Information Security Report: Case Studies of Cyber Security Attacks

Verified

Added on 2020/03/01

AI Summary

This report provides an in-depth analysis of two significant cyber security incidents: the Brooks Brothers data breach and the WannaCry ransomware attack. The report begins by examining the Brooks Brothers breach, detailing the problem, the affected parties, the attack's execution, and preventative measures that could have been implemented. It then transitions to the WannaCry ransomware attack, describing the problem, the affected parties and their impact, the attack's mechanics, and the potential preventative steps. The report explores the technical aspects of the attacks, including the use of malicious software and vulnerabilities exploited by the attackers. It highlights the importance of proactive security measures, such as regular audits, strong password policies, and the implementation of encryption and tokenization technologies to safeguard sensitive information. The report emphasizes the need for organizations to prioritize data security and implement robust security protocols to mitigate the risk of future cyberattacks. It provides a comprehensive overview of the incidents, offering insights into the consequences of security failures and the importance of preventative strategies.

Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
INFORMATION SECURITY
Table of Contents
Part A.............................................................................................................................2
Computer Security Breach in Brooks Brothers..........................................................2
What was the Problem?..........................................................................................2
Who were affected?................................................................................................3
How the attack was carried out?............................................................................3
What could have been done to prevent the Attack.................................................4
Part B..............................................................................................................................4
WannaCry Ransomware Cyber Attack......................................................................4
What was the problem?..........................................................................................5
Who were affected and how?.................................................................................5
How was the attack carried out?............................................................................6
What could have been done to prevent the attack?................................................6
References......................................................................................................................7

2
INFORMATION SECURITY
Part A
Computer Security Breach in Brooks Brothers
In May 2017, Brooks Brothers informed that a data breach has been happened to the
organization and the customer’s information related to their payment card may have been
affected by these breach. This threat was for the customers who had made purchase at Brooks
Brothers retailers and Brooks Brothers outlet, located at Puerto Rico and U.S. between the
date April 2016 and March 2017 (Brooks Brothers, 2017). Brooks Brothers confessed that no
sensitive personal information were in danger except payment cards. They also reported that
personal identifying information and Social Security Numbers were safe and not affected in
this incident. The company is taking precautions after this breach affected it. These steps
could have been taken earlier to stop such intrusion as well-known proverb “Precaution is
better than cure.”
What was the Problem?
Based on forensic investigation, Brooks Brothers reported that an
unauthorized user was somehow able to gain access to the payment processing system and
installed malicious software in that system at their outlet and retail locations. Brooks Brothers
have also provided a list at their website of the outlet and retails where this unwanted
problem occurred. These lists was provided on the website to aware the customers about this
threat and apply necessary precautions they can do to keep themselves safe, like password
change, new payment card issuing and others (Brooks Brothers, 2017). Brooks Brothers also
informed that any of the online customers were not affected nor the payments made at the
airport locations were affected. After the investigation, it was noticed that not all the
customers were affected. Only affected customers were the one who used payment card at the
retailers or outlet between April 2016 and March 2017. These breach affected all the payment

3
INFORMATION SECURITY
card data including name, account number, payment card number, carve verification code and
card expiration date. These were sensitive information related to the account of customers
that are enough to steal money from their account (Trautman, 2016). With the list, Brooks
Brothers also provided additional information how a customer can take steps in order to
protect themselves from any unwanted accidents and assuring them that the issue has been
solved and transaction system is free from any cyber-attack and personal information of a
customer are safe with the company (Biener, Eling & Wirfs, 2015).
Who were affected?
Brooks Brothers is a men’s clothing retailer, which has around 400 or more stores
spread in the whole world among which more than 200 stores were affected by this breach
(Brooks Brothers). This breach was on the run for more than a year and the customers who
had purchased the goods from certain stores using card as the mode of payment were the
victims of this attack. One-year on-going breach made this vast data breach and led to affect a
large population of the customers at Puerto and U.S. This led to the theft of payment and
account information of the individuals who made the purchase at Puerto and U.S. outlets and
retails. This also affected the reputation of Brooks Brothers, as it makes the customer’s
personal information unsafe. Exposing such personal and sensitive information to
unauthorized user may lead to certain privacy and security risk to the customers of Brooks
Brothers (Sgouras, Birda & Labridis, 2014).
How the attack was carried out?
Forensic investigators involved in this case reported that an outsider-unauthorized
individual was somehow able to access the details involving in payment transaction system.
People generally use their credit card and debit cards to make the payment for the shopping
done at any store, as this is the easiest way to make payment (Shackelford, 2012). Hackers
may have gain access through injecting malicious malware, which is still in shadows that

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
INFORMATION SECURITY
how it get started. According to Specialists and experienced IT the company had not carried
out professional penetration tests on regular basis, thus they were not able to detect this
breach for that much long time (more than a year). Brooks Brothers had extreme casual
attitude towards the data cyber-security of the customers who were purchasing goods from
the stores.
What could have been done to prevent the Attack
If the security of the personal information were the first priority of Brooks Brothers
then this mass data breach would have never happened. Brooks Brothers should have taken
serious precautions earlier, before implementing payment mode by cards. The system had not
any alarming system, which could have notified about this breach earlier. Casualties would
be very low, if there was proper alarming or notification system programmed earlier
(Anderson et al., 2013). There should be proper audit on regular basis to take care of any
intrusion that might have affected the system and the information saved in those systems.
This long duration confirms that there was not any reviewing or auditing process in the whole
payment system,which is why it took one year to discover the intrusion. There should be a
strong vendor default password because it gives the easiest entry for the hackers to enter the
system. Limiting the number of people accessing the POS system may have also stopped
such unwanted event. Data should not be stored about the payment related information of the
customers and if it is necessary, then proper tokenization and encryption technologies should
be used in order to make the data and information safe by protecting the data end to end
(Sinhger & Friedman, 2014). These measures could have stopped this incident from harming
such sensitive information of an individual.

5
INFORMATION SECURITY
Part B
WannaCry Ransomware Cyber Attack
This was one of the biggest cyber-attacks, which affected more than 230,000
computers at the global level between the duration 12th may to 15th may. This cyber attack
was named WannaCry Ransomware attack because hacklers used a malicious malware that
connects to the computer through network encrypting all the files saved in the storage system,
and asks money in the form of Bit Coin Currency for the decryption (Kuner et al., 2017). This
cyber attack was started at London when a European opened a zip file that injected that
malicious virus into the system and uses network as a path to spread into other systems.
What was the problem?
The hackers had used an unknown malicious malware that used internet as a path to
spread and cause damages to the files of the organization saved in the storage system of the
computers. In technical terms, the virus used to encrypt all the files so that a user cannot open
any file without decryption, which can only be offered by the hackers who had invented this
virus. IT researches found the way to slow down the attack but regular updates were being
uploaded to the systems, which wastes all the attempts made by the researchers. This virus
was attacking all the operating systems including, window XP, Server 2003, Windows 7, and
Windows 8. However, it was reported that Windows XP and Server 2003 were in the list of
least affected systems but Windows 7 and Windows 8 were in the list of most affected
systems (Renaud, 2017). As most of the organization nowadays are using Windows 7 and
Windows 8 as their operating systems. It was also noted that this virus also affected software
that were installed from black market mostly. This made China in the top list of affected
countries as 70 % of the Chinese use un-authenticated software from black market.

6
INFORMATION SECURITY
Who were affected and how?
This cyber-attack damages several organizations in the worldwide, very few of them
were able to protect their systems and decrypt those files but most of them became prey of
this cyber-attack and had to pay ransom for the decryption. Hospitals, multinational
companies, governments and federal all were suffered from this attack. Automobile
companies like Renault and Nissan had also to suffer this misery. Many police headquarter
system’s file was encrypted like Chinese police and Indian Police had to shut down there
stations in order to stop spreading this virus (Mohurle & Patil, 2017). Electronic companies
and Courier Companies like Hitachi and Fed Ex reported the intrusion and exposed about the
loss the organization and the customers had to suffer due to this cyber-attack. UK and U.S.
hospitals had to cancel the appointments and delay the surgery, which causes serious damage
to the patients, and the management of the hospitals as there was not any file accessing
related to the patients and doctors. Courier companies reported delay in the deliveries due to
the ransomware cyber-attack (Ehrenfeld, 2017). Nissan was less affected than Renault was,
as when the virus started they set there all the systems to go offline, which resulted in saving
rest of the systems. Russia and India were also in the list of affected victims by this cyber-
attack.
How was the attack carried out?
According to the IT researchers and the developers, attack was initiated at London on
12th may 2017 using a host computer in which the virus was injected after a European opened
a zip file. There were several commands in that zip files, which was automatically operating
the system and giving command to it. After several hours, it was found by the researchers that
the virus is giving command to the system to connect to the network to an unknown server,
which in real does not exist (Martin, Kinros & Hankin, 2017). This was done for distracting
the researchers in manner to gather more time to spread over the network and access to files

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
INFORMATION SECURITY
saved in the storage of those systems. The encryption was too good that no one would be able
to decrypt those files. This all happened because of the software installed from the black
market and stolen from the U.S. Agency. That software was ‘EternalBlue’, which was the
only software that could have give access to the hackers to the files saved in the system. This
decryption could only be done by software named ‘DoublePulsar’, which was available to the
hackers only, and they used to install this software on the affected systems if they pay the
asked ransom money.
What could have been done to prevent the attack?
There are a lot of measures and precautions that could have been done to prevent this
attack
 Firstly, the software made by the U.S. Agency should be kept highly secure
and should not expose to the internet or black market and if this software was
exposed U.S. should inform to the world, which could have helped in taking
preventive measures earlier.
 The files that were being saved in the system should be tokenized and
encrypted by using proper techniques (Collier, 2017).
 Using original and updated versions of the operating system could have also
stopped this attack from being such a big mess.
 Security patches that were provided by the Microsoft should have been made
available for the users.
 Installed better and original anti-virus could have also stopped this attack from
being spread in such a large area (Swenson, 2017).

8
INFORMATION SECURITY
References
Anderson, R., Barton, C., Böhme, R., Clayton, R., Van Eeten, M. J., Levi, M., ... & Savage,
S. (2013). Measuring the cost of cybercrime. In The economics of information
security and privacy (pp. 265-300). Springer Berlin Heidelberg.
Biener, C., Eling, M., & Wirfs, J. H. (2015). Insurability of cyber risk: An empirical
analysis. The Geneva Papers on Risk and Insurance Issues and Practice, 40(1), 131-
158.
Brooks Brothers (2017). Retrieved 23 August 2017, from
https://oag.ca.gov/system/files/Sample%20Notice_9.pdf
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Ehrenfeld, J. M. (2017). WannaCry, Cybersecurity and Health Information Technology: A
Time to Act. Journal of Medical Systems, 41(7), 104.
Kuner, C., Svantesson, D. J. B., H Cate, F., Lynskey, O., & Millard, C. (2017).The rise of
cybersecurity and its impact on data protection.International Data Privacy Law, 7(2),
73-75.
Martin, G., Kinross, J., & Hankin, C. (2017). Effective cybersecurity is fundamental to
patient safety.
Mohurle, S., & Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack
2017. International Journal, 8(5).
Renaud, K. (2017). It makes you Wanna Cry.

9
INFORMATION SECURITY
Sgouras, K. I., Birda, A. D., & Labridis, D. P. (2014, February). Cyber attack impact on
critical Smart Grid infrastructures. In Innovative Smart Grid Technologies Conference
(ISGT), 2014 IEEE PES (pp. 1-5). IEEE.
Shackelford, S. J. (2012). Should your firm invest in cyber risk insurance?. Business
Horizons, 55(4), 349-356.
Singer, P. W., & Friedman, A. (2014). Cybersecurity: What Everyone Needs to Know.
Oxford University Press.
Swenson, G. (2017). Bolstering Government Cybersecurity Lessons Learned from
WannaCry.
Trautman, L. J. (2016). E-Commerce, Cyber, and Electronic Payment System Risks: Lessons
from PayPal.