StudyMoose App
24/7 writing help on your phone
Save to my list
Remove from my list
The most dangerous attack in 2014 was done on eBay which is,one of the top most shopping cart and here you can find more thingsthan Amazon. In February and March 2014, about 145 million usersencrypted accounts and passwords along with other personalinformation was stolen from eBay . This was unknown until eBayrequested their 145 million users to change their credentials. For thishack social engineering was used the passwords were not stolen fromthe users but were stolen from eBay employees by sociallyengineering them.
It is well said that the most vulnerable part ofacompany is its own employees who are mostly exploited by social engineering attacks.
A nthem, which is the parent healthcare company for mosthealthcare organizations. In February 2015 a hacker group broke intoAnthem's servers and stole about 80 million records and again thisattack was done by socially engineering their just five employees bysending them phishing email and were tricked to download a Trojanincluding a keylogger and we all know what a keylogger and a Trojanhorse do· the keylogger obtained the password for the encrypteddata this breach was done for the sake of money becaus e this valuedten times more than the same amount of credit card data and thesedata and information are sold on the dark and deep web and there are many buyers for it.
4.9 (247)
“ Rhizman is absolutely amazing at what he does . I highly recommend him if you need an assignment done ”
Uber, is a well -known taxi company and we all use it daily it is an international l taxi service but nothing is designed perfectly in the cyberworld even uber or other tech giant companies like Google, Appleand Facebook are not even 100% secure.
Once a hacker said that weare -27% percent safe from cyber breaches and I think he was corr ect. In October 2016 hackers got access to the names, phone numbers,email addresses and even license plate numbers of almost 57 million drivers and customers of uber. This breach was unknown till November 2017 and uber also paid the hackers 1 Million USD and requested them not to use the data. Luckily this attack didn't use social engineering or phishing attacks. The hackers got the credentials from a private GitHub account to access the private accounts of uber engineers and then used their credentials to break into Uber AWS account. AWS: Is 12 digit number this is a security provided by Amazon andused to access many other ARNs (Amazon Resource Names).
The biggest cyber -attack in 2017 was Wanna cry ransomwarewhich was a big challenge for the secur ity researches and it infectedmany computer systems i.e. from personal computers to serversworldwide and people called it "The worst ransomware attack ever". It infected 3 Million computer systems worldwide in just four days. Themechanism behind such a big infection was that it once it infected itscanned for other machines on LAN and WAN to find othervulnerable victims and after getting a vulnerable system it also infectedit and moved on every infected machine was asked to pay 70 -80Bitcoins at that t ime 1 bitcoin costed almost 1 Million PKR. It hitNational Health Care in U.K which caused cancelation of 19,000appointments including surgeries. It also stole NSA cyber weapons. WannaCry used, Eternal Blue exploit in windows SMBV1 (server blockmessage version 1) , this vulnerability still exists if someone hasn'tupdated their windows and was available in windows for the last 15years and its patch was released after 8 weeks of the WannaCryattack. The orig in and the hacker behind this attack is still unknownbut some says that it was launched from North Korea .
From 21 August to September 5, A criminal hacker stole thebooking made to British airline via their website or phone app ofabout 380,000 Card payments. For this breach British airways wasfined 229M USD. This attack used cross site scripting or in short XSSmethod in which their website and phone app both were infectedwith a specially designed script. The hacker is still not known but itmust be included that this fine is a record fine it was estimated thatBritish airways might be fined for 500 Million Euros.
As the security is evolving so are hackers. In 2019 very much,cyber -attacks were launched and were successful the most advancedthe dangerous attack in 2019 so far i s on the First American FinancialCorp. This attack exposed the data of 885million users which includedall the real estate information of the users and this was due to low andweak security by the organization. The orga nization used direct linksto files to save them without any kind of authentication and this madethe data accessible to anyone who has the access to the link and thisis simple that you can get the links to website files by using someinformation gatherin g and needing some terminal commands as thisdidn't use any kind of authentication it was very easy to access thefiles. There is no clue till now that how this attack originated as SEC is currently working on it.
The weaknesses or flaw s in Biometric authentication devices iscalled f alse positives or false negatives. These have very little differencefalse accept or positive is a weakness when a biometric data is enteredinto t he system , say, a finger print is scanned and the finger print isvery much the same like the one already stored into the system , so thedevice incorrect ly accept s it and authenticates a wrong person on theother hand a f alse negative m eans that the system rejects a legit anddo not permits the owner of the system to authenticate. An exampleof f alse acceptance can be seen from the very near past i.e. when theA pple Inc. firs t tested its facial recognition system in I Phone X this facialrecognition was called Face ID by the apple , anyways when theIphone X started selling in chin a suddenly user s reported issues withFace I D th at it was matching others people face also and making itaccessible to others we can say that the Face I D failed in its initi allaunch then it was improved by some soft ware updates and security patches.
A s the security of all the electronic devices is incr easing so are themalware are also developing them selves every da y a new malware can be seen with extra features in it such hiding itself from ant iv irusand the Victim , bypassing Firewall s, IDs , I Ps and even can by pass a honeypot . Some of the main features and developments in malware is as follows:
In the early days of computer only single functional viruses weremade with only one target after completing that action they wereuseless and caused no more damage to the victim by nowada ysmultifunctional malware s are being used they have multiple tasks todo such as stealing cookies or other credentials an addition toencrypting data for ransom and sending the victim files over theinternet to the attacks and many more . These all t asks are performedby onl y one malicious code it also h ides itself from anti -virus programsand the victim and do all its tasks in the background. It sends the datato th e attacks as soon as it is connected to the internet.
Polymorphism is the ability or feature of a malware the itchanges it identifiable features with time making itself hard to detect . Ifa ra nsomware is con sidered for th is example so we can say that thera nsomware changes the encryption key w ith time to time so theantivirus program is easily tricked and ca nnot dete ct any suspic iousactivity. I t also changes its logic of deleting system files that it randomlydeletes the files without any noticeable clue l ifting behind so that itcan control the victim computer for as long as possible without being detected.
Obfuscation is used by the developer of the malware to themalware hard to detect or analyze . Ob fus cation is a type of hashfunction for example , which is used by the programmer to make thecode harder to read . In malwares this is used because when an anti-virus programs tries to run the malware it analyzes it s code but if thecode is e ncrypted then the an ti-virus can not detect it and permits theprogram to run and then the program shows it actual activity.
Backdoor is a code which enables the person to gain access toacert ain system or software and the person w ho has put the backdoorcan get access the very high privileges on the system that are calledroot privileges . From reference of the movie Wargames , Da vid isstudent who is interested in playing games and he finds a l ist of gameson an unknown computer but he can 't get through the system, thesystem which he wants t o access is a government computer whichuses computer video games like emulator to tell the US air force aboutthe attack from USSR fighter jets. David takes all the data he got toacompu ter expert and he tells David to use a backdoor to access thesystem and David s tart res earch about the developer of the programand he comes to know that the programmer has put a backdoor intothe system which password is his son name and he finally access theUS Airforce system . In conclusion we can say that the backdoor wasaccessed through password gu essing method .
This attack mostly is done by social engineering in this at tack thevictim is tricked with a fake or spoofed email or sms and the Vistim istricked to open the malicious file into email or mali cious link in the SMSas soon as the victim opens the link the victim is redirected to maliciousand fake we bsite or if he/she opens the malicious code a malware isrun on his PC giving access to the attacker.
Cross site scripting is the injection of a malicious javascript or anyother web development language by the attacker which enables theattacker to get som e information or display a when somone visits thewebsite it can even give the attacker to access the website and totallychange it but it depends that how much a website or webserver isvulnerable most ly th ese kinds of attacks are tried on the websiteswhich has some kin d of input from the user or mostly attackers triesthese attacks on Online shopping websites.
This is the type of vuln erability fo und in SQL database this is also a code inject ion attack which can destroy a webservers database. If is vulne rability is exploited the attacke r can change all the data onwebs erver and can even change the admin credentials of thedatabase . This vulnerability can be exploited from a bro wser or usingautomated soft ware on Linux or other platforms . Detecting this type ofvulnerabi lity is very eas y that simple Boolean conditions are submittedin the URL of the website and the attacker lo oks for the response ofdifferent applications sunning on the database. There are two types ofSQL injections
1) Blind S QL Injection
2) Classic SQLi
3) Out -O f-BandSQLi .
In DNS spoofing attac k a link is sent to the victim or a website onthe victi m s network is poisoned so, when the victim tries to access thatspecific website he is redirected to a fake DNS and then the victim isfrauded with the original website and he/she as ked to enter the usercredentials or other sensitive information DNS poisoning cons ists1)MIT M attac ks aka man in the middle at tacks (done on local areanetworks)2) DNS server compromise ( Includ es hijacking of a DNS server, Whichis configured to deliver a malicious I P address.
It is a type of exploi t which can be found by scanning the targetdevice for any kin d of vulnerable application. This is ty pe of bug in theapplication which can exploited by the attacker either remotely orlocally and then getting all the privileges on the target device and cancontrol it on WAN or LAN. It depends on the nature of the exploit andthe t ype of application in which it is found.
Introduction to Cyber Security. (2019, Dec 05). Retrieved from https://studymoose.com/introduction-to-cyber-security-essay
👋 Hi! I’m your smart assistant Amy!
Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.
get help with your assignment
