Question

Assume a scenario where the hackers gained access to information through malware on Point-of-Sale (POS) systems of more than million credit and debit card. The firewall had captured the first malware code and an alert was issued which was ignored. The hackers started downloading the collected data. The cyber criminals have hacked the system to gain credit and debit card information.

1. Explain in your own words what happened in the above discussed data breach. [5 Marks]

2. Identify and experience the type of attack experienced in the above scenario [2 Marks]

3. The stolen credentials alone are not enough to access the company’s POS devices. What other means can the hackers acquire to allow them to navigate the company’s network and deploy the malware. [3 Marks]

4. What would have hackers done for privilege escalation? [2 Marks]

5. The organization admitted that they ignored many alerts from their network security devices because of alert overload. If you are the organization’s Chief Technical Officer (CTO), what would you do to reduce the problem of alert overload? [3 Marks]

6. The security experts criticize the organization for failing to isolate sensitive sections of their networks from those more easily accessible to outsiders. As a CTO, please propose a feasible solution to segment and categorize your networks and resources. [5 Marks]

Answer 1

1. The Point Of Sale section is one of the most important data in every company. POS is the session where the customer end a purchase or transaction using the payment methods. An attack on this means, stealing the banking details and card details. This involves money and is a huge risk. Attacker can steal the money from customers using this data which will result in huge problems. Company will fail in the business if this would have happened in a huge range.

This probably happened due to a low quality payment portal provided by the company. Company might have used a simple usual webpage to carry the user credentials to the payment system. This can be attacked using any intrusion methods as the webpage may be vulnerable.

2. The type of attack here is intrusion and data breach. Intrusion is the process of entering to any private area in the network without permission. By intruding to a network, attackers can view so much private details and use them for attacks. Intrusion will result in the attacks like eaves dropping and data breach.

Data breach is the process of stealing private datas. When an attacker is intruded to a system, he can easily steal the data, modify the data or even delete it . Here the attacker is intruded and datas are stealed.

3. The stolen credentails are not enough to place a malware in the website. There must be an access to the backends to placew an object inside. This might have done through a loop hole in the administrative pages. If the attacker could get into the admin page of the company, attacker can place whatever object he needed.

4. Privilage escalation is the process of accesing unautherized portals. This is getting the privilage of using someone's private data for malicious operations.

A man in the middle attack is chance here. Man in the middle attack involves an attacker to eavesdrop into the vulnerable channel and see the datas entering by the user. This data is copied without any provokings or manipulations and attacker is left.

SQL injection is another method of data breach from a vulnerable webpage. If the page is vulnerable and contain any information about the database used, a fake field can be added by the attacker through which useful information is fetched to attacker's system.

5. The alert overload is happened due to weak design of the security device. Device must be designed in a way such that it alerts only for true attack or intrude actions and ignore silly things by protecting itself. Also the authorities must check with the network for every alert made without ignoring them.

6. A solution to protect the POS system is to increase the security systems maximum. This can be done in two methods, one, company can create a highly encrypted system for its own with double encryption techniques and get protected. Next, company can use any third party payment providers like Google pay which uses UPI technology to make the transaction secure. So the payment details are not stored in the company servers, it is done in the service provider's servers which are highly protected.

if this answer is helpful to you please give positive rating.if any doubts please provide comments i will clarify your doubts