Information Security Report

Verified

Added on 2020/02/23

AI Summary

This report examines significant security breaches, including the Verizon data leak and the WannaCry ransomware attack. It discusses the causes, affected organizations, and potential solutions to enhance information security.

Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author’s note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
INFORMATION SECURITY
Executive Summary
The objective of this report is to focus on the latest security breaches that occurred in the month
of July and the year 2017. It talks about the cloud data exposure or leakage of the Verizon
Company because of misconfiguration. The next portion of this report discusses about the
ransomware attack called WannaCry that occurred in the month of May, 2017. At the last part,
this report provides suggestions regarding the possible solutions that could be done to solve any
security related problems.

2
INFORMATION SECURITY
Table of Contents
Introduction..........................................................................................................................3
Part A...................................................................................................................................3
Problem............................................................................................................................3
Reason for the Data Breach.............................................................................................3
How did the Data Breach Occur......................................................................................5
Possible Solution.............................................................................................................5
Part B...................................................................................................................................6
Problem............................................................................................................................6
The Affected Organizations or Countries........................................................................7
Procedure of the Attack...................................................................................................7
Possible Preventive Measures..........................................................................................8
Conclusion...........................................................................................................................8
References..........................................................................................................................10

3
INFORMATION SECURITY
Introduction
This is a generation of information technology and ICT, where people are getting used to
the internet of things. Security has become a serious issue in this era of internet. Data breach
takes place when the sensitive data and sensitive details of an individual or organization are
accessed deliberately to cause some kind of harm. This information later is misused and
modified or deleted. There must be implementation and integration of strong security policies to
make the websites and online transactions strong.
The first part of the report focuses on the data breach incident of the Verizon Wireless
Company. This incident occurred in the month of July, 2017. This report answers few questions
regarding the data breach incident like who were the affected people, causes and the solutions
that are possible in this issue. The next portion of the report focuses on the ransomware attack
called WannaCry that occurred in the month of May, 2017.
Part A
Problem
The problem that took place was the data breach of a well known telecommunication
company. The name of the company is Verizon Wireless. It runs the business in USA (Mathews,
2017). This company is engaged in offering services and devices that are wireless in nature.
There has been a major cloud leak leading to the breach of data. The culprit behind this big issue
was Verizon partner. It was held responsible for the leakage of the information in cloud. This
resulted in the exposure of around millions of accounts of the users. All the data existing in the
account was revealed in the month of July, 2017. This led to lot of issues.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
INFORMATION SECURITY
Cause of the Data Breach
The misconfiguration of cloud based file and documents were the main reason behind the
occurrence of the security breach that took place. There were around fourteen million users who
used to have accounts with this company called Verizon. These users’ accounts were revealed
and leaked. NICE Systems was third party cloud vendors of this company. They provided the
cloud support to Verizon. The place where the data were stored was called S3 bucket. The
Amazon Web Services had provided this S3 bucket of storage (Fox News 2017). The
responsibility of managing, administering and monitoring the cloud based data storage was under
the responsibility of the NICE System. They used to handle all types of jobs of the Verizon
Company.
Amazon’s S3 bucket had stored important details of the users like their addresses, names
and details of their accounts. The customer passwords and personal identification numbers were
also stored in the cloud. These data were exposed and were under threat. Leakage of their
numbers of the phones also led to major issues. This example can be used to point out the
challenges in cloud computing where security threat is a major issue (Romanosky, Hoffman &
Acquisti, 2014). There are several other problems also in cloud computing like reliability,
portability and availability. A lot of costs are consumed behind the bandwidth of the internet. But
the cost of the hardware is saved. Around fourteen million residents of America had accounts
with this company.
The UpGuard had mentioned that there was huge leakage of user information around
thirteenth of June. What led to this disaster was the misconfiguration of cloud infrastructure. The
NICE System did not configure the cloud. Verizon has been under huge risk as in the usage of a
cloud based system, the control of the data were under the NICE System. The background of this

5
INFORMATION SECURITY
third party cloud vendor is quite weak. Its background says that their support to other firms have
been in a not so settled manner. This survey was carried out by the state. The account
information could be saved from the place of storage in the cloud (Khalil et al., 2013). This is a
big flaw in the system as it can be misused by other parties for causing any type of harm.
How did the Data Breach Occur
The entire environment of the cloud requires the process of configuration to be done in
order to work in a proper manner. Wrong configuration might lead to severe problems and
challenges that will be faced by the cloud environment. Techniques and tools are to be used in
order to enable effective working of the cloud. The IT infrastructural base was weak enough to
cause this problem. The non configuration was the main root to all the problems that occurred
(Uchiumi, Kikuchi & Matsumoto, 2012). Seventy to ninety nine per cent of the security issues
arise due to the infrastructural issues. In this case of Verizon there was no deliberate attack of the
outsiders. The total control was in the hands of the NICE System. This led to the main problem.
Dysfunctional changes led to the fall in the operational efficiency of the company. The main
problems could not be identified in the beginning. The NICE System did not configure the cloud.
Verizon has been under huge risk as in the usage of a cloud based system, the control of the data
were under the NICE System. The background of this third party cloud vendor is quite weak. Its
background says that their support to other firms have been in a not so settled manner. Several
measures taken by the third party vendor would not have led to this situation. It is a challenging
task for any firm to figure out the problems and weaknesses in the cloud infrastructure.
Identifying any error in the initial phase would avoid any type of breach in the system.

6
INFORMATION SECURITY
Possible Solution
The best possible solution to this problem proper configuration and monitoring of the
cloud based system. The third party cloud vendor must look into the matter in a serious way and
solve the problem at the initial stage (Patel et al., 2013). Regular software updates must be done.
This should be followed in a cyclic manner. The working mechanism of the software and
hardware along with how they are performing must be tracked regularly. System or server issues
should be solved by following important procedures. There should be password security and
other types of authentication processes built in the system. There are security policies that need
to be followed so that the data in the cloud are safe from any attacks and threats. If there is any
problem in the system then that needs to be rectified in the initial stage. It should not be delayed.
Symmetric and asymmetric cryptography algorithms can be used where there are keys to protect
the data. Choice of the vendor must be carried out in a proper manner so that there is no issue
later on. There must be a level of transparency maintained between the client and vendor
(Shabtai, Elovici & Rokach, 2012). The background of the vendor must be looked into before
taking any decision.
Part B
Problem
The problem discussed here is related to a ransomware attack that occurred in the month
of May, 2017. This was a cyber attack. The entire world is aware of this incident. The name of
the attack is WannaCry attack. The cryptoworm was responsible for this type of attack of the
ransomware (Mohurle & Patil, 2017). Computers that were using the Microsoft Windows as its
operating system were attacked. Encryption of the data had taken place. There were demands of

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
INFORMATION SECURITY
huge amount of payment by the attackers. Bitcoin cryptocurrency were paid to fulfill their
demand.
The attack started in the month of May, 2017. That was a Friday. The number of
computers that were affected was around 2 lacs and thirty thousand. It had spread across more
than one hundred and fifty countries. England’s National Health Service was affected in a severe
manner (Collier, 2017). There was small number of services that were still active during that
severe situation. Research studies reported that there was discovery of kill switch that had the
code of the ransomware leading to slowing down the process of the attack. Other versions of the
ransomware were found out by the attacker to carry on with the attack. Microsoft identified the
loopholes in their system to solve the issue and prevent any type of further attacks. Latest
versions of the Microsoft Windows 7 and 8 are considered to be safe. The computers that have
Windows XP and unauthorized versions of the software or operating system are under major
risk.
The Affected Organizations or Countries
According to the Europol, there were 2 lacs and thirty thousand computers that have been
badly affected. This had happened because these computers were using the operating system that
was provided by Windows. This attack had spread across one hundred and fifty countries. The
names of the countries that had suffered were Russia, Ukraine, Taiwan and India. The hospitals
of Scotland and the National Health Service of England had been badly affected (Pascariu, Barbu
& Bacivarov, 2017). Seventy thousands computers were harmed in the hospitals. The devices
that were used during diagnosis and operation purposes were also harmed. Productions were
stopped in many companies like Nissan Manufacturing. This had happened because production
could be continued with virus affected systems. Renault was also in trouble. Different locations

8
INFORMATION SECURITY
had stopped its production. The magnitude of the attack was much less than any other type of
attack. The economy was also affected due to this WannaCry ransomware attack. There was a
loss of four billion dollars. Organizations like Hitachi and Honda were affected badly. There was
many various affected organizations also. The attack was spread over a huge range that created
trouble in the operations of the business.
Procedure of the Attack
The malware attack called the WannaCry ransomware attack occurred on the 12th of May,
2017. It all started around 7 am in the morning in Asian continent. The SMB port was attacked as
it was vulnerable (Mattei, 2017). There was no sign of any email phishing. The malware
identified any presence of a kill switch that had domain. If this was not present then the
ransomware would attack and perform encryption over its data. The weaknesses of the SMB port
are identified by the malware. After completion of the process it asked for huge amount of
money approximately three hundred dollars Bitcoin within three days or double the amount in
one week (O'Gorman & McDonald, 2012). More than one lac dollars had been transferred in a
span of one month from more than three hundred accounts. The operating system of Windows
XP is still under the risk of getting attacked.
Possible Preventive Measures
Several preventive measures have been presented by the Microsoft Protection Center. It
is responsible for the purpose of solving any malware related problems (O’ Dowd, 2017). A
system should install antivirus software and keep an up to date or latest version of the software.
Random websites should not be opened. Any random files should not be saved or downloaded.
Regular backup must be taken. Every websites presents a pop up advertisement that needs to be
disallowed. Detection software must be installed for the purpose of identifying any malware

9
INFORMATION SECURITY
issue or phishing related issue (Martin, Kinross & Hankin, 2017). Operating systems used need
to be advanced and well protected. The incorporation of proper security policies will solve the
problem of any types of security threats in the system.
Conclusion
This report concludes that security breaches are spreading at a fast pace. The first part of
this report has pointed about the data breach that occurred in the Verizon Company due to
leakage of cloud data. This took place in July, 2017. It also provided a substantiated report on
the reasons behind as well as the affected people. The second part of the report focused about the
ransomware attack called WannaCry that occurred in the month of May, 2017. It gave a
description about the preventive measures and affected organizations in details.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10
INFORMATION SECURITY
References
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Fox News. (2017). Verizon data breach: 14 million customers reportedly exposed. Retrieved 27
August 2017, from http://www.foxnews.com/tech/2017/07/12/verizon-data-breach-14-
million-customers-reportedly-exposed.html
Khalil, I. M., Khreishah, A., Bouktif, S., & Ahmad, A. (2013, April). Security concerns in cloud
computing. In Information Technology: New Generations (ITNG), 2013 Tenth
International Conference on (pp. 411-416). IEEE.
Martin, G., Kinross, J., & Hankin, C. (2017). Effective cybersecurity is fundamental to patient
safety.
Mathews, L. (2017). Millions Of Verizon Customers Exposed By Third-Party Data
Leak. Forbes.com. Retrieved 27 August 2017, from
https://www.forbes.com/sites/leemathews/2017/07/13/millions-of-verizon-customers-
exposed-by-third-party-leak/#929962836bc9
Mattei, T. A. (2017). Privacy, Confidentiality, and Security of Health Care Information: Lessons
from the Recent WannaCry Cyberattack. World Neurosurgery, 104, 972-974.
Mohurle, S., & Patil, M.(2017). A brief study of Wannacry Threat: Ransomware Attack
2017. International Journal, 8(5).
O’Dowd, A. (2017). NHS patient data security is to be tightened after cyberattack.

11
INFORMATION SECURITY
O'Gorman, G., & McDonald, G. (2012). Ransomware: A growing menace. Symantec
Corporation.
PASCARIU, C., BARBU, I. D., & BACIVAROV, I. C.(2017) Investigative Analysis and
Technical Overview of Ransomware Based Attacks. Case Study: WannaCry.
Patel, A., Taghavi, M., Bakhtiyari, K., & JúNior, J. C. (2013). An intrusion detection and
prevention system in cloud computing: A systematic review. Journal of network and
computer applications, 36(1), 25-41.
Romanosky, S., Hoffman, D., & Acquisti, A. (2014). Empirical analysis of data breach
litigation. Journal of Empirical Legal Studies, 11(1), 74-104.
Shabtai, A., Elovici, Y., & Rokach, L. (2012). A survey of data leakage detection and prevention
solutions. Springer Science & Business Media.
Uchiumi, T., Kikuchi, S., & Matsumoto, Y. (2012, September). Misconfiguration detection for
cloud datacenters using decision tree analysis. In Network Operations and Management
Symposium (APNOMS), 2012 14th Asia-Pacific (pp. 1-4). IEEE.