CYB_250_4-3 Stepping Stone_Larissa_Rojas

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

250

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

4

Uploaded by DukePenguin2879

Report
CYB 250 Professor Nancy McDonall May 28, 2023
CYB 250 Stepping Stone Two Template
Howard Threat Model Incident Bank Attacks Bluetooth Bug Attackers 49 attackers located in different countries Unknown Tools The customer site was identical to an internal banking website, and the attackers employed man- in-the-middle attacks, social engineering, and spear- phishing A malicious act involving a man-in-the-middle attack, where forged pairing messages were sent between two Bluetooth-enabled devices Vulnerability A design vulnerability allowed threat actors to plant malware by exploiting social engineering, which was facilitated by inadequate employee training The design vulnerability lies in the fact that the pairing process of Bluetooth devices doesn't require a public key for decryption Action Social engineering tactics were used to gain unauthorized access to company email accounts, allowing the attackers to obtain payment information. They then utilized phishing emails and created spoofed websites identical to the genuine ones to acquire customer login and payment information While the exact details are uncertain, it seems that the attackers utilized man-in-the-middle attacks to scan and read messages, intercept and decrypt all device messages, and potentially forge and inject malicious messages. Additionally, the attackers may have aimed to exploit Bluetooth technology to steal data from phones or laptops Target The breach affected the bank's network, customer account information, payment information, and corporate email accounts The vulnerability affects data transmitted over Bluetooth connections, with the attacker needing to be within a 30-foot range of the targeted device Unauthorized Result The theft primarily involved customer payment and account information The consequences of this breach include data theft and increased unauthorized access Objective Financial gain Unknown. The motivations and objectives of exploiting this vulnerability may vary depending on the intentions of the attacker
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
II. Cryptographic Techniques: The man-in-the-middle attack and breach that targeted Absa, one of South Africa's major banks, caught my attention. At the time, Absa had implemented the Triple-Data-Encryption Standard (TDES), which involved applying three different keys to encrypt and decrypt data blocks. The attackers, hailing from various European and African countries, initiated their assault by employing phishing and social engineering tactics to gain unauthorized access to the company's network and employee emails. Subsequently, they introduced malware into Absa's system and created a deceptive banking website that convincingly mimicked the legitimate one. Unsuspecting victims entered their authentic banking details on this site, unknowingly providing the attackers with their information. To safeguard against such a man-in-the-middle attack, Absa could have implemented a few essential measures. These include mandatory security training for all employees, conducting internal phishing email campaigns to assess employee awareness, and incorporating public key-based authentication to verify the legitimacy of websites. By adopting these precautions, Absa could have strengthened its defenses and reduced the risk of falling victim to this type of attack. References: Vaas, L., Vaas, L., says:, I. M., says:, A., says:, H., says:, P. D., & Ducklin, P. (2023, February 16). 49 busted in Europe for man-in- the-middle bank attacks . Naked Security. https://nakedsecurity.sophos.com/2015/06/11/49-busted-in-europe-for-man-in-the- middle-bank-attacks/ Seals, A. T., & Seals, T. (n.d.). Bluetooth bug allows man-in-the-middle attacks on phones, laptops . Threatpost English Global threatpostcom. https://threatpost.com/bluetooth-bug-allows-man-in-the-middle-attacks-on-phones-laptops/134332/

Related Documents

CYB 210 Module Five Activity Packet Tracer Michael Lara.docx
CYB 210 Network Configuration Scavenger Hunt Michael Lara.docx
CYB 240 Module Five Lab Worksheet Michael Lara.docx
PROG8651-FALL 2023-SECTION 3-Lakshay Bhati (1).pdf
README.md
CYB_200_Module_Four_Activity_Larissa_Rojas.docx
IT 145 Global Rain Summary Report Template (1).docx
Question paper xii cs python board.pdf
PICO Worksheet and Search Strategy new new.docx
cts 4408 quiz 2.docx
Intro to BA assignment 7.xlsx
Akiba Thomas week4.docx
Recommended textbooks for you
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
A+ Guide To It Technical Support
Computer Science
ISBN:9780357108291
Author:ANDREWS, Jean.
Publisher:Cengage,
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
A+ Guide To It Technical Support
Computer Science
ISBN:9780357108291
Author:ANDREWS, Jean.
Publisher:Cengage,
SEE MORE TEXTBOOKS