Assume a scenario where the hackers gained access to information through malware on Point-of-Sale (POS) systems of more than million credit and debit card. The firewall had captured the first malware code and an alert was issued which was ignored. The hackers started downloading the collected data. The cyber criminals have hacked the system to gain credit and debit card information. 1. Explain in your own words what happened in the above discussed data breach. [5 Marks] 2. Identify and experience the type of attack experienced in the above scenario [2 Marks] 3. The stolen credentials alone are not enough to access the company’s POS devices. What other means can the hackers acquire to allow them to navigate the company’s network and deploy the malware. [3 Marks] 4. What would have hackers done for privilege escalation? [2 Marks] 5. The organization admitted that they ignored many alerts from their network security devices because of alert overload. If you are the organization’s Chief Technical Officer (CTO), what would you do to reduce the problem of alert overload? [3 Marks] 6. The security experts criticize the organization for failing to isolate sensitive sections of their networks from those more easily accessible to outsiders. As a CTO, please propose a feasible solution to segment and categorize your networks and resources. [5 Marks]
Attacks on payment system is very dangerous and it is the most critical area that have to be protected well in a system. Here, the company must have designed a less secured or not well encrypted webpage to have the customer payment details. Attackers might have intruded to this vulnerable webpage and had placed a malware, may be as an extra link or field in the form. This will let the access the credential on clicking on it. Or simply a malware intruded in to the page can watch and send the informations to the attacker.
This is intrution and data breach method of attacks. Attacker may intruded to the system via a weeker external facing path. This can be done using SQL injection or phising. Both these methods are used to collect datas from users. Along with POS, the attackers can get into the entire server of the company. This will result in the stealing of much more private datas of the company. For example, if the attacker is used SQL injection for intruding to POS system, the same can be used to the login credentials of the users which includes much datas like address and phone number. These will create huge problems to the company.
Privilege escalation is the capability of having unauthorized access, means having access to someone else portal without their permission. Attacker may done this using any intrusion method. SQL injection will create a false field in the form which is actually pointed to the user database and the extra field is pointed to attacker's database. This stealed information will help attacker to get the login credential and hence the privilege escalation.
Organization have ignored many security alerts due to overload. This might had happened due to poor structure of the security system. The system may make an alert even for a non attacking action. A well and updated algorithm which tracks the intrusion or any changes in the network and making an alert shoulb be implemented. Also the authorities must not neglet any of the alert. They should check for all the alerts and make sure everything is ok.
To empower the system of security in the POS system, company must use a well protected server and page with double encryption. In case company fail to implement a well structured payment system, they can use third party payment portals like UPI system. Google pay, Phone pe and much more highly secured platforms are available to do the payment today. This will ensure the protection of the banking details as they are hidden in their servers.
Get Answers For Free
Most questions answered within 1 hours.