CYB 250_STEPPINGSTONETWO_SABRINA_WYMAN

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

250

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

3

Uploaded by ProfessorOxideSnake114

Report
CYB 250 Stepping Stone Two Template
Howard Threat Model Incident Bank Attacks Bluetooth Bug Attackers 49 attackers based in multiple countries Attacker unidentified Tools The customer site that was being used was identical to another internal banking site, social engineering, spear-phishing attacks Man in the middle attack, sending forged messages between two bluetooth enabled devices. Vulnerability Design had a flaw that allowed exploitation from attackers by using a malware that was planted on company software. The lack of training within the employees allowed attackers to successfully use phishing attacks. Vulnerability with the design, Bluetooth devices being paired does not require a public key to decrypt Action Attackers gained access to companies email accounts by using a social engineering. They then using phishing emails to set traps for the victims where they would enter log in and password information into the illegitimate website that then allowed attackers to collect that information. Vulnerability with the design, man in the middle attacks, Vulnerability allowed attacks to decrypt, scan, read and intercept files and messages in addition to adding their own malicious code onto the targets device. Target Bank network, customer personal account information, and company emails. The attacker must be within 30 feet of the targeted bluetooth device. Unauthorized Result Theft of customer payment and account information Data theft and increased access to the targeted system Objective Fiscal gain Different objects behind exploiting this vulnerability depends on the motivation of the attackers.
One of the most interesting attacks that I found that involved man-in-the-middle as an attack method was the 49 people that got busted in Europe for bank attacks. The ones that got busted in this attack used man-in-the-middle in order to find and intercept different payment requests that was sent via email. The attackers was able to plant malware on the bank systems that then falsified a similar looking website where people would input their log in and payment info but instead of accessing their accounts their information was then given to the attackers so they could do what they wanted with the customer’s account. Some ways that the bank could have prevented this was by teaching their employees the difference of phishing emails as well as using a key-based authentication to prevent non-authorized users from accessing crucial information. Works Cited SOPHOS NEWS . (2015, June 11). From https://news.sophos.com/en-us/2015/06/11/49-busted-in-europe-for-man-in-the-middle- bank-attacks/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Networking Assignment(1).docx
Cybersecurity Lab Assignment(2).docx
Capturing Packets Project.docx
Mario Crosby - Chapter 1 Labs (1).docx
SMTP Project.docx
CMGTCB 554 IT Infrastructure International Plastics Inc Network Diagrams.docx
IT 226 4.1 Activity Blog Post for Revision(1).docx
CMGTCB 554 IT Infrastructure International Plastics Systems Management Plan.docx
CYB_250_FINALPROJECTMILESTONE_SABRINA_WYMAN.docx
CYB_250_MODULE5SHORTRESPONSE_SABRINA_WYMAN.docx
CYB_250_MODULE2SHORTRESPONSE_SABRINA_WYMAN.docx
Mario Crosby - Chapter 3 Labs.docx