Question

Assume a scenario where the hackers gained access to information through malware on Point-of-Sale (POS) systems of more than million credit and debit card. The firewall had captured the first malware code and an alert was issued which was ignored. The hackers started downloading the collected data. The cyber criminals have hacked the system to gain credit and debit card information.

1. Explain in your own words what happened in the above discussed data breach. [5 Marks]

2. Identify and experience the type of attack experienced in the above scenario [2 Marks]

3. The stolen credentials alone are not enough to access the company’s POS devices. What other means can the hackers acquire to allow them to navigate the company’s network and deploy the malware. [3 Marks]

4. What would have hackers done for privilege escalation? [2 Marks]

5. The organization admitted that they ignored many alerts from their network security devices because of alert overload. If you are the organization’s Chief Technical Officer (CTO), what would you do to reduce the problem of alert overload? [3 Marks]

6. The security experts criticize the organization for failing to isolate sensitive sections of their networks from those more easily accessible to outsiders. As a CTO, please propose a feasible solution to segment and categorize your networks and resources. [5 Marks]

Answer 1

Data breach is the unlawful,unethical and unauthorised access to someone's computer or network and to steal his or her confidential personal information.There are many data breaches,namely

• An Exploit---It take advantage of the loopholes in the Software system.Till the time the drwabacks or the bugs are reported to the manufacture , the Cybercriminals package multiple exploits into automated exploit kits and thus making easier for them to take advantage of the exploits.
• A SQL injection (SQLI) is a type of attack which take advantage of the loopholes in the SQL database software.The Cybercriminals mounts a maliciuos code into the search field of a retail website where Customer normally querries for their products like top rated laptops, popular outfits etc. Now instead of returning the list of products Cybercriminals get Customer information and their credit card information.
• SPYWARE is a malware which intrudes our system and steals private and confidential data.It is downloaded by us as part of a download which we feel is genuine. Apart from this it may enter as a secondary infection as a Trojan. Emotet, TrickBot, are common examples.
• Phising   scammers normally send links related to greed and fear for example you have won a lucky draw or you have a gift from Amazon and they ask you to click on certain links , when you click they direct you towards a malicious page which ask you to enter Account number and password.This way they track all our information.
• Broken or misconfigured access controls - Sometimes when the folders of any retail company are made Private by the administrators and he forgets to make private the subfolders,In this case Scammers get access to these subfolders and steals the critical information like Customer debit and credit card details

In this scenario it is evident that it was not exploit as the firewall gave alert when the malicious activity occured.It is neither the case of Spyware as nothing was downloaded at the pos system nor Phising or misconfigured access controls.It is the case of SQLI as it states more than million debit and credit card information was stolen. Such a thing is posssible on large databases like SQL. The malware code was implanted by the Scammers in the form of query of certain items and it resulted in the spitting of the confidential information of debit and credit card information of the customers. It was not only the data breach but it also involves the carelessness of the administrators. If the act would have noted in time the Cybercriminals could be stopped from downloading the confidential data and the information of millions of people could be protected.