Wednesday, December 4, 2019

Data Breaches and Debunking Myths †Free Samples to Students

Question: Discuss about the Data Breaches and Debunking Myths. Answer: Introduction: Earlier on in the year, Verizon the telecommunication company was subject to one of the biggest data breaches in the world. The companys systems were severely exposed which leaked millions of records owned by the companys customers. The company, however, did assure its customers that the attack did not present any serious threat as it was contained and isolated based on their operational systems(Pachal, 2017). Verizon has for many years offered telecommunication services to customers and with mobile communication on the rise, its services have had an increased application which has subsequently increased the data the company accesses. This data was fairly exposed after some systems owned by the organization was left unattended lacking the necessary security procedures. At the start of the breach, investigators highlighted that records owned by 6 million customers were exposed. However, this number later doubled and increased beyond this number as highlighted by independent research investigations. In the final estimate, the leak claimed over 14 million victims as their information was publicly available to the public(Deahl, 2017). In essence, the data breach affected the customer service department where clients regularly contacted to have their queries and problems solved. This leak was therefore outlined to have affected all customers who had been in touch with the company in the six months prior to the data leak. Moreover, the leak was contained to the department as isolated systems were used to control the customer care service as compared to all other services. Nevertheless, the leak exposed a fair amount of sensitive information including addresses, names and contact details. Moreover, some customers access pins were exposed as they had been used them during the communication exercise(Verizon, 2017). Immediately after the breach was discovered by an independent researcher, Verizon placed full blame for the breach on an independent service provider who had been contracted to handle the customer care facilities. In their statements, Verizon highlighted a company by the name Nice Systems as the responsible party in the events that unfolded. Furthermore, the organization had been using a cloud facility hosted by Amazon Web Service (AWS) which helped integrate all the communications between its customers and itself. Now, it was Nice responsibility to maintain and regulate the operations of the cloud server, a duty that they failed and which led to the leak(McAfee, 2017). On Nice Systems behalf, the companys outcome was propagated by a negligent employee who failed to secure the cloud infrastructure which left all the data stored in the AWS servers exposed. The leak uncovered a lot of information which led to the discovery of the amount of information entrusted to a third party member who had no direct contact with the customer themselves. Moreover, after several investigations were conducted, the leak was discovered to have exposed the companys log records where each and every communication was outlined. These log records contained unencrypted information that was available to the public in clear text format which also accounted for minimal redactions as it was earlier thought. In the end, records containing contact information, access PINS and customers account balance was exposed (Kumar, 2017). Vulnerability used: Although cloud services are easy to maintain and manage, their security policies require intricate procedures to secure their structures and infrastructures. For Verizon, these procedures were not implemented at the time of the breach which highlighted the failure of the organization as its actions (sub-contracting another company) led to the problem. Moreover, the parties involved also facilitated the attack as there was minimal accountability based on the hands that the information was exchanged. The data was controlled by the AWS, Nice and Verizon which presents a lot of challenges when accounting for access and security procedures. In addition to this, Nice had also contracted another party member to handle the data which further intensified the problem(Pachal, 2017). First, the problem was caused by a negligent team member who failed to secure the online services. Therefore, the first possible solution would be to implement security procedures that outline detailed descriptions of setting up the necessary security measures. It is common to forget to implement some security measures as they are either too trivial or too extensive to apply. However, with a laid out guideline, the support team can follow a step by step guideline to deploy the cloud service solutions. Therefore, as a company, Verizon should develop a new security policy to guide its employees and sub-contracted company(Micro, 2015). Secondly, Verizon should do away with third party members as they present more challenges when dealing with the security of sensitive information. Remember, cloud infrastructure like any other online services has many risks and threats, from intruders to malware attacks which necessitate the need for accountability. These risks are increased by contracting a third party member to handle the data owned by an organization. Furthermore, as a subcontracted company, Nice Systems does not have a direct connection with the consumers, therefore, they may fail to face the same consequences as the mother company (Verizon). This outcome may facilitate the negligent behaviour observed in this scenario where employees forget to implement the necessary operational procedures(McAfee, 2017). Ransomware attack (May 2017) Ransomware attacks fall under the greater category of malware intrusions where malicious programs are used to infiltrate computer systems. Moreover, with ransomware attacks, the perpetrators will use the intrusion to demand certain resources which in most cases are usually money related. In all, a malicious program will hold a machine under ransom disabling the files and data owned by the user until the money is paid (Mullin Lake, 2017). In accordance with the explanation given above, the attack that took place earlier in the year subjected its victim to financial demands, an outcome that generally disabled the functionalities of many computer systems. The intrusion was known as the WannaCry attack and it affected thousands of computers worldwide as it compromised multiple systems that were connected to the online infrastructure. WannaCry employed serious vulnerabilities in computer systems to propagate its attack, a process that was difficult to stop as it affected many systems at the same time(Chappell, 2017). In all, the problem began with a leak in the NSAs (National Security Agency) hack tools which contained a number of system vulnerabilities as per the organizations cyber-weapons initiatives. Now, the initial leak was conducted by a rogue access group known as Shadow Brokers who for a long time had been compromising many computer systems around the globe. Therefore, its through their initial attack set the precedence for the final attack that took place using the malware(Chappell, 2017). Those affected and how WannaCry attacked all systems without any form of distinction which facilitates its success across the globe. In fact, at the start, the malware had infected over 45, 000 systems across 100 countries. Moreover, these systems were fairly distributed across different fields of life including the public and private sectors. However, the attack did affect some countries more than others as outlined by the damages it imposed on the end users. WannaCry heavily affected the countries of Russia, United Kingdom, China and Spain. These countries had widespread intrusions, some which compromised the major sectors of business(Larson, 2017). In Russia, for instance, the banking industry was severely affected as some of the major financial organizations were attacked. Moreover, the countries public sectors was included as its ministries (Health and Interior) were faced with the intrusion. The same outcome was also experienced in the United Kingdom where its healthcare industry was exposed to the attack owing to the connections of the NHS systems (National Health System). In all, the NHS system coordinated the health care activities in the country providing a centralised access to medical data. Now, the intrusion targeted this system which disabled all the computers connected to it affecting the work of medical practitioners and the services offered to medical patients(Graham, 2017). A similar attack was experienced in Spain where its private sectors, led by the telecommunication and electrical industry were compromised. To start with, the countries second most favoured company Telefonica was affected, an intrusion that was followed by the attack on Iberdrola the countrys Power Company. Furthermore, the attacks on these companies were so severe that the organization's shut down their systems in an attempt to contain the attack, an outcome that led to many financial damages(Larson, 2017). How the attack took place As stated before, the root of the problem was NSA and its hacking tools which were accessed by the rogue group Shadow Brokers. Through these tools a vulnerability known as EternalBlue was discovered, a vulnerability that affected Windows systems based on its Server Messaging Blocks (SMB). Now, the SMB is a communication protocol that is used by the application layer (TCP/IP) to connect and transfer information across networks. This functionality is usually achieved by two main operations; one, the facilitation of the read and write action on files found in networks and two, the ability to request for services across networks. Therefore, using the SMB, a machine is able to access and share information with the networks its connected to as well as other machines(Titcomb McGoogan, 2017). EternalBlue compromised this functionality of the SMB which gave the intruder unsolicited access to machines connected to various networks across the globe. In all, the following simple steps were used to attack machines. WannaCry started by establishing a connection with a network through the SMB protocol. This protocol used a simple handshake, a process that was fairly exploited in this stage. From the access procedure, the second step was the delivery of the malware itself which was done using an encrypted file having the activation program of the ransomware (Response, 2017). After delivering the file, the activation file was triggered which compromised the host machine. In addition to this, the program also scanned for other connections to spread the attack in subsequent networks. The final step was the replication process where other unsecured networks were attacked. According to Windows, the attack would have been avoided if the compromised systems had updated their firmware. WannaCry exploited an initial bug contained in Windows operating systems which based on its extensive application in world facilitated the attacks. Therefore, had the consumers updated their system, the necessary patches that fixed the vulnerability would have been installed stopping the attack before it happened. However, at the same time, the affected organizations should also have had better security procedures to detect and contain network intrusions. Yes, the systems were compromised by the EternalBlue vulnerability, but this weakness should have been contained by the isolation techniques used by the security measures of network control. In addition to this, the users would have had better intrusion detection systems to highlight the possible compromises within the networks themselves. Therefore, the lack of optimal security procedures and policies facilitated the atta ck as much as the Windows vulnerability. As such, the prevention solutions would have been to implement an optimal security policy after thorough risk assessment procedures coupled with the necessary systems updates (EY, 2017). References Chappell, B. (2017). WannaCry Ransomware: What We Know Monday. The two way, Retrieved 30 August, 2017, from: https://www.npr.org/sections/thetwo-way/2017/05/15/528451534/wannacry-ransomware-what-we-know-monday. Deahl, D. (2017). Verizon partner data breach exposes millions of customer records. The Verge, Retrieved 30 August, 2017, from: https://www.theverge.com/2017/7/12/15962520/verizon-nice-systems-data-breach-exposes-millions-customer-records. Graham, C. (2017). NHS cyber attack: Everything you need to know about 'biggest ransomware' offensive in history. The Telegraph, Retrieved 30 August, 2017, from: https://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-know-biggest-ransomware-offensive/. Larson, S. (2017). Massive cyberattack targeting 99 countries causes sweeping havoc. CNN tech, Retrieved 30 August, 2017, from: https://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/index.html. McAfee. (2017). Verizon 2017 Data Breach Investigations Report. McAfee, Retrieved 30 August, 2017, from: https://www.mcafee.com/us/security-awareness/articles/verizon-2017-dbir.aspx. Micro, T. (2015). Follow the Data: Dissecting Data Breaches and Debunking Myths. Trend Micro Analysis of Privacy Rights Clearinghouse 20052015 Data Breach Records, Retrieved 30 August, 2017, from: https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-follow-the-data.pdf. Pachal, P. (2017). If you're a Verizon customer, you should change your PIN now. Mashal, Retrieved 30 August, 2017, from: https://mashable.com/2017/07/13/verizon-data-breach/#bZDR9.cdOqq9. Titcomb, J., McGoogan, C. (2017). Cyber attack: Latest evidence indicates 'phishing' emails not to blame for global hack . The Telegraph, Retrieved 30 August, 2017, from: https://www.telegraph.co.uk/technology/2017/05/15/nhs-cyber-attack-latest-authorities-warn-day-chaos-ransomware/. Verizon. (2017). Verizon's 2017 data breach report. Verizon, Retrieved 30 August, 2017, from: https://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.