Assume a scenario where the hackers gained access to information through malware on Point-of-Sale (POS) systems of more than million credit and debit card. The firewall had captured the first malware code and an alert was issued which was ignored. The hackers started downloading the collected data. The cyber criminals have hacked the system to gain credit and debit card information.
1. Explain in your own words what happened in the above discussed data breach. [5 Marks]
2. Identify and experience the type of attack experienced in the above scenario [2 Marks]
3. The stolen credentials alone are not enough to access the company’s POS devices. What other means can the hackers acquire to allow them to navigate the company’s network and deploy the malware. [3 Marks]
4. What would have hackers done for privilege escalation? [2 Marks]
5. The organization admitted that they ignored many alerts from their network security devices because of alert overload. If you are the organization’s Chief Technical Officer (CTO), what would you do to reduce the problem of alert overload? [3 Marks]
6. The security experts criticize the organization for failing to isolate sensitive sections of their networks from those more easily accessible to outsiders. As a CTO, please propose a feasible solution to segment and categorize your networks and resources.
1.What Happened ??
A PoS attack such as this is often called a “RAM scraper.” The term originates from the way the malware scans a point-of-sale terminal’s random access memory (RAM) for transaction data with the intent to steal it. When a card is swiped, the data encoded on the magnetic stripe is passed along with the transaction request to the payment application and then on to the company’s payment processing provider.
At the end of 2015, Target announced a loss of $162 million due to data breach-related fees.
2. Identify and Experience
Target Data Breach
In 2013, hackers accessed over 40 million of Target customers’ credit and debit card information through a large scale social engineering attack on Target’s point-of-sale (POS) systems. The systems were infected with malware, confirming what security experts suspected since the massive data breach was announced in December of that year. What is interesting is that it was discovered that hackers went through another company to get to Target. It was later announced that information such as names, emails, addresses, and phone numbers of an additional 70 million customers had also been stolen.
3. Credentials needed
Target made many mistakes that eventually lead to this attack.
First, Target gave remote access to its network to its HVAC vendor Fazio Mechanical Services. This company was then targeted with a phishing email that installed malware onto their system. The hacker then used this to route into Target’s network, installing malware that recorded and extracted the information for every credit and debit card used on an infected machine.
4 Privilege Escilation
An attacker can gain access to the network using a non-admin user account, and the next step would be to gain administrative privilege.
Escalation of Privileges:
There are two types of Privilege Escalation:
Horizontal Privilege Escalation occurs when a malicious user attempts to access resources and functions that belong to peer users, who have similar access permissions.
Vertical Privilege Escalation occurs when a malicious user attempts to access resources and functions that belong to a user with higher privileges, such as application or site administrators.
6. Warning and Acrion from Organization
Let's see an example of Evernote
Evernote
June 12, 2019: A security vulnerability within Evernote’s Web Clipper Chrome extension gave hackers access to the online data of its 4.6 million users. Authentication, financials, private communications, and more could have been accessed by malicious actors by exploiting a flaw in the Evernote code. The company has since corrected the issue, but it’s unclear how long user data may have been compromised.
Get Answers For Free
Most questions answered within 1 hours.