Cyber-Attacks : Case Report

We have all herd of security breaches on corporate servers that has exposed personal and important information that should be secure. Hackers and criminals have been doing this since the invention of the internet and has only increased along with our use and dependency on networks. It is becoming more apparent that company’s need to protect their windows and Unix/Linux servers from known or unknown shortcomings and vulnerabilities from hackers who want to steal information for malicious purposes. Hackers will use codes or malware to corrupt network or operating system of the target company, with the intent to steal information such as proprietary information, personal information including social security numbers, contact information, or any

During this course there have been a number of key learning points that would help every organization protect itself from a cyber-event. These include password management, patch management, security policies, encryption, and user training. In each of the cyber security breaches one or more of these standard security protocols were not used.

The Cyber Attack on iPremier, is perhaps one of the most studied cases. In this case study “A new CIO tries to manage a DOS, or denial of service attack, against on a his e-retailing business”. , (1). The iPremier Attack is studied widely, and Harvard Business School is known for presenting this case study to its students, in order to show that some “companies are not taking security seriously”. , (2). iPremier had many opportunities after the initial attack to implement security such as implementing and enforcing Business Contigency Plan, Training employees to handle emergencies, separating stack servers from web based servers, and including

Also, “During the initiation stage of the project, the following ‘issues/considerations’ had to be resolved: which methodology should be used in order to implement an efficient BCM programme and at the same time to meet the regulatory requirements imposed by the BOG?” (Aronis,& Stratopoulos, 2016 Spring) Moreover, there was an apparent lack of both communication and supervision concerning the error email that was sent out. Cook (2015) states that the purpose of business continuity and disaster recovery is to minimize the damage and control the repricutions. (p.23) The company needed to have someone monitoring the systems at all hours of operation in order to catch issues before or when they

In 1997 the National Security Agency (NSA) tested the Pentagon’s cyber security in an exercise named “Eligible Receiver”. Within two days of the exercise, the NSA team had penetrated the classified command network and was in complete control of network. Two years later, the United States Air Force experienced a computer breach in which huge amounts of data were being exfiltrated from research files located on airbases. “Gigantic amounts of data were being shipped out from a lot of computers in the Defense Network and from many data systems in the national nuclear laboratories of the Energy Department.” (Clarke, p. 111) File case named “Moonlight Maze”, by the FBI day-lighted two important aspects of information security. Computer specialist

Cyber-attacks are common in the defense industry, but in January 2010, a sophisticated, advanced persistent threat hacked into the commercial sector forever changing the face of cyber security. Dubbed “Operation Aurora” by McAfee, the attack targeted specific high profile corporations to obtain valuable intellectual property. Google, Yahoo, Juniper Networks and Adobe Systems were also among the victims of this highly coordinated cyber heist. By manipulating computer codes the attackers were able to exploit the Microsoft Internet Explorer vulnerabilities to gain access and obtain valuable sensitive information from over thirty high profile companies. Operation Aurora proves that the world is entering into a high-risk era where

Cyber security breaches have shown a spike in 2015, with large-scale compromises on companies like Target, Sony and Home Depot. There is a strong demand to deploy more robust cyber security tools to prevent future attacks. FireEye, a cyber-security firm, has started to fill the void and is reaping the rewards.

With technology today hackers can gain access into a company’s system and retrieve information. Theft of company hardware is a limitation. A person can steal a company’s computer hard drives that have valuable information stored on them and retrieve the information off them.

Every business and organization can experience a serious incident which can prevent it from continuing normal operations. This can happen any day at any time. The potential causes are many and varied: flood, explosion, computer malfunction, accident, grievous act... the list is endless.

The purpose of this paper is to touch on the issue of Hacking. It will go into detail about the history, evolution, future and prevention of Hacking. In addition, this paper will discuss different types of hackers and their motivation behind hacking. This paper examines the major impact caused by malicious hackers and give modern examples of such attacks. To conclude, it will predict how hacking will be in the near future and give the precautionary measures Information Security professionals can take to mitigate the risk of being victimized.

Linton (2011, p.44) stated that hacking of network of common users and attacking their personal computers is one of the most threatening problems at present. It is happening in every second that results in a loss in several ways like loss of credentials, personal information etcetera. Although the use of personal computers and the internet has been increased rapidly, numbers of users who are the expert and have good knowledge to tackle the matters are very rare. In addition, time, as well as required equipment to protect hacking, is also very.

BS’s primary vulnerability is with back-up procedures and the ability to protect and retrieve the company’s information to efficiently conduct business. They lack a comprehensive security plan and do not have an enterprise-wide process for recovering disrupted systems and networks, and are at risk for not being able to resume normal operations when issues arise. It would be in their best interest to adopt a single system approach and consistent measures that reduce the impact of system disruptions and increase system availability.

SQLinjection is a kind of attack that occurs through insertion or injection of a SQL query from the input data of the client to the application for repelling the database information even though the database is not directly connected with the internet.

According to Gartner Inc., the market for cloud-security services is expected to reach nearly $4 billion in revenue in 2016, up from $2.1 billion last year. As more businesses move to the cloud, it’s essential that we understand best practices of cloud security and provide transparency when it comes to the solutions. The Cyber security in cloud computing is aimed at reducing the security threats in cloud environment. The project involves building a knowledge base to establish comprehensive research plans for automotive cybersecurity and develop enabling tools for applied research in this area. It is aimed to research the feasibility of developing minimum performance requirements for automotive cybersecurity.

In just the first decade of the 21st century, exponential advancements have been made in the field of science and technology. Computing capabilities have grown multifold and we are now consuming information in measures of exabytes, which could soon cross over into zettabytes. In fact, it was estimated in 2011 that all of the computers in the world collectively crunched 9.57 zettabytes (Turnbull, 2011). All this information has created a dependency on machines to deliver results in the fastest possible time, so that decisions can be made and actions can be taken at the earliest. This could be right from something as simple as an Excel sheet used for maintaining the finances of a household, to the computers that power Dow Jones. As can be imagined, any occurrences of failures can prove to be catastrophic, as was evidenced earlier this year. On the 8th of July, the servers at the New York Stock Exchange went down for over four hours, thus sending thousands of investors into a tizzy (Popper, 2015). Around the same time, United Airlines suffered a network issue that directly resulted in the cancellation of 61 flights and the delay of over 1,100 flights (Drew, 2015). As evidenced by these examples, no system is foolproof and therefore, it would be prudent for those who are in charge to develop plans to fall back on in case of such failures. To be able to tackle such issues, risk management programs are formulated. These programs try to offer comprehensive coverage of