To install StudyMoose App tap and then “Add to Home Screen”
Save to my list
Remove from my list
With technological development comes the era of the internet, which has become a broad cyberspace; an avenue for business, leisure, commercialization, among others. This has given opportunity to some internet users to take advantage of systems and internet facilities that are vulnerable through various forms of phishing and threats. As a result of this loophole in internet technologies, this report focuses on three different cybersecurity attacks, Capital One, DoorDash, and Eurofins Scientific. This will entail; description of the attack, identification of key cybersecurity terminologies used in each attack, and technical controls for each terminology.
The company’s cloud server was hacked by a software engineer based in Seattle.
He got away with the social security numbers (SSN) of customers, credit card applications, and bank account details of customers. The name of the hacker was Paige Thompson who had earlier worked with Amazon as one of its employees. Stolen customer data were over one hundred million.
The Capital One cyberattacks happened in March 2019 but were discovered in July 19, 2019. Data compromised entails names, phone numbers, addresses, credit scores, payment histories, self-reported income, among other valuable information of customers in the US (over 100 million) and Canada (6 million) (Gold, 2019).
The case revolves around four parties: Capital One, the primary company under attack; the attacker, Paige Thompson; AWS, the owner of the cloud server, and GitHub, the social platform known for code sharing where Paige Thompson publicly uploaded breached information (Blanco, nd).
Capital One, located in the US, is rated the fifth biggest consumer bank within the United States and overall, the eighth biggest bank worldwide with over 50 thousand employees according to Neto, Madnick, Paula & Borges (2020, p.5).
Verified writer
Proficient in: Technology
5 (204)
“ She followed all my directions. It was really easy to contact her and respond very fast as well. ”
Its quest for technological development and involvement in its services affords it the leading position among other banks in the US in adopting cloud computing technologies that led to its cyber-attack.
Using a bottom-up approach Gold (2019) explained how the hack was carried out; what he referred to as “attacker’s process”. There was a misconfiguration of a particular firewall, which the hacker took advantage of that necessitated his use of commands to get to the server and permitted its execution. While there’s no precise mention of the misconfiguration used for the hack of the cloud, Gold (2019) and Blanco (n.d.) agreed that the exposure of a vulnerable application to the internet led to its exploitation through an SSRF attack. Alternatively, it was believed that a service; remote access, without credentials was released to the web. This explains the initial access, exploit, and execution of the cyber-attack.
For the credential access/account manipulation, it was believed according to Gold (2019) that the attacker gained unauthorized access to the cloud account of Capital One. The attacker used three different commands; the first command generated initial/temporary credentials, the listing of Amazon S3 buckets was the second exploitative command and the third exploitative command was syncing the contents of the S3 bucket using a controlled server. The attacker also uses a mixture of VPN providers; IPredator and Tor, for concealing her location and identity during the attack.
It was mentioned by Gold (2019) that Paige Thompson used two different paid VPN providers; IPredator and Tor to conceal the network, location, and identity during the attack. This is why Jaha, Shatwan, and Ashibani (2008) defined virtual private network as a method that provides safe communication among members or team when using a public telecommunications system, maintaining their privacy through the use of security process and tunnel protocols. While the secrecy meant here is safety if sensitive information being shared among team members, cyber attackers have hijacked the process to perpetuate evil. While there are several categories of VPN, the Capital One attacker was said to have used IPredator and Tor which are paid VPNs. They, however, serve as anonymous networks requiring a special application degree of authorization and protocol schemes for accessing the internet. The hacker must have taken advantage of this anonymity to perpetuate this crime. This is why Thompson had used Tor being one of the most popular networks which is capable of protecting the identity of users against any form of tracking on the internet (Zabihimayvan & Doran, 2018, p.1). Knowing the weakness of this particular VPN in terms of poor privacy threat, the attacker combined the two VPNs. Miller (nd) highlighted reasons people seeking for VPNs to use opt for IPredator as assignment if special IP address for protection of privacy us security. Its servers enable users avoid the challenge of regional blocks. Combining both VPNs enhanced unparalleled protection for the attacker of Capital One.
According to Detectify blog (2019) a Server-Side Request Forgery (SSRF) is a “type of attack that can be carried out to compromise a server. The exploitation of a SSRF vulnerability enables attackers to send requests made by the web application, often targeting internal systems behind a firewall”.
Blazquez (2020) also defined it as a kind of web application vulnerability and the associated family of attacks that force a target server to execute requests against other resources that the target server has access to, including read and write operations to local and internal assets. The attacker forces the service to carry out malicious and unintended commands/instructions. In SSRF, the attacker uses the capabilities of the web server as tools for the attack itself, this is because the web server is usually behind the firewall, the attacks then operate without being detected by the security scrutiny and deliver payloads of malicious instructions (Franklin, 2020). In simple terms, the SSRF attack allowed the attacker access round the firewall right into the back-end server to deliver payloads.
The Capital One attacker, Paige Thompson took advantage of a firewall misconfiguration to create an external remote service through which instructions/commands were given.
In the case of the Capital One breach and SSRF attacks that directly target the Amazon Web Services (AWS) metadata service, detection and prevention boils down to the ability to quickly determine whenever an incoming request attempts to pass on the URL to the AWS metadata service (Chung, 2019).
As a mitigating factor for the use of VPN, accessing resources should be whitelisted from known or popular IP address to help the prevention of intrusion. For an IP to be whitelisted, it must be used in combination with stronger authenticating mechanisms which can only be applied to the location where an approved user is known to be accessing a particular environment (Gold, 2019). Lo (2010, p.9) explained whitelisting as a method used for securing computer networks from several threats with reference to firewalls as earliest forms of whitelisting. It is believed that Capital One will begin the adoption of IP whitelisting to prevent future recurrence if an attack using VPN.
Mitigating against an SSRF attack requires more of a preventive approach, Gold (2019) enumerated some mitigating steps, some of which in summary include; continuously assessing cloud environments for possible security threats, reviewing security configurations regularly this ensures that access controls are correctly applied and systems are not exposed accidentally.
DoorDash is a US-based company with a special focus on food delivery established by four students of Stanford in 2013. It is one of the modem day technological firms using logistics to render food delivery services from restaurants to customers who demand their services. As a third-party logistics, it was launched in Palo Alto in 2015 and expanded to other cities, rendering its services to many stores within the United States, Australia, and Canada. It was its involvement in the use of technology in its services that led to its cyber-attack in May 2019 (DoorDash, 2019).
The company discovered in early May that there was an unusual event involving one of the third-party companies they provide service for. Immediately, an investigation was launched while engaging external security experts for close assessment. This led to the realization of an unapproved activity of a personality accessing some of their users’ data. Immediate action was taken to prevent further access by this person through strengthening security across the platform. They also got in touch with affected account holders.
According to the report by DoorDash (2019), not all their users were affected but about 4.9 million Dashers/riders, merchants, and consumers who registered on the platform around 5th April 2018. User data compromised entail profile details like names, delivery address, email ID, phone numbers, order history, and salted/hashed passwords. The last digits on payment cards of some customers were accessed but not the full card details that can be used for unauthorized purchase or withdrawal. About one hundred thousand Dashers’ driver’s license details were compromised.
The parties involved were DoorDash company, the customers, Dashers, and suspected third-party service provider.
This is a situation in which an attacker takes the lists of all stolen data like passwords as well as usernames and proceed to other websites where users might probably be using similar details (Whittaker, 2019). This key terminology was used to explain the type of attack the attacker carried out on the DoorDash website. This was necessitated after the complaints of some customers about their hacked accounts. In response, the company denied any form of data breach but claimed hackers were only trying credentials stuffing attacks. Customers interviewed confirmed that their passwords were not shared with other sites.
This is seen as any data traceable to a particular person as his or her means of identification (Grimes, 2019). This includes: email address, phone numbers, and other personal information of individuals.
When DoorDash was hacked into, the personal information of its customers, merchants, and riders was breached.
For the credential stuffing attackers, the company said it had a controlled measure in place to prevent its effectiveness and that is hashing and salting of passwords. Castilla (2019) confirmed that DoorDash used a hashing of data encryption. According to the author, hashing is a way of using different symbols to represent data. This method allows taking an input, like a password, irrespective of characters. To further strengthen it, salt was added to the hash.
For the personally identifiable information, Ingham (2019) suggested proper storage of personal data and not just ensuring how well guarded it is. He believed people’s data should be well secured instead of placing emphasis on security of servers, applications, and networks.
Another suggested technical control for DoorDash is the use of modern IAM according to Scroxton (2019). This tool helps organizations with continuous location security which can prompt further identification or verification when an intruder tries accessing the company’s database. It will be a great relief for any organization as it ensures customers, employees, and other stakeholders data safety.
Eurofins Scientific is the biggest forensic company in the UK. As an international laboratory group having its headquarters in Luxembourg, it provides support services and testing to food, agricscience, pharmaceutical, government, consumer products, and environmental industries. It is not only a global leader in rendering laboratory services, it is also an independent market (Eurofins.com).
The company was attacked on 1st June 2019 by a ransomware which Targett (2019) referred to as “highly sophisticated”. This has led to putting sensitive information at great risk. The malware was described as a new kind that was difficult to be detected by the scrutiny of the company’s global and leading IT security providers through their anti-malware until it was updated.
The parties involved in the attack are the company, its customers, and the unnamed intruder/attacker. Facts gathered from experts and law enforcement agencies made it clear that the attack was carried out by an intelligent group of attackers exceeding normal, easy, and less complicated malware. The ransomware attack disrupted their IT structure and function causing its systems to be taken offline in order to control the incidence before restoring it for normal function.
While the disruption affected all its IT systems in all locations of operation, it was able to partially resume the following day through prompt action. The ransomware was later paid to the attackers by the global testing firm. This is because the attackers demanded a payment before unlocking the company’s frozen accounts (Shaw, 2019).
This is a category of system program used to infiltrate any IT system with the aim of threatening the attacked firm about publishing the information or block/hinder their access to their system by encrypting all files until a required amount of money is given to them (Devlin, 2019). In the words of Cybsense (2019), “Eurofins Scientific was infested with a ransomware computer”.
The ransomware used was said “to have been a new malware variant” (Cybsense, 2019, Devlin, 2019, Targett, 2019 & Shaw, 2019). Namanya, Cullen, Awan & Diss (2018) defined malware was addition, changing, or removal of code from a system sift with the intention of causing harm or subverting the original function of the system. And this is what the unnamed perpetrator did to Eurofins Scientific.
The variant of the malware used by the attacker was later recognized and its detection neutralized by the company’s IT department. Extra security systems and tools have been deployed to support future security. The security system of this company has been enhanced, and measures put in place to protect both data and systems. The priority of the company is ensuring its systems become free of the said malware through installation and regular updates of extra security tools on all servers and devices (Business Wire, 2019).
Devlin (2019) pointed out that the company actually paid the requested ransom by the hacker in order to get its services running.
This report has considered three different cyber-attacks: Capital One, DoorDash, and Eurofins Scientific. All three companies were attacked in 2019. The attacks disrupted the smooth running of their services with obvious and speculated fear of stakeholder’s information being compromised. Moreover, all attackers’ identity were unknown except that of Paige Thompson who publicly declared her exploit. In a similar vein, all three companies were taken unawares without proper security of systems in place. The most significant cybersecurity threat is system hacking to steal stakeholder’s data.
Lab Report on Cybersecurity Attacks. (2024, Jan 03). Retrieved from https://studymoose.com/document/lab-report-on-cybersecurity-attacks
👋 Hi! I’m your smart assistant Amy!
Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.
get help with your assignment
