Question

Assume a scenario where the hackers gained access to information through malware on Point-of-Sale (POS) systems of more than million credit and debit card. The firewall had captured the first malware code and an alert was issued which was ignored. The hackers started downloading the collected data. The cyber criminals have hacked the system to gain credit and debit card information.

1. Explain in your own words what happened in the above discussed data breach. [5 Marks]

2. Identify and experience the type of attack experienced in the above scenario [2 Marks]

3. The stolen credentials alone are not enough to access the company’s POS devices. What other means can the hackers acquire to allow them to navigate the company’s network and deploy the malware. [3 Marks]

4. What would have hackers done for privilege escalation? [2 Marks]

5. The organization admitted that they ignored many alerts from their network security devices because of alert overload. If you are the organization’s Chief Technical Officer (CTO), what would you do to reduce the problem of alert overload? [3 Marks]

6. The security experts criticize the organization for failing to isolate sensitive sections of their networks from those more easily accessible to outsiders. As a CTO, please propose a feasible solution to segment and categorize your networks and resources. [5 Marks]

Answer 1

1.Explain in your own words what happened in the above discussed data breach?

Answer:In the above attack the hackers gained access to the Point of Sales system and collected the credit and debit card credentials of one million users.The basic idea for collecting the credit and debit card details is to purchase things. There are people who buy and sell card numbers in online markets, and there are the people who actually make fake cards. Then there are recruiters who find people to make purchases with the fake cards. And in the end, someone walks into a store with the counterfeit card and try to make purchases.Fake cards often carry the stolen number on their magnetic strip but have a dummy number on the card itself. To try and detect fake cards enter the last four digits of the dummy number, and flag the purchase if they do not match the last four digits that are being charged.

2.Identify and experience the type of attack experienced in the above scenario?

Answer:The attack used in this scenario is MAN IN THE MIDDLE attack.In this attack,perpetrator positions himself in a conversation between a user and an application either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.It is the interception of the processing at the retail checkout point of sale system.The simplest, or most evasive, approach is RAM-scraping, accessing the system's memory and exporting the copied information via a remote access trojan (RAT) as this minimizes any software or hardware tampering, potentially leaving no footprints.POS attacks may also include the use of various bits of hardware dongles, trojan card readers,data transmitters and receivers.Being at the gateway of transactions, POS malware enables hackers to process and steal thousands, even millions, of transaction payment data, depending upon the target, the number of devices affected, and how long the attack goes undetected.This is done before or outside of the card information being encrypted and sent to the payment processor for authorization.

3. The stolen credentials alone are not enough to access the company’s POS devices. What other means can the hackers acquire to allow them to navigate the company’s network and deploy the malware.

Answer:The attackers stolen only the credit and debit card crendentials which are not enough for accessing the comapny POS devices.Now for getting the access to company POS devices the attackers use the PHISHING attack.Phishing is one of the easiest forms of cyberattack for criminals to carry out, and one of the easiest to fall for. It's also one that can provide everything hackers need to ransack their target personal information and work accounts. That might be handing over passwords to make it easier to hack a company, or altering bank details so that payments go to fraudsters instead of the correct account.In phishing attackers deliver the malware, by encouraging victims to download a document or visit a link that will secretly install the malicious payload in attacks that could be distributing trojan malware, ransomware or all manner of damaging and disruptive attacks.The data stolen can range from personal or corporate email address and password, to financial data such as credit card details or online banking credentials or even personal data such as date of birth, address and a social security number.

4.What would have hackers done for privilege escalation?

Answer:In privilege escalation,a malicious user gains access to a lower-level account and uses it to gain higher level privileges.Privilege escalation happens when a malicious user exploits a bug, design flaw, or configuration error in an application or operating system to gain elevated access to resources that should normally be unavailable to that user.There are many vulnerabilities that can lead to privilege escalation. Some of the most common are cross-site scripting, improper cookie handling, and weak passwords.

Attackers start by exploiting a privilege escalation vulnerability in a target system or application, which lets them override the limitations of the current user account. They can then access the functionality and data of another user (horizontal privilege escalation) or obtain elevated privileges, typically of a system administrator or other power user (vertical privilege escalation). Such privilege escalation is generally just one of the steps performed in preparation for the main attack.