Research, identify, write and post a summary, and be prepared to discuss in class an article you found about a current event in the Information Security arena. For this week’s theme, research a current cybercrime theme – such as a recent attack, or management research on how organizations are dealing with cybercrime.
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Ahmed A. Alkaysi says
https://latesthackingnews.com/2019/05/20/stack-overflow-data-breach-exposed-some-user-records-to-hackers/
A stack overflow breach has exposed the data of up to 250 users. Attackers exposed a bug in the development tier for stackoverflow.com, which allowed them to escalate their privileges to production. This bug was introduced in May 5 as part of a new build to the development tier. Although the attackers didn’t have direct access to the database, they made a number of “privileged web requests” which returned IP addresses, names, and/or emails for up to 250 users.
Elizabeth V Calise says
Ahmed,
I think it is important to note what steps they company took to address this breach and ensure network security which included containment of unauthorized access, network and database audits, bug fixes, forensic team and public disclosure of the matter. When thinking of some of the necessary steps they took after the breach, it got me thinking (like most breaches I read about online). For certain items, I wonder why was this not already part of your cyber process. Why were not audits done before or paying attentions to bug fixed? Maybe it is because you read these type of breach articles all the time when in the ITACS program, but some of these things seem obvious to me that a company should do and should have already been considered before the breach occurred….but maybe I am wrong?
Brock Donnelly says
Wow this sounds almost harmless compared to some of the totals for data breaches. There is something funny about the operations at large companies. With out the proper administrative controls as proper role designation certain jobs will not be completed let alone thought about. I am sure in todays fast paced environment some companies grow faster then they can securely accommodate leaving high level principals to go unchecked. Some controls that seem easily chosen are never given the proper chance of discovery because the business core is unbalanced.
Duy Nguyen says
https://www.wired.com/2016/12/ibm-watson-for-cybersecurity-beta/
IBM’s Watson is the latest tool added to the cybersecurity fight. Watson new task is to assist in the prevention of cyber crimes. Watson has been feeding the fundamentals of cybersecurity in the last year and has been practicing its analytical skills. It has been studying roughly 15,000 documents a month, linked to libraries and newsfeeds in order to keep its knowledge base current. It’s currently applying what it has learned to analyze traffic patterns for 40 organizations. Researchers have found that cognitive computing is 30 to 40 percent more effective than rule-based systems and produces fewer false positives.
Elizabeth V Calise says
Duy,
Interesting article. For the discussion question, I read something where it stated fighting cybercrime is not always about using the latest tools, so I was curious how many organizations are using this tool. Some tops names are Chevrolet, 1-800-FLOWERS, Macy’s, and The North Face. It is also good to consider that cyber attacks and tools that fight off cyber attacks are continuously developing. This tool is using machine learning and language processing which can help make better and faster decisions. Even though it is unnecessary to get every new cyber tool that enters the market, it is important to take notice on how the cyber world is advancing and which tools are addressing that advancement.
Brock Donnelly says
While cognitive computing seems like a scary topic for some I am excited to see how it develops. I think one of the best places to apply cognitive computing in cyber security would be in our intrusion detection systems. With the proper experience and focused data tables a “Watson Inside” IDS could allow for some advanced detection.
Ahmed A. Alkaysi says
Thanks for the article Duy. Its very interesting that in the article it stated security teams go through up to 200k significant events per day. To me that’s a crazy number, but it’s not uprising for large organizations. Not only will Watson be able to identify and categorize incidents from the events, but as the article stated, there will be so much time saved by feeding a system 200k events and not having to manually sift through everything yourself. Obviously there will always be a human element, but that will most likely come from the decision making aspect side of things, instead of the analysis.
Oby Okereke says
https://www.scmagazine.com/home/opinion/executive-insight/cybersecurity-threats-and-unified-communications/
In order to compete in an ever changing business world, organizations are implementing unified communications with the aim of enhancing business communication, collaboration and productivity. By combining various genres of technology, a host of interconnected systems, devices and applications that were disparate units have been combined together to aid communication with an enterprise communication boundaries.
The disadvantage of such interconnected systems is the exposure of weak connection mechanisms that could lead to unbridled access to the whole operating mechanism of unified communications thereby that permeating a cyber-attack.
Mariana Peycheva opens her article by posing the question “how can companies put up adequate barriers to ensure they are protected against the most up-to-date and harmful cybersecurity threats?” especially as it relates to unified communication.
She goes further to offer some answers that will help organizations make UC fit for purpose. The three answers that stood out for me are thus;
Continually reviewing and optimizing the Information Security Management System
– Companies should continually review and optimize their Information Security Management Systems (ISMS), which include security policies and procedures, security change management control and review of the risk register.
Maintain a strong and effective Configuration Database (CMDB)
– Apply clear responsibilities and ownership of your CMDB and keep equipment up to date.
Thorough crisis and incident management
– Best practice dictates that everything needs to be clearly documented; crisis management be led by a member of the senior management team; and that teams meet regularly to update on actions and activity parts.
Ahmed A. Alkaysi says
One of the suggestion made in the article is not to stick to the ISO 270001, but instead consider other standards like NIST. NIST is such a great cyber security framework that every organization should use. It can apply to both small and large organization, The categories that NIST covers: Identify, Protect, Detect, Respond and Recover provides end-to-end controls for an organization. Every organization, especially large organizations, should consider using NIST for cybersecurity, COBIT 5 for IT Governance, and ITIL for Service Delivery & Management.
Elizabeth V Calise says
5 Strategies for Addressing Cybercrime
https://gcn.com/articles/2017/01/11/strategies-addressing-cybercrime.aspx
There are always going to be criminals robbing individuals, banks,etc., but why? Because “That is where the money is.” Looking at the internet age, criminal conduct has increased dramatically through cyberspace. Cybercrime can easily have long-term effects – from the impact on organizations from the theft of intellectual property or business secrets to the consequences of identity theft.
Responding to cybercrime is a challenge because the economics favor the criminals. With access to a laptop, an individual can cause havoc on individuals and organizations with minimal cost and minimal risk of bring caught. However, more advanced technologies and protective measures help defer this havoc from happening. It is imperative that all digital users practice basic cybersecurity to increase protection and improve cyber security as a whole.
A framework that organizations use to deal with cybercrime include some of the below:
1. Raising awareness – Organizations are aiming to have a comprehensive and sustained cybersecurity education campaign which is essential for raising public awareness. It helps raise the awareness for the need to deploy basic protective measures on desktops, laptops, tablets, phones, the use of strong passwords, system updates, etc.
2. Building an economic framework – Simply purchasing every new tool or security product is not the solution. It is important to make investment decisions for cybersecurity in a risk management construct.
3. Implementing a response plan – Implementing a cyber incident response plan is essential. It should recognize the nature and risk presented by cyber events and provide clarity around roles and responsibilities including various stakeholders. Ideally, a strategic and agile framework should be considered and included.
Jonathan Reid Kerr says
Elizabeth,
Great article, I agreed with pretty much every point they hit on. I found the topic of cyber-security in education interesting, specifically when they mentioned courses in K-12. I’ve always been a huge advocate for security awareness training and education. The idea of having cyber-security courses in K-12 might be a successful way to combat the growing cyber threat. Instilling information security practices, such as secure passwords, in K-12 would be a good way to prepare them for some of the threats that exist now and in the future. It may also have the added benefit of generating interest in the area, which is definitely needed.
Dima Dabbas says
Elizabeth,
Great points! I think the one thing that organizations do not necessarily implement or have is an incident response plan in place. Organizations typically focus on having the security controls in place disregarding the fact that they should be making employees aware of the topic of security and how they can help in protecting the organization as well. Implementing an incident response plan that has been tested is essential as it means that the organization is aware of the cyber risks and threats that surround it and are prepared to respond it it in the event that it happens. This ensures that the organization is able to get back to its regular business operations as soon as it can.
Brock Donnelly says
U.S. Charges Chinese Hacker For 2015 Anthem Data Breach
The United States Justice Department has announced the responsible party for the their alleged role in the 2015 massive data breach at health insurance giant Anthem. The DoJ named Chinese national Fujie Wang and another hacker named John Doe responsible. They will be charged with a total of four federal counts:
one count of conspiracy to commit fraud and related activity in relation to computers and identity theft;
one count of conspiracy to commit wire fraud;
two substantive counts of intentional damage to a protected computer.
In 2015, the hackers managed to breach Anthem, the country’s second-largest health insurance company and stole personal information of over 80 Millions of its customers, including Social Security Numbers, birthdates, email addresses, residential addresses, medical identification numbers, employment information, and income data.
It is believed that the stolen information was vulnerable because Anthem did not take proper precautions, such as protecting the data in its computers and servers through encryption. While Anthem encrypts medical information it seems this laundry list of stolen data was not encrypted. The data breach lead to email scams seeking more personal data through bogus credit protection services as soon as this story hit the news. Anthem answered by removing technology from the situation. To avoid further fallout from the hackers, Anthem said it will contact its customers only via mail delivered by the U.S. Postal Service. Anthem has also hired cybersecurity firm FireEye to discover which customers are exposed. U.S. lawsuits were quick to follow resulting in $115 million fine to settle. Over 90 percent of healthcare organizations reported they have had at least one data breach over the last two years. Anthems breach is twice as large as the 2013 incident with Target.
Over 80 Million customers have their highly sensitive PII compromised. I find the totaling settlement low especially since targets lawsuits have totaled over $300 million. With the type of data listed a malicious party could unlock nearly any account these days. Like you Social Security number some of this data may never change.
How do you feel about the total of the settlements against Anthem? Does total of the settlements seem low/High to you? I wish the FBI luck on finding John Doe.
How to protect yourself after a breach:
– Monitor Your Accounts
– Sign Up for Credit Alerts and Identity Theft Protection for Free
– File Your Taxes Early
– Get Password Manager and Use Two Factor Authentication
– Stay Vigilant
check out https://www.anthemfacts.com/
https://thehackernews.com/2019/05/chinese-hacker-anthem-breach.html
Scott Radaszkiewicz says
Russian bots rigged Voice Kids TV Talent show results
https://www.bbc.com/news/world-europe-48293196?intlink_from_url=https://www.bbc.com/news/topics/c1xp19421ezt/cyber-crime&link_location=live-reporting-story
I found this article interesting, because it shows how pervasive cyber attacks are in our life. Not only does it have financial impact on organizations, it has cultural and social impacts. The Voice Kids is a spin off of a popular singing competition show, and because of this cyber attack, it has now been surrounded with questions. A ten year old, Mikella Abramova, won the competition with 56.5% of the phone votes. According to an investigation by cyber security firm, Group-IB, bots were used to carry out the attack.
The winner is the daughter of a Russian pop singer and a wealthy businessman. Outcry from the public over the final results prompted an investigation. State owned Channel One TV has announced they are cancelling the winning results and investigating new, and safer, options for voting.
Brock Donnelly says
Wow this is pretty silly but a great example of a yet discovered weaknesses in their voting system. It is even more impressive and a credit to the attackers to have discovered the weakness and a way to exploit them. I wonder if this was done with number spoofing? A series of bot could vote repeatedly if they simply continuously spoof their numbers.
Dima Dabbas says
Scott,
This was shocking to me. We know hackers exist but we never think that it can come to the point of faking votes out for a television show. It is really sad to read this and interesting to see how people are capable of discovering the vulnerabilities and weaknesses in any system and make these systems do as they desire. This voting system clearly had vulnerabilities that enabled the use of bots which in return gave invalid voting results. Again, security vulnerabilities exist everywhere and we need to not disregard any type of system so that we can guarantee the integrity and confidentiality of our data.
Jonathan Duani says
This is a very interesting article about Baltimore, Maryland ransomware attack. This really solidifies the statement a lot of people have been making that our infrastructure is outdated, especially on the security side of things. It talks about how there was a ransomware attack in Baltimore a couple weeks ago and the city is still reeling from the effects. They said it should take months for a full recovery on the situation. This shows that our government could be at risk and if people don’t start taking this kind of thing seriously, in the wrong hands it could cripple us very easily.
Source: https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/05/22/the-cybersecurity-202-baltimore-s-slow-recovery-shows-far-reaching-consequences-of-ransomware/5ce4a910a7a0a46b92a3fd6d/?noredirect=on&utm_term=.241c00eb1833
Brock Donnelly says
I’ve been following this as well. If anyone was not aware Baltimore is not the first city to be crippled with a ransomware attack. Greenville N.C was under similar condition. They hired a specialist to counter the ransonware as the price of the ransom increased by a specified duration. This article also mentions Atlanta who probably wish they paid the ransom at some $52,000 worth in bitcoin. The Iranian blamed group for Atlanta’s ransom took their payment portal offline leaving Atlanta to fend for themselves. They have since spent over $3 million on this attack. The attack forced police and court proceedings to operate by paper only.
I agree with you Jon, this does not look good for the U.S. infrastructure. Right now the only thing tax payers are loosing is money…
Jonathan Duani says
Brock,
It seems to be happening more and more and I think this is not going to be the end. The way i see it is like a credit card scammer for example. They take a little here and a little there at first to see if they get caught. Now that they know just how easy it is to get in and to what lengths they can go they will continue and the attacks will get better and better.
Dima Dabbas says
test
Dima Dabbas says
How to Prevent Cyber-Crime in Your Organization in the Wake of Another Ransomware Attack
https://www.missionmode.com/how-to-prevent-cyber-crime-in-your-organization/
This articles describes how cyber attacks and crimes are increasingly happening in many organizations. This article highlights a few methods that can help reduce the number of threats within an organization and prevent these attacks from happening. The number one threat is individuals as they are the weakest link in an organization therefore it is essential to make employees aware of security and what is poses on the organization. This can be done through training that can help employees understand how to protect themselves and the organization from these threats and attacks. It can be as basic as using complex passwords and using various passwords. Training should include introducing phishing , hacking and how to distinguish real emails from phishing emails. These training sessions despite providing simple concepts will help employees put security at the top of their priority list when performing their daily tasks.
Dima Dabbas says
This article also mentions the idea of being prepared in case a cyber crime happens. It suggests taking the following security steps regularly to increase the chances of organizations surviving in case of a cyber crime ever occurring:
– Backing up your data regularly
– Restrict access to sensitive information
– Install firewalls
– Upgrading your operating system and install patches
– Install intrusion detection systems and an emergency notification system
It is through following these different steps and process that organization can be better prepared for cyber threats and crimes.
William Bailey says
First American Financial (FAF) had a breach that was reported by Krebs on Security, published online: https://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/
The website was not designed properly; URLs for individual documents could be entered without authentication, leading to disclosure of other account documents. As is customary for mortgage documents, borrowers’ full identities were contained in these unsecured account documents, including social security numbers, date of birth, driver’s license information, income details.
Frederic D Rohrer says
Intel Chipsets and CPU attacks – https://mdsattacks.com/
RIDL and Fallout are two attacks that can be carried out on Intel processors and chipsets. Like previous attacks, both work on the speculative execution principle that gives Intel processors the low latency edge they are known for. Speculative execution lets the processor decide which code to execute next, based on a speculation that it will be needed next. RIDL can act across any boundary, including Virtual Machine Virtualization and across OS kernels. This gives attackers the ability to steal from another shared cloud host, for example. Fallout is an attack that leaks data from the Store Buffer, to which processors are now more vulnerable after the recent Meltdown fixes.