8-2 Scenaria Assignment Module 8

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

549

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

10

Uploaded by CountWildcatMaster7

Report
Hanah Deering IT 549 Foundation in Information Assurance 8-2 SCENARIO ASSIGNMENT MODULE EIGHT Strategies of Mitigation
Threats In the evolving digital threat landscape, hackers can leverage web security threats to significantly impact organizations of all shapes and sizes. Web security threats are internet- borne risks that can cause an undesirable event or information disclosure, like what we saw happen in the Target data breach of 2013. These threats can cause damage to not only organizations, but also individuals if exploited. Web security threats are also known as online/internet threats, as they are conducted via the internet. The installation of malware can be detrimental to the cybersecurity posture of Target. Types of malware can fall into seven subgroups: viruses, worms, trojan viruses, spyware, adware, ransomware, and fileless malware. Malware is a type of software that is often developed by hackers to either invade or corrupt networks. In the Target 2013 data breach, malware was installed on Point-of-Sale (POS) systems that was able to exfiltrate data in a large amount. Malware is usually distributed through malicious websites, emails, and software. Malware can also be hidden in other files, such as image or document files, or even in seemingly innocuous files, such as .exe files.” (McAffee, 2013) Target employees generally unintentionally install malware by clicking a link in a phishing email or from a website. Social engineering is simply the tactic used by hackers to manipulate or influence individuals to gain control over an account (steal credentials) or to steal sensitive information. This manipulation normally comes in the form of expressing urgency towards a matter, tricking users into clicking links or giving up sensitive information, like their username and password combination of Target employees. A hacker will go after end users, communicating as a legitimate source. If the hacker’s manipulation works, Target employees will be prompted to
take further action. This could entail giving away sensitive information. One of the most common forms of social engineering for Target is the use of phishing emails. Phishing emails are sent out to end users, attempting to exploit and harvest credentials or spread/install malware. These emails often pose as coming from a legitimate source, expressing urgency to complete an action. End users call victim to social engineering, leaving Targets information and systems exposed. The social engineering security threat is different from malware, as it is not hackers going after exploitable technical vulnerabilities, but rather after humans/employees. One of the most common objectives of hackers is information disclosure, especially prevalent to Target given the context of the sensitive information that Target encounters daily. “Information disclosure threats involve the exposure or interception of information to unauthorized individuals.” (Fowler, 2023) Not only is Target one of the largest retailers, but they also have a strong e-commerce presence. Hackers can leverage weaknesses in Targets web application to learn about the website’s shortcomings/vulnerabilities. Information disclosure can happen when an employee exposes their credentials, and a hacker is able to read files/access data that they were not granted access to (rightfully) or the ability of a hacker to read data that is in transit between two endpoints. Information disclosure can also happen when Targets website does not provide adequate protection mechanisms. These types of web security threats can have severe consequences for Target, such as data breaches, financial loss, and reputational damage. Hazards Malware presents a vast array of different hazards to Target. Malware can cause havoc and steal sensitive information/resources for Target, with a sheer sabotage intent. When malware
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
is installed with Targets network or on endpoints, data exfiltration occurs on sensitive information like emails, plans, passwords, or vitally sensitive information. Once malware is installed, disruption can potentially occur to Targets network, locking up the internal network and resources, making daily business functions unusable. This can have damaging effects on internal network infrastructure and Target’s reputation. Not only does malware influence daily business functions, the confidentiality of sensitive information, but hackers also were able to sell Targets intellectual property and customers credit card information on the dark web. Humans are the weakest element to Targets cybersecurity posture, as social engineering is one of the most common security threats that every organization faces. Social engineering is a prevalent threat for Target. The 2013 breach originally started with a successful phishing attempt, leaking credentials. Once a hacker has been successful in credential exploitation, they then have access to all of Target’s resources that the original user has access to. This allows for an attacker to move throughout an organizations network, posing as a legitimate user. What makes social engineering such a hazard for Target, is that is doesn’t take even two victims to fall victim to a social engineering attack, it only takes one . One successful social engineering victim can trigger an attack and affect the entire organization. Target experienced this in the breach, as the breach started with one successful phishing attempt before the hacker was able to penetrate their network and install malware on the Point-of-Sale (POS) system. Information disclosure exposes sensitive data to unauthorized individuals. The hazard associated with this type of web security threat is leveraged by the context of the information disclosed (public information, sensitive business information, credit/debit card numbers, Personal Identifiable Information (PII)). Each one of these classifications would pose a
different level of impact (hazard) in the event of exposure for Target. Information disclosure challenges the confidentiality (and potentially integrity) of data. If the wrong internal information is exploited from Target, there could be millions of customers affected. Data breaches, exposed API keys, exposed session keys, and leaked system information are just some of the hazards to Target that come with information disclosure. Exploitations Malware, social engineering, and information disclosure are threats that are currently exploiting holes in Targets security countermeasures in place. Security countermeasures are the technical, physical, and administrative controls that are put in place within Target to ensure the confidentiality, integrity, and availability of data and systems. Target deploys anti-malware and an Intrusion Detection System (IDS) internally. However, improper patch and configuration settings have allowed these threats to be exploited, especially in the 2013 Target data breach. Baselines were incorrectly set up to identify normal behavior of Targets systems, leaving the security staff to ignore the alarms that were being set off when the hackers were active and present on the network. An irregular patch management schedule allowed vulnerabilities to be present in the system, allowing for an easy, exploitable vulnerability. All of which in combination, allowed for hackers to go undetected within Targets systems and eventually install malware on the Point-of-Sale (POS) systems. Hackers were able to first gain access to Targets system through a phishing email. The lack of following email security best practices outlines in Targets Information Assurance Plan and
deploying email security gateways, creating a security hole for hackers to exploit Targets weak social engineering awareness program for their employees. If Target would have had a regular social engineering awareness program internally, employees would have been aware of the urge to use caution when clicking links or downloading files. Information disclosure generally starts with a hacker gaining access to a system. Should Target of had multifactor authentication set up on business-critical systems, the hacker would not have been able to install malware. Hackers were able to exploit Target’s lack of practicing strong access control and the use of the principle of least privilege by being able to move throughout Targets network, ending up in a business-critical place that they should have never been able to access in the first place with a common user’s user credentials. Preventative Actions Preventative measures can be taken by Target to stop the breaches that exploit the identified web security threats. It is important to not only deploy the correct technologies to monitor and detect hackers, but also ensure sufficient training of end users. Target should ensure a secured permitter to ensure the correct traffic flow of the network. Firewalls provide protection against outside cyber attackers by shielding your computer or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet.” (CISA, 2023) It is important to continually monitor and detect malware that is advanced enough to evade perimeter defenses. Security Information and Event Management (SIEM) systems can help Target accomplish just that. If a threat is detected, an alarm with be thrown in which Target’s Security Team can
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
response to the detected threat before business is disrupted and data is exploited. Advanced malware protection requires multiple layers of safeguards. This entails having safeguards in place that provide a significant visibility and breach detection. Being able to identify hackers that have penetrated Targets network quickly using safeguards such as FireEye , which is a software installed on endpoints (servers and PCs) to provide a level of protection against common malware threats. Even the best security systems are challenged in the event of a social engineering attack. This is why preventative measures such as a consistent, tailored social engineering awareness program within Target is highly recommended. Context of bringing social engineering awareness to the organization should include demonstrations of how hackers will attempt to social engineer. This could include monthly phishing simulations and annual social engineering trainings for all Target employees. This helps for employees to have the best judgement when it comes to social engineering attempts. It is important for all employees to understand the part that they play in the security culture of Target. Social engineering can also be preventative with a clear set of security procedures and policies in place with the organizations Information Assurance Plan, such as a Password Management Policy, Multifactor Authentication, and anti-phishing defenses in email security. Information disclosure threats can be prevented through Target taking several approaches. A regular social engineering aware program will help aid in ensure that employees are not falling victim to phishing emails, granting access on the frontline to hackers to be able to view and disclose sensitive information. Strict access control and least privilege access on all user accounts ensure that employees only have access to what is needed to complete their daily job
functions, ensuring that if credentials are stolen, a hacker does not have access to the entirety of the system. Data needs to be encrypted both at-rest and in-transit, ensuring no plaintext is viewed by unauthorized access. API keys should not be hardcoded in and are store in a secure location, with controlled access. Penetration testing also serves as a preventative measure for Target against this web security threat. This is helping Target’s security team stay ahead of the vulnerabilities that are present, and they these identified vulnerabilities are remediated before hackers are able to expose them. Pros and Cons Security measures can be a strenuous process for organizations such as Target to implement properly and effectively. Impediments such as lack of security personal, adequate tools, and budget allocations often effect the cybersecurity posture of organizations. Training security staff are hard to come by, often leaving security implementation and monitoring less par to what it should be. Implementing security measures such as firewalls, access controls, and cryptographic measures take specially trained personal that must specialized in each measure to effectively implement the control. Cyber security personal go through years of schooling or studying for certifications, however there is a demand for cyber security personal across all organizations. Security tools often too must be vetted by risk management personal, as automated controls are hard to come by. Organizations often must have many tools to complete one job function. Resource allocation and budgets put restraints on how great an organizations security posture can be.
On the flip side, implanting security measures can drastically improve the overall cybersecurity posture for Target. This enhances customer trust, maintaining trust and credibility with sensitive data. Security measures put Target into compliance with regulations, allowing them to do business. Security measures overall increase the security of the network, protecting sensitive data from any unauthorized access. Examples of security measures can be authentication protocols, cryptographic protocols, data encryption, and physical and logical controls. Implementing these controls protects Target’s network against malicious attacks, providing a peace of mind.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Citations CISA. (2023, February 23).  Understanding firewalls for home and small office use: CISA . Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/news- events/news/understanding-firewalls-home-and-small-office-use#:~:text=What%20do %20firewalls%20do%3F,or%20network%20via%20the%20internet.  Fowler, M. (2023).  Information disclosure - Martin Fowler . INFORMATION DISCLOSURE. https://martinfowler.com/articles/agile-threat-modelling/Information_Disclosure- STRIDE_Threat_Modelling_Card.pdf  McAfee. (2023).  What is malware and how cybercriminals use it . https://www.mcafee.com/en- us/antivirus/malware.html 

Related Documents

image.jpg
Activity 5-2.docx
Project 2.docx
Reason for BCP.docx
IT 409 Project 1.pptx
Project One.docx
The Evolving Landscape of Artificial Intelligence.docx
Final Project.docx
7-2 Final Project Milestone.docx
Lab 2.0.1 Establishing Technical Requirements .pdf
Lab 2.0.2 Developing Network Requirements.pdf
Lab - Identifying Business Constraints (1).pdf