2021EH02 Data Breaches PDF

Title 2021EH02 Data Breaches
Author Anonymous User
Course Ethical Hacking
Institution Danmarks Tekniske Universitet
Pages 11
File Size 983.2 KB
File Type PDF
Total Downloads 55
Total Views 143
Preview
CLICK TO PREVIEW PDF
Summary

Examples of different data breaches and assignment...

Description

Ethical Hacking Data Breaches in the Real World

The Story of What Really Happened

2

DTU Compute Technical University of Denmark

Ethical Hacking

1

Learning from Mistakes Tesla on “Autopilot” Crash

Norwegian Frigate Sinks after Collision with Oil Tanker

Miracle on the Hudson US Airways Flight 1549

• Transport safety is improved by studying accidents – Causes of the accident • External factors (threat agent) • Material factors (vulnerabilities) • Procedural factors (opportunity for attackers) – Timeline for the accident – How the accident could have been avoided • What we need to do in the future 3

DTU Compute Technical University of Denmark

Ethical Hacking

Diginotar

4

DTU Compute Technical University of Denmark

Ethical Hacking

2

Sony Pictures Entertainment

5

DTU Compute Technical University of Denmark

Ethical Hacking

Home Depot

6

DTU Compute Technical University of Denmark

Ethical Hacking

3

TKMaxx

7

DTU Compute Technical University of Denmark

Ethical Hacking

Target

8

DTU Compute Technical University of Denmark

Ethical Hacking

4

Stuxnet

9

DTU Compute Technical University of Denmark

Ethical Hacking

Carbanak

10

DTU Compute Technical University of Denmark

Ethical Hacking

5

Equifax

11

DTU Compute Technical University of Denmark

Ethical Hacking

Kapsersky Labs

12

DTU Compute Technical University of Denmark

Ethical Hacking

6

Hacking Team

13

DTU Compute Technical University of Denmark

Ethical Hacking

NotPetya cyber attack

14

DTU Compute Technical University of Denmark

Ethical Hacking

7

SolarWinds

15

DTU Compute Technical University of Denmark

Ethical Hacking

Hafnium

16

DTU Compute Technical University of Denmark

Ethical Hacking

8

Colonial Pipeline Hack

17

DTU Compute Technical University of Denmark

Ethical Hacking

Data Breach Examination • Each Group will be assigned one of the cases above to analyse • What happened? – Describe the target of the attack and the attackers • Motives, means and opportunity – Present a timeline of the data breach

• Why could it happen? – Present a brief technical explanation of the vulnerability • Describe data and communication protocols if necessary

• How could it be avoided? – Identify security controls to resolve the security problem (remedy) • Preventive Controls? • Corrective Controls? • Detective Controls?

• What can be learned? 18

DTU Compute Technical University of Denmark

Ethical Hacking

9

References • Diginotar –

https://www.rijksoverheid.nl/documenten/rapporten/2011/09/05/diginotar-public-report-version-1



https://www.rijksoverheid.nl/binaries/rijksoverheid/documenten/rapporten/2011/09/05/diginotar-publicreport-version-1/rapport-fox-it-operation-black-tulip-v1-0.pdf



https://en.wikipedia.org/wiki/DigiNotar

• Sony –

https://www.sans.org/reading-room/whitepapers/casestudies/case-study-critical-controls-sony-implemented36022

• Home Depot –

https://www.sans.org/reading-room/whitepapers/casestudies/case-study-home-depot-data-breach-36367



http://krebsonsecurity.com/tag/home-depot-breach/

• TJX

19



http://sydney.edu.au/engineering/it/courses/info5990/Supplements/Week07_Malware&Security/Supp074TJXCaseDetails.pdf



https://www.computerworld.com/article/2544306/security0/tjx-data-breach--at-45-6m-card-numbers--it-s-thebiggest-ever.html



https://www.computerworld.com/article/2538711/cybercrime-hacking/one-year-later--five-takeaways-from-thetjx-breach.html

DTU Compute Technical University of Denmark

Ethical Hacking

References II • Target: –

http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/



https://www.sans.org/reading-room/whitepapers/casestudies/case-study-critical-controls-prevented-target-



https://www.commerce.senate.gov/public/_cache/files/24d3c229-4f2f-405d-b8db-

breach-35412 a3a67f183883/23E30AA955B5C00FE57CFD709621592C.2014-0325-target-kill-chain-analysis.pdf

• Stuxnet: –

https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier



http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-centrifuge.pdf



https://en.wikipedia.org/wiki/Stuxnet

.pdf

• Carbanak: –

http://www.securityweek.com/hackers-hit-100-banks-unprecedented-1-billion-cyber-attack-kaspersky-lab



http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Carbanak_APT_eng.pdf



https://www.fox-it.com/en/files/2014/12/Anunak_APT-against-financial-institutions2.pdf

• Kapsersky Labs:

20



https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns .pdf



https://media.kaspersky.com/en/Duqu-2-0-Frequently-Asked-Questions.pdf

DTU Compute Technical University of Denmark

Ethical Hacking

10

References III • Hacking Team: –

http://arstechnica.com/security/2016/04/how-hacking-team-got-hacked-phineas-phisher/

• Solarwinds –

https://www.csoonline.com/article/3601508/solarwinds-supply-chain-attack-explained-why-organizationswere-not-prepared.html



https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activationfrom-sunburst-to-teardrop-and-raindrop/



https://www.securityweek.com/continuous-updates-everything-you-need-know-about-solarwinds-attack

• Hafnium: –

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/



https://www.msspalert.com/cybersecurity-news/microsoft-exchange-hafnium-attack-timeline/



https://www.dubex.dk/aktuelt/nyheder/hafnium-attack-dubex-recommendations

• Colonial Pipeline Hack: –

https://www.theverge.com/2021/5/13/22434381/colonial-pipeline-darkside-hacker-ransomware-ransom-oil



https://www.wired.com/story/colonial-pipeline-ransomware-attack/

• This list of references is incomplete – Look for more information (Google is your friend) 21

DTU Compute Technical University of Denmark

Ethical Hacking

Final Thoughts • Large volumes of data available online – Business Process Data, Customer Data, Intellectual Property – Valuable to organizations and attractive to attackers

• Many security products, standards and best practises – Must be put in place • Which one(s) to choose? • Is it sufficient to protect the systems?

• Arms race between attackers and defenders – Attackers only need one mistake, defenders must get everything right – Zero-day vulnerabilities • Huge software bases in most systems – 60 percent of enterprise codebases contain open-source vulnerabilities1

• Huge attack surface (e.g. through Internet of Things) 1) https://www.zdnet.com/article/60-percent-of-codebases-contain-open-source-vulnerabilities/ 22

DTU Compute Technical University of Denmark

Ethical Hacking

11...

Similar Free PDFs
2021EH02 Data Breaches
  • 11 Pages
Determining Small Business Cybersecurity Strategies to Prevent Data Breaches
  • 173 Pages
Objective Data- Objective data
  • 4 Pages
Data Warehouse - data mining
  • 6 Pages
Data concerning the data
  • 2 Pages
Jenis Data, Penyajian Data, Ukuran Pemusatan data, Ukuran Penyebaran data
  • 32 Pages
KOMUNIKASI DATA MEDIA TRANSMISI DATA
  • 18 Pages
Instrumen Pengumpulan Data Data Sekunder
  • 64 Pages
Data Vektor dan Data Raster
  • 2 Pages
PENYAJIAN DATA dan pengolahan data
  • 5 Pages
DATA Mining AND DATA Warehousing
  • 108 Pages
Primary Data and Secondary Data
  • 2 Pages
Data - the data about ikea
  • 2 Pages
DATA WAREHOUSING DAN DATA MINING
  • 52 Pages
DATA SPASIAL.pptx
  • 37 Pages
DATA Analysis
  • 3 Pages
Popular Institutions