Question

Use your favorite search engine and search for “world’s greatest data breaches and hacks.” Scan through the hits until you find visual diagrams or a text-based list of major data breaches that have occurred recently. (Major data breaches are defined as those in excess of 30,000 records.) Select and carefully review at least two of these data breaches. Briefly describe the two data breaches you selected. Explain in layman’s terms how you think these breaches occurred. Discuss whether or not you agree with Verizon’s assertion that over 80% of breaches are caused by human error. Describe how appropriate governance frameworks might have prevented these data breaches from occurring. Support your statements with evidence from your sources.

Answer 1

Example 1:

I have an example for the real-life technological security flaw which has been appeared in one of the most used applications,i.e. Adobe Flash Player. So here is the information related to it in detail:

• The vulnerability which we are going to talk today is one of the most critical ones and for one of the largest companies "Adobe". This vulnerability left lakhs of the user under danger of getting breached.
• The name of the vulnerability is "Flash Player Vulnerability" with an identification code "CVE-2018-5002". This vulnerability has been affecting densely in the Middle East region and was brought into vision in June 2018.
• What actually was the security flaw here? The security flaw was one of the stack-based buffer overflow bugs that have been able to execute arbitrary code.
• The following vulnerability was allowing the attackers to maliciously craft the Flash object which would help them in executing codes in the victim machine and then execute the range of payloads & actions.

How would have this been prevented?

• The applications are been vulnerable to buffer overflow bugs when there are certain programming errors or memory leaks left in the programming.
• Hence, this can be prevented using right programming methods and also putting best programming techniques to use so that none of the vulnerabilities are left in open to ruin the applications.
• There must be thorough testing of the application done before releasing the application publicly and must also make the application good enough for working against the vulnerabilities.

Hence, these are the methods in which the vulnerability could have been prevented.

How did this vulnerability actually work?

• The vulnerability was allowing the attacker to provide a word file to download and once executed in the victim PC the adobe flash exploits would start running.
• This file once executed starts executing the shellcode which will then enable the attacker to command and control the servers from which the attacker would gain complete access to the victim machine.

Patch For Vulnerability:

• The company has declared the patch for the vulnerability and can be patched automatically by installing the updated Flash Player as this was a critical zero-day attack.
• The patch is available only for the users from East Asia as the vulnerability was highly active in that region.

Hence, this was all on technology security and how to maintain the security levels in order to stay updated and up to the mark.

Example 2:

• The second one is the most recent one with CVE-2019-1010259. This was the most critical vulnerability which was a type of SQL Injection and has affected most of the MySQL servers that were deployed in the cloud.
• In some cases, it also leads to the Remote Code Execution. Hence, it became a very hard job for the affected one to protect themselves from this vulnerability. As it was claimed to affect almost 11 million systems.

How did this vulnerability actually work?

• The vulnerability can be triggered by using a specially crafted password string which will help the attacker to escalate the privileges on the MySQL server. The attacker could just enter the string wherever the system can interact with the database server.
• The attackers triggered it using the login pages through which the attackers were getting access to the escalate the privileges of the MySQL server. After which they would be able to do below mentioned points:
  • Modify the system files or any information on the database
  • Scope of attack is limited as the attacker will not have control over what can be modified.

Patch for the vulnerability:

• Microsoft SQL Server team immediately provided with the version which was fixed and free to download or upgrade for the existing users as it was a major vulnerability and was being in wild for recent time.
• The fixed version was listed on the Microsoft website as well as it was being automatically updated for active users for diminishing any further damages done to the organizations. The fixed version which is currently being used is 2018.3.4

Hence, this is another vulnerability which was running in the wild and was recently a hit among hackers.