DISCUSSION REPLY
akak64733
DISCUSSION_REPLY.docxDISCUSSION 1
The worst-case scenario:
NotPetya attack
1.NotPetya is Windows-based ransomware, which infected many organizations in the world in 2017. This was a massive cyberattack that created havoc around the globe. Many insured organizations were seeking positive responses from their insurer organization for compensation of loss caused by this cyberattack. Many insurance organizations had a clause for the compensation that restricted any compensation in case of damage caused due to the 'act of war'. The UK government and CIA blamed Russia for this attack and tagged it as a state-sponsored cyberattack. After this statement, all insurance companies tagged this attack as an 'act of war' and denied any compensation. This attack was seen as an element of the Russia-Ukraine war. But because of this blame game mitigation action got delayed that caused massive loss across the globe.
The best-case scenario:
GitHub DDoS attack
2.In 2018, GitHub, a web-based provider of hosting service for the development of software, faced a massive DDoS attack, which impacted millions of its users across the globe. It also affected the page of the GitHub. GitHub was alerted to a drop in the availability of its services from its cloud agents across the globe. The availability of HTTP servers to its website observed a dip of 26%. The DDoS attack aimed to overtake resources to shut down access to service temporarily. But within minutes, GitHub efficiently mitigated this DDoS attack. It was identified that the defense mechanism of GitHub came into action quickly. The most impressive fact in this mitigation stage was that the entire mitigation process and detection were automated. Within fifteen minutes the attack had been overcome by GitHub, and its traffic continued as normal.
So, a worst-case scenario like NotPetya can learn from the best-case scenario like GitHub. It can learn that a fast and efficient response in the attack detection process and mitigation process could mitigate the potential loss. An automated detection and mitigation process can handle massive attacks quite efficiently, and it is a much-needed system in the present technological era of the globe.
References:
1.NotPetya Malware: Everything You Need to Know | Digit.in. (2020). Retrieved 7 October 2020, from https://www.youtube.com/watch?v=9Z-H8ku7s6c
2.How GitHub Defended Against Largest Recorded DDoS Attack. (2020). Retrieved 7 October 2020, from https://www.youtube.com/watch?v=tztjDBTud7M
DISCUSSION 2
Best Scenario: Dunkin Donuts DD
DD encountered an attack to steal credential information to sell it on the dark web. To this, the hackers used the DD perks accounts which customers use to login and store their points and discounts. The user credentials usually consist of a username and personalized 16-digit account number and password. This was a convenient option for regular customers to stay connected to the DD business. When hackers obtained access to large DD customer account, they wanted to use it to sell on Dark Web Forums. This not only compromised account information for several customers but also DD to face several lawsuits from customers for being careless with the information. (Jeff Orr (May, 2019).
DD can avoid this in the future by promoting good password practices such as using two-factor authentications for all logins and observation of their app traffic and by running security procedures on all operations.
Worst Case Scenario: BioStar 2 Data Breach
VIDEO URL: https://bit-tech.net/news/tech/software/biostar-2-breach-leaks-fingerprints-facial-data/1/
This was a serious case of cloud vulnerability attack when the employee identifications information such as the face, biometrics such as fingerprints and iris scans were stolen for estimation of 1 million users. This is a worst-case scenario because this information is going to be permanent for consumers and it can lead to several issues in the future, it practically risks the people for their entire lives. (Mike Snider (Nov, 2018).
This could have been avoided by understanding the risks of handling such data and by co-authenticated this biometric data with other databases. This could have been avoided if other authentication methods were preferred instead of biometrics. This Biostar 2 company can learn from DD to weigh other methods of login instead of biometrics and if handled, has to be coupled and authenticated with other data.
REFERENCES:
1. Jeff Orr (May, 2019), Top Cyber Security Breaches So Far; A Recap, cshub.com
2. Mike Snider (Nov, 2018), Dunkin Donuts says some DD Perks members’ accounts may have been hit by data breach, usatoday.com
