss with this breach.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7.0 References
Harvard
Lee, K., Kaiser, B., Mayer, J. & Narayanan, A. 2020. An Empirical Study of Wireless Carrier
Authentication for SIM Swaps. Sixteenth Symposium on Usable Privacy and Security. pp.61-
79.
Grammarly score: 59
Harvard
Lee, K., Kaiser, B., Mayer, J. & Narayanan, A. 2020. An Empirical Study of Wireless Carrier
Authentication for SIM Swaps. Sixteenth Symposium on Usable Privacy and Security. pp.61-
79.
Grammarly score: 59
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.