Monday, December 9, 2019
Information Security for America JobLink - myassignmenthelp.com
Question: Discuss about theInformation Security for America JobLink. Answer: Americas JobLink breach What was the problem? The America JobLink, which is a web based system which connect the job seekers and the employers, they revealed that their system were breached by a hacker who exploited the misconfiguration in the application code (Acua, 2016). This attacker was able to gain an access to the personal data of about 4.8 million job seekers, which included their full names, the date of birth date as well as the social security numbers (Al-Bayaa, 2011). The Alabama Department of Labor recently reported that the data breach in the America JobLink system. The America JobLink is managed by the America JobLink Alliance, which is a Kansas City organization which provides the online services to the multiple state employment offices across the country, which include Alabama (Acua, 2016). All the individuals who registered with the Alabama State Employment, they may be at the risk of the identity theft. How and why it occurred On 12th March AJLA tech support team had received the errors in the systems which indicated the suspicious activity of their system (Collier, 2017). The incident was reported to the law enforcement, as well as the third party forensic team which helped to determine on the scope of breach. The investigators confirmed that the suspicious activity of the March 21, and the breach was announced on the next day. The question which remains what happened on 12st March? On this day the America JobLink (AJL) was the victim of the breach when the hackers exploited a flaw in their application code and they were able to gain unauthorized access to the data of the job seekers in the ten states in America (Easttom II, 2016). AJL has a multi-state system that links the job seekers with the employers. On this day the attackers were able to gain the entry in the system and accessed the names, birthdates as well as the social security number of the applicants from Alabama, Delaware, Arizona, Kansas, Illinois, Maine, Vermont and Oklahoma (Goodrich Tamassia, 2013). In the breach there was a code configuration which was introduced into the system through the update. The organization national reach made this breach very serious as a result of the hackers accessing the users data from the ten different states (Goodrich Tamassia, 2013). According to the states targeted Illinois was the most affected with an approximate of one million four hundred users with the state who were compromised on their data. The severity of the breach was also impacted by the kind of data that was breach, such that the social security number being the most crucial and available information from the hackers perspectives. Additionally, it is important to note no matter how many records that were affected the information which is exposed indicates that the victims could face very serious issues especially down the road such as fraud or perhaps the identity theft (Siponen, Mahmood Pahnila, 2014). The hackers breached on this system because they wanted the information of the client such as the social security number and be able to steal their funds. What are the possible solutions? As a society individuals have reached to the point in which every organization have been entrusted with the personal information of the client. The organization needs to constantly test and harden on both their internal and the external defenses. One of the possible solution to this attack would be to remove ones data from the AJLA systems. To accomplish this, AJLA had instructed individuals to contact their local AJLA office for further assistance. The local office would then check individual accounts and determine if there data was compromised in the attack. Another thing would be to review ones credit report and keep an eye out for any suspicious activity on the bank accounts. The compromised data in the breach could allow the hackers from access to individuals accounts and make unauthorized purchase or even creating of new accounts under ones name (Streeter, 2013). In case one notices any inconsistent activity on the accounts, it is important to a contact the bank immediately. An other possible solution to this attack would be to place a credit freeze on the credit file (Streeter, 2013). This would offer an extra layer of protection by requiring on the additional verification in opening of new line of the credit under ones name. AJLA is offering a free credit monitoring services to many individuals who were affected by the attack. Those individuals who are being helped would receive an activation code in an email from the AJLA to be able to access on the solution. The organization could hire white hat hacker in order to test their system. The white hat hackers are extremely critical when an organization wants to prevents any kind of sophisticated attacks. Such hackers usually perform a high level attacks and the penetration tests with the business consent (Safa, Von Futcher, 2016). The intent behind these types of tests should be to identify the weak points in the system to enable them to seal and prevent any specific external attacks. The company may also perform the in house tests. Additionally, there could possibly be utilization of the system hardening (Safa, Von Futcher, 2016). This can be known as the lockdown or the security tightening, and it involves the activities such as the configuring of the software for the optimum use, deactivating all the unnecessary software program which may form the basis of the simple attacks and configuring on the system for the ideal security. Additionally, the system hardening process is carried out in a phased consider to be able to increase on the variety of the defensive layers in addition to reduce on the exposed attack surfaces. Part B: May 2017 ransomware cyber-attack on the web What was the problem? There was a massive ransomware attack which showed the vulnerability of the world against the cyber-attack (Graham, 2017). This attack was over reliance on the digital world as well as the artificial intelligence which made its defence to be fragile and exposed to the data thefts. In this ransomware attack it was known as the WannaCry which occurred in May 2017. WannaCry is a ransomware crypto worm which highly targeted the computer systems running on the Microsoft windows operating-system by encrypting on the information and demanding a ransom transaction in terms of the Bitcoin cryptocurrency (Graham, 2017). The attack started out on Friday, 12th May 2017 and within a day it had been revealed that the attack had infected to a lot more than 230, 000 computers to over one hundred and fifty countries. There was clearly section of the United Kingdom National Health Service that has been also infected , which triggered it to run some services on emergency only basis in the course of the attack . The WannaCry propagates on usage of the EternalBlue, which can be an exploit of the Windows Server Message Block protocol (Graham, 2017). The ransomware is a kind of the Trojans which takes over the computer and also prevents the users from gain access to of the data on the computers until the ransom has been paid. For most of the situations the software infects the computers via the links or maybe attachments in the malicious messages that are considered the phishing emails. Once the user has clicked on the links or even open a document, their computers are infected and the software takes over the system (Schou Hernandez, 2014). The individuals who were responsible demanded the users to pay three hundred dollars worth of bitcoins to enable them retrieve their files. Who were affected and how? Some of the major international institutions which were attacked by the ransomware are the British Health service which was infected causing it to run some services on an emergency only basis during the attack (Gordon, Loeb, Lucyshyn Zhou, 2015). This also to stalling of the surgeries and other critical patient care activity across the British Isles, and making of the confidential data of the patients and other documents to be inaccessible. Some of the report highlighted that Russia had seen more infections than any other country. Their domestic banks, the interior as well as the health ministries, the state owned Russia railway firms and the mobile phone network were hit (Gordon, Loeb, Lucyshyn Zhou, 2015). In Spain there were a number of large firms which were hit such as the Telefonia, power firm Iberdrola as well as the utility provider Gas Natural (Gupta, Agrawal Yamaguchi, 2016). These attacker used the software to infect the computers via the links or perhaps attachments in the malicious messages which are regarded as the phishing emails, and once someone clicked they take control of the system. How was the attack carried out? The ransomware attack are malicious software from the cryptovirology which threatens to publish on the data of the victims or perhaps partially block the access to it unless the ransom has been paid (Kennedy Kennedy, 2016). This ransom attack was carried out using a Trojan which was disguised as the legitimate file that the users are tricked into downloading or opening when it arrives as an email attachment. In the case of this attack it was a high profile WannaCry worm which travelled automatically between the computers without the interaction of the users (Kruse, Frederick, Jacobson Monticone, 2017). The attackers used the exploit vectors known as the EternalBlue which was leaked from the USA National Security Agency (Kennedy Kennedy, 2016). This ransomware spread in unprecedented scale infecting to more than two hundred thousand computers to over one hundred and fifty thousand countries (Pope, 2016). The wana Crypt0r 2.0 was bug which encrypts the data on the computer of the us ers within seconds and it displayed a message asking the users to pay for the ransom of three hundred dollars in Bitcoins to restore their access to the device and the data which is inside it. What could have been done to prevent the attack? The first thing the organization need to do is to examine what they are doing in order to prevent against phishing attacks (Renaud Goucher, 2014). There is need to educate the staff in regards to these threats and even carry out a red team type test through sending fake phishing emails out to employee and see if they could fall victims (Pope, 2016). Another things that the WannaCry attack showed was that the business need to make sure that they constantly update on their software and should install appropriate security patches. According to the investigation highlights that WannaCry ransomware software entered the NHS system via the vulnerability in the outdated Windows XP operating system (Pope, 2016). Keeping the system with the latest operating system could have helped to prevent this attack. Lastly, another way to have prevented the attack was for the companies should have a game out of the cyber scenarios and have a plan that is in place on how to handle the attack if it actually happened. Each business should have considered their worst case cyber event and ways to handle it, this way they would be prepared for any attack which could impact on the organizations. References Acua, D. C. (2016). Effects of a comprehensive computer security policy on computer security culture. Al-Bayaa, A. B. (2011). Preventive Security in the 21st Century: The Threats of the Threats. Inquiries Journal, 3(01). Collier, R. (2017). NHS ransomware attack spreads worldwide. Easttom II, W. C. (2016). Computer security fundamentals. Pearson IT Certification. Goodrich, M., Tamassia, R. (2013). Introduction to Computer Security: Pearson New International Edition. Pearson Higher Ed. Gordon, L. A., Loeb, M. P., Lucyshyn, W., Zhou, L. (2015). Externalities and the magnitude of cyber security underinvestment by private sector firms: a modification of the Gordon- Loeb model. Journal of Information Security, 6(1), 24. Graham, C. (2017). NHS cyber attack: Everything you need to know about biggest ransomwareoffensive in history. The Telegraph. Gupta, B., Agrawal, D. P., Yamaguchi, S. (Eds.). (2016). Handbook of research on modern cryptographic solutions for computer and cyber security. IGI Global. Kennedy, S. E., Kennedy, S. E. (2016). The pathway to securitymitigating user negligence.Information Computer Security, 24(3), 255-264. Kruse, C. S., Frederick, B., Jacobson, T., Monticone, D. K. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), 1-10. Pope, J. (2016). Ransomware: Minimizing the Risks. Innovations in clinical neuroscience, 13(11-12), 37. Renaud, K., Goucher, W. (2014, June). The curious incidence of security breaches by knowledgeable employees and the pivotal role a of security culture. In International Conference on Human Aspects of Information Security, Privacy, and Trust (pp. 361-372).Springer, Cham. Safa, N. S., Von Solms, R., Futcher, L. (2016). Human aspects of information security in organisations. Computer Fraud Security, 2016(2), 15-18. Schou, C., Hernandez, S. (2014). Information Assurance Handbook: Effective Computer Security and Risk Management Strategies. McGraw-Hill Education Group. Siponen, M., Mahmood, M. A., Pahnila, S. (2014). Employees adherence to information security policies: An exploratory field study. Information management, 51(2), 217- 224. Streeter, D. C. (2013). The effect of human error on modern security breaches. Strategic Informer: Student Publication of the Strategic Intelligence Society, 1(3), 2.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.