Answer To: Task back to top Part A: 10 Marks 1. Search the web for news on computer security breaches that...
Kuldeep answered on Aug 21 2020
Running head: Computer security breaches
Computer security breaches
Computer security breaches
Student Name
University Name
Unit Name
Unit Code
Contents
Part A 2
Under Armour data security Attack: March, 2018 2
What the problem was 2
Scope of the attack 3
How and why it occurred 3
What could have been done to prevent it 5
Part B 6
WannaCry and the Petya cyber-attacks 6
What the problem was 6
Scope of the attack 6
Operational details of the attack 6
What could have been done to prevent the attack 6
References 7
Part A
Under Armour data security Attack: March, 2018
What the problem was
In 2018, March hackers decimated and breach Under Armour's MyFitnessPal application, uncovering or revealing usernames, email locations as well as passwords from around 150 million clients of the application. The organization found the interruption on March 25 and revealed the news inside seven day. Furthermore, it appears that Under Armour has completed a great job of building its information assurance, and programmers can't get to profitable client data, for example, area, credit card details and SDN's, regardless of whether they are completely swimming in the pool of login accreditations (Aiello, 2018). The organization even ensures passwords it almost stores by simply hashing them, or changing over them into vast strings. However, there is one big issue: notwithstanding a ton of things, company also admits that it just uses an intense function named as Bcrypt to hash a few passwords; the rest is secured by a weak hash conspire called SHA-1 that has known deformities. This implies data hacker may split a portion of the stolen usernames or passwords and not offer or utilize them in the online tricks. In spite of the fact that this isn't the most noticeably awful information break ever, it is disappointing that the security of corporate systems isn't dependable. A security issue in this case is whether company is indeed negligent and taking reasonable care to protect and protect the consumer's information from damage, considering that the password is protected by some strong bcrypt hashing, however other exposed data is only Hash-protected by the SHA-1 is considered to be easier to crack (Kolbasuk McGee, 2018). The complaint alleges that due to Under Armour's actions, victims of violations harmed as well as lost money and their property, including although not at all limited to their loss of officially protected interests in the privacy and confidentiality of privately identifiable information." If MyFitnessPal s consumers email address and username are compromised, the individual will be at risk of targeted phishing as well as social engineering fraud, "especially if combined with other big data," potential attackers can easily identify victims.
Scope of the attack
Under Armour, which is adding more and more hackers to the list of corporate victims, said its MyFitnessPal nutrition tracking application was tied to about 150 million user accounts earlier this year. MyFitnessPal data does not include driver's Social Security Numbers, license numbers, and some other legal or government-issued identifiers, and the application does not collect these identifiers from users. Violations also do not affect payment card data, which is collected and processed separately (Makridis & Dean, 2017). But security experts warn that hackers can use or sell password information to get more sensitive personal information or invade other accounts. Hackers on online user accounts can have huge consequences, but only for that person. However, data security breaches in businesses or large organizations can result in major costs for the organization and its customers.
How and why it occurred
At the point when Under Armour reported that its sustenance application MyFitnessPal had an information rupture that influenced the data of around 150 million clients, things were really not that awful. Obviously, when individual information closes on the Internet, it will never be great, not to mention such a large number of individuals, however it appears that Under Armour's has taken at any rate sensible precautionary measures. However, for reasons unknown, Under Armour just makes things right (Marie Segarra, 2018). Given the quantity of prominent information ruptures that have caused huge misfortunes throughout the years, it is basic for organizations with touchy information to manufacture frameworks in ways that point of confinement potential effect. In such manner, the Under Armour hacking episode contains a few uplifting news. The interruption just uncovers the username, email address and secret word, showing that the Under Armour framework has been subdivided in any event enough to secure the crown gem -, for example, birthday celebrations, area data or charge card numbers - from being gobbled up. The organization said the infringement happened in late February and was found on March 25, which implies it was freely revealed inside seven days. That is quick; recall, Uber put in a year taking a shot at information robbery. Hackers and cyber criminals utilize the exceedingly acclaimed secret key hash work "bcrypt" to change over the majority of their put away passwords into befuddling, unlimited character...