Cloudbleed
Discuss about the Network Security and Private Communication.
The report has a specific focus on the network security related to the real world. In this report, six major incidents of the recent year will be discussed. The content of the incident will be categories with the significance, cost, impact, frequent occurrence, technical nature of the attack. Finally, the analysis will be done regarding the attacks that are similar and provide with information predicted for 2018
Significance- The significance of Cloudbleed is that it kept user’s sensitive information at stake. The information of users including passwords from Cloudflare organisation was leaked to thousands of websites (Holland, 2017). It caused revealing of private information of Cloudflare customers on the almost 3,400 websites.
Impact- The impact of CloudFlare was devastating, but it was minimal as it leaked private information such as photos or videos of users (Holland, 2017). The introduction of vulnerable HTML parser contributed in affecting almost 180 sites. The Cloudbleed affected users as it was going on for a long time.
Frequent occurrence- The occurrence of this type of attack is less if it is detected quickly and this type of attack cannot occur very frequently.
Technical nature- The technical nature of this attack is that it leaked user’s private information such as username and password on several websites.
The attacks similar to Cloudbleed is Heartbleed which affected almost half of million websites (Nieva, 2014). The Heartbleed attack was vulnerable, and attackers can gain access to data servers on OpenSSL software.
The prediction of Cloudbleed attack in 2018 is that CloudFlare should be aware of its security activities. They should adopt and implement potential strategies to mitigate the similar risks in future.
Significance- The significance of Data Breaches is that the information of the personal identification can be obtained through identity criminals.
Impact- If the user responded to the data breaches then it will impact the identity crime of the incidence.
Frequent occurrence- Frequent notification has seen in the United States and the overseas legislatures regarding the data breaches. Currently, the Australian Government made it mandatory for the notification of data breach process (2017 Data Breach Investigations Report, 2018).
Technical nature- The technical nature of the attack is that through personal information data such as date-of-birth, social security number and more can be a breach and stole.
Analysis- In the year 2017, the Equifax credit reporting agency faced a cyber-attack in which half of the U.S populations’ date of birth, social security number and other data are stolen (Berghel, 2017). It is a stark reminder from the hackers as it seems that they are thinking something big. There are a lot of sensitive information that the company hold. As per the security expert Marc Goodman who is the also an author of Future Crimes have a view that the data brokers hold information about the habits of people’s through personal Web browsing as this is the most popular targeted site.
Data Breaches
Significance- In this attack, the attacker usually sends an email to the user who seems to be from someone that the user know about (David Marshall, 2018). It seems that the email is legitimate that has some urgency. There is an attachment in the email that either open or has a link to click.
Impact- If the user opens the malicious attachment then the malware gets installed on the user’s computer system. Once the user clicks on that link, a legitimate website open on the screen requesting a login and get access to all important files which is a trap.
Frequent occurrence- In 2017, Google Docs phishing attacks had frequently hack or spoof to steal the corporate data and credentials.
Technical nature- The technical nature of the attack is that through malicious email the attack gets install to user’s computer and hacker easily get the access to confidential information.
Analysis- In 2018, the schemes of phishing is much sophisticated. Incredible techniques are used that are well disguised by a cybercriminal.
Significance- The significance of this attack is that there is a pop up of an antivirus alert on the user screen which is a malware (Sehgal, 2018). If the user clicks on the malicious attachment of the email, then there is a close chance that malware attacks have entered the system.
Impact- Through malware, attackers gain hold over the users’ computers. Malware takes control of the machine and monitor the actions and keystrokes and send all confidential data from the user computer or network to the attacker’s computer (Giles, 2018).
Frequent occurrence- Frequently occurring malware are Trojan horses, spyware, worms, viruses, adware that are seen on the user’s computer.
Technical nature- the attacker get complete control and access to the user’s computer
In the Cisco 2018 Annual Cybersecurity Report, it has been discussed that after seen the behaviour of the attacker for past 18 months they had analysed that the defender can stop the attack if they can know about the attack when it is coming and protect their devices.
Significance- This malicious software attack data and lock down till the ransom is paid. Ransomware is a malware in which the defences are breached and through it the files of the computer locks down with the use of strong encryption (Polatidis et al., 2017).
Impact- The computer that is infected have the impact of it on productivity due to the risk of losing the valuable data. The ransomware has infected mainly the unsafe link or programs.
Phishing Attack
Frequent occurrence- In the last 12 months, there has been a plague seen in the ransomware attacks that were targeting Britain’s National Health Service located in San Francisco’s in the light-rail network and to some of the big companies like FedEx.
Technical nature- The technical nature of the attack is that data or files of the computer get locks.
The RightScale’s 2016 State of Cloud report have seen that 82 % enterprises use multi-cloud strategy. According to the Intuit projections 78% small businesses will have cloud by 2020. The data can be saved to virtual environments; companies are now more flexible to save money on IT infrastructure. In future, Cloud is going to improve its productivity, scale the strategies of IT, collaborate and within the infrastructure, there is an increase in effectiveness of the cost. By 2019, the market of cloud security will be $8.71 billion which means companies can invest more on tools to make their environment.
Significance- The significance of NotPetya attack is that it infected machines going through a network (Marsh, 2018). The attack was significant as it was unknown and destructive which affected organisations very badly in Ukraine.
Impact- The impact of NotPetya attack was huge as it affected organisations in Ukraine regarding government, energy and financial institutions (Marsh, 2018). The global companies were also impacted badly including FedEx, Merck and Maersk. The revenue loss was big for the companies as it costs up to $300 million loss.
Frequency occurrence- The frequency occurrence of this attack is high as the code used in this attack is reusable with some improvements. The attack can take various forms with advancements in the attack.
Technical nature- The technical nature of the attack was that computers were infected mostly in Ukraine and Russia. The malicious codes were injected into the computers that caused the attack to occur. The NotPetya victims were not able to recover their data as attackers themselves were not able to provide decryption keys.
The attack similar to this attack is Petya attack that occurred before this attack and NonPetya attack used come codes from Petya attack (Solon & Hern, 2017).
The prediction of Petya attack for 2018 is that it can be mitigated if the systems are updated, and data are backed up.
References
Berghel, H. (2017). Equifax and the Latest Round of Identity Theft Roulette. Computer, 50(12), 72-76.
David Marshall, V. (2018). Bitglass 2018 Predictions: The Future of Passwords and Phishing: @VMblog. Retrieved from https://vmblog.com/archive/2017/12/27/bitglass-2018-predictions-the-future-of-passwords-and-phishing.aspx
Giles, M. (2018). The nasty surprises hackers have in store for us in 2018. Retrieved from https://www.technologyreview.com/s/609641/six-cyber-threats-to-really-worry-about-in-2018/
Holland, P. (2017). Cloudbleed bug: Everything you need to know. Retrieved from https://www.cnet.com/how-to/cloudbleed-bug-everything-you-need-to-know/
Marsh, S. (2018). US joins the UK in blaming Russia for NotPetya cyber-attack. Retrieved from https://www.theguardian.com/technology/2018/feb/15/uk-blames-russia-notpetya-cyber-attack-ukraine
Nieva, R. (2014). Heartbleed bug: What you need to know (FAQ). Retrieved from https://www.cnet.com/news/heartbleed-bug-what-you-need-to-know-faq/
Polatidis, N., Pimenidis, E., Pavlidis, M., & Mouratidis, H. (2017, August). Recommender systems meeting security: From product recommendation to cyber-attack prediction. In International Conference on Engineering Applications of Neural Networks (pp. 508-519). Springer, Cham.
Sehgal, K. (2018). This is how attackers are planning future malware attacks – IncubateIND Media. Retrieved from https://media.incubateind.com/how-attackers-are-planning-future-attacks/
Solon, O., & Hern, A. (2017). ‘Petya’ ransomware attack: what is it and how can it be stopped?. Retrieved from https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how
verizon. (2018). 2017 Data Breach Investigations Report [Ebook] (10th ed.). Retrieved from https://www.ictsecuritymagazine.com/wp-content/uploads/2017-Data-Breach-Investigations-Report.pdf
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
