ITC 520 - Foundations of Computer Security
Project Phase-3
Chinthakuntla Laxmi Anvitha
Bala Tripura Sundari Kaza Venkata
CMU
Recap
Project Phase-1
1. Find a team member
Anvitha Reddy, Sundari Kaza
2. Come up with one of the recent attacks
RSA Phishing Attack (Zero-Day Exploit), Parent company – EMC
3. Identify the following:
a. Which year did the attack happen? On March 17, 2011 RSA revealed an attack on its two factor authentication products, where the attacker tried to send phishing emails and tried to reclaim the confidential or sensitive information from the parent company EMC.
b. At least one organization(s) that was a victim EMC
c. Vulnerability that caused the attack Vulnerability that caused the attack: A zero-day exploit aiming a vulnerability in Adobe Flash in order to trickle another malicious file which is a backdoor onto the receiver’s desktop computer. By doing so, this gave the attackers a foothold to excavate further into the network and obtain the access that they required.
d. Threat that led to the attack Here in this attack, the attacker attempted to send two targeted phishing emails to four employees at its parent company EMC. The e-mails which were sent included a malicious attachment which was been recognized in the subject line as “2011 Recruitment plan.xls.” The attacker in this case tried to establish a customized unapproachable administration tool which is known
Using proxy software Burp Suite it was discovered that the shopping site contained a hidden form field that could be manipulated.
0-day Vulnerabilities Exploitation – an attack that takes advantage of a vulnerability for which no patch is yet available.
On September 24, 2010, a laptop was stolen from an unlocked Urology office at the Henry Ford Health Systems hospital. The laptop did contain password protection software; however, it may not have been enough to permit access if the thief had advanced knowledge in computers. Additionally, the information stored on the laptop did not include social security or health insurance information, but instead held “patient names, medical record numbers, dates of birth, telephone numbers, e-mail addresses, and treatment and doctor visits” (Moscaritolo, 2010, p. 1). It is unknown how many records were contained on the laptop, but all records were related to prostate services that were provided during an eleven year span.
Specify the red flag(s) that Target overlooked or ignored before the retail attack and give your opinion as to why Target overlooked or ignored the red flag(s).
The framework of security policy is defined to construct a structure by the help of which policy gaps can be identified in an easy manner. A system specific policy would assist to ensure that all employees and management comply with the policies. This is also used to maintain the confidentiality for user authentication would assist in the confidentiality aspect of security, maintain integrity (There are several limiting rules or constraints which are distinct in the relational data model and whose work is to maintain the data’s accuracy and maintain its integrity.), availability and authenticity of the system. Access controls are a collection of mechanisms that work together to create security architecture to protect the assets of an information system. One of the goals of access control is personal accountability, which is the mechanism that proves someone performed a computer activity at a specific point in time. So, the framework acts as the guideline
Global Information Assurance Certification (GIAC) is an information security certification entity that specialises in technical and practical certification as well as new research in the form of its GIAC Gold program. SANS Institute founded the certification entity in 1999 and the term GIAC is trademarked by The Escal Institute of Advanced Technologies.
On December 15, 2013, Target released a statement confirming that malware had been installed and that most of it eliminated. Accordingly, reports indicated that Fazio computer approved the proposal of project management and the intruders’ compromised agreement publicizing to the company reportedly, the report reads. Besides, media reports indicated victimization of Fazio for phishing email comprising the malware Target used for installing another malware on the system of target, together with Target’s Point of Sale (POS) system used in recording transactions of cards and all payments. Cybercrime or internet hacking, according to Computer Crime Research Center Aghatise E. Joseph, is an internet crime committed using a computer as a tool or a victim targeted. Notably, it is much challenging to categorize general internet crimes into distinct groups since most cybercrimes evolve on a daily basis.
June 2010, VirusBlokAda a computer company in Belarus receives an email containing information on a computer located in Iran that appears to have a virus causing it to continually reboot. The virus is using a “zero-day” exploit from a LNK file of Windows Explorer, then infects the computer when a flash drive (USB stick) is installed and scanned and then the virus is automatically copied from the flash drive to the computer. Zero-day exploits are extremely rare occurring in approximately 1 in 1 million viruses. Because of the rarity of “zero-day” exploits, the cyber community usually takes notice and contacts the appropriate vendor, in this case Microsoft, so the vendor can patch the software and eliminate the issue. Microsoft then began building its patch for Stuxnet, but in the background Stuxnet continued on its mission.
This attack was a combination email spoofing and social engineering. The attacker was able to intercept emails that were intended to notify relevant individuals of the payroll incident. This led to the attacker being able to obtain sensitive, confidential information from the auditor which the attacker then used to modify payroll to their benefit - and the detriment of others. This social engineering attack relied on impersonation and earning trust without
Zero Day Exploits where the assailant discovers a flaw ahead of the security community in raises the defense (Wadlow, 2009).
Faults are a precise interaction of hardware and software that can be fixed given enough time.
Cybersecurity is meant to protect computers, networks and data from unauthorized access, vulnerabilities and attacks. Companies around the world have experienced many cyber-attacks in the last decade. Most companies were targeted in hopes of obtaining confidential information. Some companies were breached to find information that would allow the attackers to target their customers. One such attack happened to the security company RSA when their SecurID tokens were compromised. This paper will examine how RSA SecurID token technology works, how the RSA company network was breached, what information was stolen, and the impacts that resulted from the initial attack.
According to the proposed architecture of ITU-T Y.2002, there are only 3 layers: perception layer, transportation layer and application layer. So far, IoT does not have a standard architecture.
As we allow the Internet to become more and more embedded into our lives the topic of cyber security also need to become more embedded in our lives as well. Duncan Campbell, president and CEO of the Pennsylvania Bankers Association, points out, “Now more than ever, the world is vulnerable to hacking, phishing, data breaches, malware attacks and denial of service attempts from bad actors and nation states who want to compromise individual identification data and wreak havoc on our economy,” (Campbell). Each year we here about these attacks, Target, T. J. Maxx, Home Depot just to name a few. More concerning then, the frequency of these attacks is the magnitude of the data lost in these attacks.
D. Describe where on the network the attack likely originated. Provide specific examples based on general critical infrastructure systems (CIS) vulnerabilities to justify your claims.