Assume a scenario where the hackers gained access to information through malware on Point-of-Sale (POS) systems...

70.2K

Verified Solution

Question

Programming

Assume a scenario where the hackers gained access to informationthrough malware on Point-of-Sale (POS) systems of more than millioncredit and debit card. The firewall had captured the first malwarecode and an alert was issued which was ignored. The hackers starteddownloading the collected data. The cyber criminals have hacked thesystem to gain credit and debit card information.
1. Explain in your own words what happened in the abovediscussed data breach.
2. Identify and experience the type of attack experienced in theabove scenario
3. The stolen credentials alone are not enough to access thecompanyâ€™s POS devices. What other means can the hackers acquire toallow them to navigate the companyâ€™s network and deploy themalware.
4. What would have hackers done for privilege escalation?
5. The organization admitted that they ignored many alerts fromtheir network security devices because of alert overload. If youare the organizationâ€™s Chief Technical Officer (CTO), what wouldyou do to reduce the problem of alert overload?
6. The security experts criticize the organization for failingto isolate sensitive sections of their networks from those moreeasily accessible to outsiders. As a CTO, please propose a feasiblesolution to segment and categorize your networks and resources.

Answer & Explanation Solved by verified expert

4.0 Ratings (524 Votes)

Question 1 Explain in your own words what happened in the above discussed data breach Answer to Question 1 The PointofSale POS system implemented must be an Internet Based Cloud system that heavily depends on Networks Thus network and system security is of prime importance to POS systems that stores sensitive personal and credit card information In the current case the Firewall alerted the Network Security Personnel with the possible network security breach and its signature The Network Security Personnel should have been more careful to analyze the Malware code and identify and block the unauthorized entry into the POS system A possibility is that the attacker succeeded in some kind of password attack to steal the administrator passwords to steal the sensitive password personal and credit card information The attacker could have used password attacking tactics like Dictionary attack applicable if the user used weak common password Brute Force Attack applicable if the user used weak short password Traffic interception applicable in the absence of strong and secure malware removal tools Man in the Middle applicable in the absence of strong network security and encryption mechanisms Key logger spyware or Trojan attack applicable in the absence of strong and secure malware removal tools Social engineering attacks like phishing spear phishing baiting quid quo pro etc applicable in the absence of strong and secure malware removal tools and lack of awareness or ignorance of employee Hash injection attack applicable in the absence of strong and secure malware removal and network security breach identification tools and lack of See Answer

Get Answers to Unlimited Questions

Join us to gain access to millions of questions and expert answers. Enjoy exclusive benefits tailored just for you!

Membership Benefits:

Unlimited Question Access with detailed Answers
Zin AI - 3 Million Words
10 Dall-E 3 Images
20 Plot Generations
Conversation with Dialogue Memory
No Ads, Ever!
Access to Our Best AI Platform: Flex AI - Your personal assistant for all your inquiries!

Become a Member