What series of malicious events led up to the incident?
The following events led up to the reported incident. First, an attacker spoofed his IP address to eavesdrop on the network to find the finance and HR information systems. Second, the employee hacked into the HR database and increased his salary in the records system. This resulted in the employee receiving two paychecks with the altered amounts. Third, the employee sniffed the network to intercept and alter emails about the checks between an auditor and management. Fourth, the employee impersonated a person who has access to financial records to gain more access to other financial records. Finally, the employee decreased the company President’s paycheck while increasing his paycheck by
…show more content…
Account hijacking - again, this attack’s severity is high because the attacker had access to finance record accounts on the finance information systems.
Email spoofing attack - email spoofing is a medium severity attack because it is an easily mitigated attack; it is mostly a nuisance to most organizations.
MITM attack - the severity of an MITM attack is medium since the attacker used it to intercept messages between the auditor and the finance department; it can be easily mitigated with network and VLAN segmentation accompanied by access control lists; often times, using a layer two switch mitigates the issue.
Describe how these additional attacks can be prevented in the future.
Mitigate the attacks by using the following techniques:
Encryption - apply encryption to the network with software and hardware solutions. For instance, software can be used to encrypt the financial records for anyone unauthorized to see the information, and a hardware solution can be used to build a VPN from any remote
An attack that was not mentioned in the scenario was social engineering. The employee that manipulated the system used social engineering as well to convince the auditor that not only did the emails get sent by the person to whom they were
A1. The Nature of the incident was that an employee was able to hack into the computer system and gain access to the financial payroll system, human resources and even email system. This employee used several methods in order to gain access into the system: IP spoofing, Data modification, Man in the middle attack and compromised-key attack. As a result the employee was able to tamper with payroll system. An auditor discovered the discrepancies and tried to make upper management aware of the situation through email, but the email was intercepted by the hacker. The hacker impersonated an employee and persuaded the auditor into granting him more access into the system which resulted in additional sabotage into the payroll system. Hacker
These attacks can be extremely damaging to one’s intellectual properties (information, money, etc) as well as a concern for personal safety. The key to stopping or minimizing these attacks is to learn what these attacks are and how they are executed to really create an effective plan to stop unnecessary losses.
This shows a major breakdown in managerial controls that a low level employee was able to take steal money over the course of a couple of years without ever being suspected. This is a prime example of why internal controls are so vital and why even the government needs to be audited. Ruiz
Mim has finally reached Cleveland, Ohio. Her enemies, Poncho Man and Caleb, have been jailed for their crimes, but Mim’s memories still haunt her. As she roams around her old, now empty house, she is suddenly interrupted by Kathy, her stepmother. Despite her many disputes with Kathy, Mim agrees to let her take her to the hospital where Mim’s mother resides. Leaving her friends, Beck and Walt, outside, Mim goes inside and finally sees her mother. She realizes her mother hadn’t wanted Mim to see her so broken and empty, and knows it’s time to accept her past and move on. Saying her goodbyes, Mim leaves the hospital and finds her friends have gone to start new beginnings, but they left her promises they will meet again. Feeling hopeful for
Most of the parts of the assets affected include the computer's software and networks used by the company. This incident was detected in the month of February and as part of the Anthem, Inc. responsibility a formal warning was given right after detecting a possible breach to our software and network, but the hackers had already accessed some of our data.
Steps are taken to maintain the confidentiality of data through digital signatures by the personnel and through the computer security assurance using the key coding and unlinking of the data.
In fraud committed against organizations, the victim of fraud is the employee’s organization. In frauds committed on behalf of an organization, executives usually are involved in some type of financial statement fraud; typically, to make the company’s reported financial results appear better than they actually are. In this second case, the victims are investors in the company’s stock. A third way to classify frauds is via the use of the ACFE’s occupational fraud definition, “the use of one’s occupation for personnel enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets” (ACFE, 2010). The ACFE includes three major categories of occupational fraud: asset misappropriations involves the theft or misuse of the organization’s assets, corruption involves the wrongful use of influence in a business transaction in order to procure benefits contrary to their duty to their employer, and fraudulent financial statements involving falsification of an organization’s financial statements for personal gain.
On September 8, 2015, it was discovered that a Patriot Financial Services (PFS) employee, whom provided customer support services to clients, had stolen personal financial data from approximately 50K of their customers. The data stolen by this employee was comprised of personal customer information including full names, home addresses, social security numbers, contact numbers, bank account numbers, driver 's license numbers, birth dates, email addresses, mother 's maiden names, pin’s and account balances. The suspect employee then proceeded to leak out this
In the past few years, Global Finance, Inc has been a victim of numerous cyber-attacks from intruders which have given rise to revenue losses of about $1,700, 000 and client confidence
The risk of financial sector in the United States of America has become increasingly more apparent and more diverse to the United States over the last few decades partially because of the advanced computer and cyber based accounting networks that the Nation has shifted to. The security of our financial systems is absolutely critical including being one of the primary concerns and directly
Key roles that will play a big part in the completion of this project will pertain to network security and reliability and client confidentiality.
This attack was a combination email spoofing and social engineering. The attacker was able to intercept emails that were intended to notify relevant individuals of the payroll incident. This led to the attacker being able to obtain sensitive, confidential information from the auditor which the attacker then used to modify payroll to their benefit - and the detriment of others. This social engineering attack relied on impersonation and earning trust without
Information security department or administrator is the one to handle security incidents. Only after suffering from the attacks organizations learn how to respond to a security attack. There are clearly direct benefits in responding to security incidents. It helps us in winning business
Safety of information is the most valuable asset in any organization particular those who provide financial service to others. Threats can come from a variety of sources such as human threats, natural disasters and technical threats. By identifying the potential threats to the network, security measure can be taken to combat these threats, eliminate them or reduce the likelihood and impact if they should occur.