SEC 573 – E-Business Security - 60048-1

docx

School

DeVry University, Chicago *

*We aren’t endorsed by this school

Course

573

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

3

Uploaded by kevpalma14

Report
Kingsley Osei Owusu SEC 573 – E-Business Security - 60048 November 2023 Week 3 Project Research a recent threat (discovered within the last 36 months) to the security of an e-business operation. Define and describe the threat, including its discovery, history, impact on e-business operations, technical features, and risks. This deliverable is due in Week 3. Remember that this threat must be related to e-business, which, with very few exceptions, is now a web-based operation. Focus on “what happened” and “why, or how, did it happen”. Consider using the classic journalistic style of presentation: who, what, when, where why and how. Threat - Boeing Ransomware Attack from the LockBit Ransomware Group The threat I have chosen to research and analyze is one that most cyber experts are most familiar with. With regards to this threat, attackers encrypt the victim's data or locks them out of their own systems and demands a ransom payment in exchange for a decryption key or to restore access. According to researchers, the attackers breached Boeing using a zero-day exploit but have disclosed no further details as and when the attack happened.to futher elaborate on this technique, a zero-day exploit/vulnerability refers to a kind of security loophole that cybercriminals discover and exploit before any patch or solution is released. These vulnerabilities, like the Log4j vulnerability are particularly infamous and damaging because attackers will usually take advantage of them before they are resolved. LockBit gave Boeing only six days to make contact, while typically victims are given ten days to reach out to cybercriminals according to Cybernews. Discovery The incident involving the LockBit groups attack, on Boeing was likely identified when Boeings internal cybersecurity team noticed network activity encrypted files or a ransom note. The cyber incident was claimed by the LockBit ransomware group on its dark leak site October 27th, as first reported by Cybernews. Additionally, it is possible that the attackers themselves publicly disclosed the breach by uploading 50 gigabytes of data to LockBits dark web blog. History LockBit is a known organization with a track record of targeting businesses for gain. Their typical approach involves encrypting victims’ data and demanding ransom payments in exchange for decryption keys. This group has been actively carrying out cyberattacks on organizations worldwide. Impact on E Business Operations 1
Kingsley Osei Owusu SEC 573 – E-Business Security - 60048 November 2023 Week 3 Project The attack on Boeing could have consequences for its e business operations. Data Exposure - Sensitive information belonging to Boeing, such, as data, intellectual property and potentially customer data may have been compromised. Operational Disruption - The encryption of data can disrupt business operations potentially leading to delays and financial losses. Reputation Damage - The breach becoming knowledge could harm Boeings reputation by affecting customer trust and partnerships. Legal and Regulatory Consequences - Boeing may face regulatory repercussions that include reporting the breach, potential fines, and investigations. Technical Features LockBit ransomware typically uses encryption techniques to lock files making them inaccessible. The attackers then demand a ransom payment, in cryptocurrency. Provide decryption keys upon receiving the payment. In this instance LockBit also exposed some of Boeings stolen data on their web blog. Risks The LockBit ransomware attack on Boeing poses some specific risks. Some of these are and may not be limited to; Financial Losses - Boeing may face losses due to potential ransom payments costs associated with incident response and efforts towards recovery. Reputational Damage - The breach could harm Boeings reputation, impacting customer trust and business relationships. Legal and Regulatory Consequences - Failure to adequately protect data and promptly report the breach may lead to actions and regulatory penalties for Boeing. Operational Disruption - The attack has the potential to disrupt operations at Boeing leading to operational challenges. To minimize the impact of such an attack it is crucial for Boeing to respond promptly by involving cybersecurity experts and collaborating closely with law enforcement agencies. This would involve investigating the breach recovering encrypted data strengthening security measures and implementing measures, against attacks. Reference(s): https://cybernews.com/news/boeing-confirms-cyber-attack-lockbit-ransom/ 2
Kingsley Osei Owusu SEC 573 – E-Business Security - 60048 November 2023 Week 3 Project Hope, A. (2023, November 7). Boeing confirms cyber-attack after LockBit ransomware threatened to leak data. CPO Magazine. https://www.cpomagazine.com/cyber-security/boeing-confirms-cyber-attack-after- lockbit-ransomware-threatened-to-leak-data/#:~:text=American%20aviation%20and%20aerospace %20giant%20Boeing%20is%20investigating,ransom%20or%20have%20its%20stolen%20data%20leaked %20online. 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Case Study 4 - Pesendorfer.docx
MC120_Unit4Assignment_CrystalPannell.docx
07.docx
03 lab.docx
CJ 405 Project One Template.pdf
CJ 405 Project Two After Action Report Template.docx
CJ 405 Security Management Best Practices.docx
RMT340_ProductPitch_F22_updated (1).docx
IT Troubleshooter tickets.docx
CM107 unit 3 Discussion.docx
Unit_3_Technical_Assessment.docx
Unit_5_Technical_Assessment.docx