Question

Assume a scenario where the hackers gained access to information through malware on Point-of-Sale (POS) systems of more than million credit and debit card. The firewall had captured the first malware code and an alert was issued which was ignored. The hackers started downloading the collected data. The cyber criminals have hacked the system to gain credit and debit card information.

1. Explain in your own words what happened in the above discussed data breach. [5 Marks]

2. Identify and experience the type of attack experienced in the above scenario [2 Marks]

3. The stolen credentials alone are not enough to access the company’s POS devices. What other means can the hackers acquire to allow them to navigate the company’s network and deploy the malware. [3 Marks]

4. What would have hackers done for privilege escalation? [2 Marks]

5. The organization admitted that they ignored many alerts from their network security devices because of alert overload. If you are the organization’s Chief Technical Officer (CTO), what would you do to reduce the problem of alert overload? [3 Marks]

6. The security experts criticize the organization for failing to isolate sensitive sections of their networks from those more easily accessible to outsiders. As a CTO, please propose a feasible solution to segment and categorize your networks and resources. [5 Marks]

Answer 1

1. In the above data breach the hackers gained access to the information by inserting malware in POS systems and started downloading and collecting data. The hacers have hacked the system to gain credit and debit card information.

2. The type of attack experienced in the above scenario is Malware Attack. A malware attack is an atttack when cybercriminals create malicious software that's installed on someone else's device without their knowledge to gain access to personal information or to damage the device, usually for financial gain. Different types of malware include viruses, spyware, ransomware, and Trojan horses.

3. Hackers to navigate themselves to the comapany's network and deploy malware, the stolen credentials are not enough. So the hacker to hack an organization, They'll draw upon common types of hacking techniques that are known to be highly effective, such as malware, phishing, or cross-site scripting (XSS).

4. To gain the privilege escalation the hacker will try to exploit a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

5. If I were the organization's Cheif Technical Officer, I would decide which types of monitoring I actually need, what to set up notifications on, and what I can do without. If you add monitoring blindly, you’re shooting yourself in the foot by collecting more data than you can ever process or act on effectively. This turns into fatigue for your on-call staff, wasted time spent on low priority issues, and causes low priority issues to distract from the critical ones.

There are other types of data that are good to monitor but may not require an alarm. Those include things like CPU usage, Network load and Environmental Conditions. So instaed of an alarming system I will only moniter them so that I won't recieve an alert for such minor issues.

6. As a CTO, I would segment and categorize my networks and resources in following manner

Become Familiar with Key Terminology:

• In Scope. Any system directly involved with, connected to, or that may impact the security of your cardholder data.
• Connected-to. Any system that connects to the cardholder data environment (CDE), as well as those that are indirectly related to handling cardholder data.
• Out of Scope. Any system that has no access to CDE.

Assign One Person or Small Group to Tracking Cardholder Data Flows:

Assign one person, or a small group of staff members, who is responsible for learning all the places where cardholder data flows throughout the network. By placing this responsibility in the hands of one person, ideally, he or she can track this information more easily and consistently. This one person becomes the expert on the overall flow of cardholder data, as well as where and how it is used and stored, therefore reducing the scope of the CDE.

Develop a Data Flow Map of Cardholder Data

Based on the information that you gather through employee interviews and your independent research, create a visual representation of the flow of cardholder data.

Determine How to Segment Your Network

The most common strategy used is via a firewall, which involves situating a piece of dedicated hardware between each network zone to limit network traffic. When choosing the firewall option, it is important that you configure your Access Control List (ACL) to define precisely what traffic is allowed to pass through the sections.

Get the Go-Ahead from Your Qualified Security Assessor

Ultimately, your Qualified Security Assessor (QSA) must verify that your segmentation approach and results are adequate to reduce your PCI scope. It also helps to bolster your confidence in your approach and results in network segmentation, especially if you are new to the process.