Computer Security Breaches

Question: Discuss about the Computer Security Breaches. Answer: Hyatt data breach According to Krebs (a popular cyber security analyst, 2016), any customer who used the services offered by Hyatt hotel between August and December 2015 is likely to have had their credit card data stolen. In fact, during this period unknown cyber criminals infiltrated the organisations 250 hotels across 50 different countries. An official statement by Hyatt Hotels Corporation further detailed the problem stating that majority of its payment systems were compromised by card stealing malware that targeted customers data. However, the said malware was precisely installed in the restaurants owned by the hotel with minimal intrusions detected in the other recreational facilities i.e. spas, shops, golf courses and parking (Krebs, 2016). Analysis of the Problem In an attempt to curb cyber security, many financial institutions are offering debit and credit cards that are incorporated with access chips. These access chips are meant to help retailers to track transactions through checkout systems that thoroughly read customers data off the said chips while maintaining cyber security compliance regulations (BITS, 2011). Similarly, Hyatt payment systems promoted credit and debit card payment where customer data was and is still encrypted in the existing chips. However, many of these cards shoulder little amounts of plain text data, stored in the magnetic stripes of the overall payment item. Therefore, when the cards are swiped in a transaction including fraudulent transactions, the data owned by the customer is placed at risk. Moreover, unlike in the past when data was primarily stolen off magnetic strips and replicated, Hyatts problem escalated beyond this basic rational where stolen data (plain text) was shipped to the United States and used t o make further security breaches (BITS, 2011). How was the data stolen The perpetrators installed data-stealing malware into Hyatt payment system, this was done using counterfeit cards which were used in certain managerial locations. Therefore, the cyber criminals first obtained customers card information, most likely through the magnetic strips which were then used as a loophole to access and infect Hyatt systems (Osborne Day, 2016). Moreover, the malware was designed to steal extensive records including; names of the cardholders, numbers, verification codes and the expiration dates. In all, these items were used by the organisation to confirm payment onsite at any given location. Therefore, with each transaction, the malicious program harvested credential information with minimal alerts to the staff or the management. Solutions First the loophole, despite the presence of encrypted chips most transaction cards (debit or credit) holds plain text data in the magnetic strips. This outcome exposes any organisation and its customers to security breaches. Therefore, by allowing customers to swipe the magnetic stripe exposes them to grave danger. A practical solution to this problem is to have chip readers within all the organisations facilities (Wattles, 2015). This provision eliminates the need for magnetic strips which are essentially used by criminal masterminds to steal the data they require. Furthermore, the said solution has seen tangible results are evidenced by the reduced counterfeit incidences in other G20 countries other than the United States who still fail to regulate the card liabilities (Krebs, 2016). Secondly, the organisation should instigate and stop intrusion through all targeted areas. In most cases hackers will use system vulnerabilities to carry out attacks, this includes malware, security liabilities and even personnel. On behalf of the system, the information technology department must develop prevention solutions that shut down the relevant vulnerabilities thus maintain an optimum level of security. For instance, password violations are a common phenomenon since most users will stick with default passwords. Advising customers to change the said passwords is a step in the right direction that minimises intrusion incidences (Symantec, 2011). Furthermore, in a case where a data breach is experienced such as the one seen in this case study, the organisation should in the future have detection systems that alert the administrators of possible data violations to prevent extended attacks. Hyatts systems were infected for more than four months without detection, which increased the severity of the problem. Moreover, these detection systems can identify and stop insider breaches that are caused by broken enterprise processes, for instance, an outdated antivirus. In addition to this, they automate security controls where security configurations on firewalls and even patch management are done with minimal input from the users. These functionalities introduced by detections systems can also be combined with event management systems to curb data breach incidences especially during outbound transactions where Hyatt systems were mostly affected (Prince, 2017). JPMorgan chase hack case In 2014, the renowned financial institution JPMorgan Chase experienced one of the biggest cyber-attacks seen in recent times. In the attack, accounts owned by both household users and small businesses were compromised. Moreover, the attack saw cyber criminals hack several computers within the financial organisation and the publisher of the financial institution. This hack allowed the perpetrators to access and steal customers personal information. In all, the attack is said to have affected more than 100 million loyal customers (Crowe, 2015). The Problem After a thorough assessment of the attack, JPMorgan revealed that the data breach targeted customer information such as contact details; names, addresses, numbers and email addresses. Moreover, the intrusion further compromised the organisations internal systems by collecting confidential data owned by the users. However, as stated by the organisation, the breach did not affect the customers financial records including the money they owned (Weise, 2014). This conclusion was provided because the details of account records were never affected by the attack including passwords, IDs, and social security numbers. Nevertheless, this information was completely contradictory with independent surveys done the New York Times that stated that the hackers obtained the highest possible level of administration within the institutions financial system. In essence, the cybercriminals had extended privileges on more than 90 servers owned by the bank. This access gave them the root control over the banks system including the transfer of funds, confidential information and the likelihood to close accounts. In a nutshell, the perpetrators could do whatever they wanted to do with the said system. Now, according to J. Thompson (2014), such attacks that have extended access but have zero money stolen are suspect to future attacks. Therefore, the hacker initially, intended to identify the organisation vulnerabilities for future exploits but were caught before proceeding with their extensive plan. The Attack Information is the most variable asset seen today and organisations such as banking institutions protect this asset with maximum security protocols including dynamic intrusion detection systems. However, the attack on JPMorgan system was started using a basic intrusion technique as compared to the sophisticated mechanisms thought by the public. To start with, the hackers stole an employees login information which was then used to access the system. After gaining access to the system, the hackers then used their newly acquired privileges to manipulate the pump and dump stock exchange schemes. This manipulation allowed them to generate lucrative deals on online financial proceedings such as online gambling which generated millions of dollars (Farrell Hurtado, 2015). Nevertheless, the root of the problem was stolen credential information that was later used to access the companys servers using computers in different locations throughout the world. Moreover, the criminals used the affiliate organisations owned by the institution to access their information. For instance, a website owned by a charity race hosted by JPMorgan was the first intrusion point. This cover up i.e. using affiliates and not the organisation itself, allowed the perpetrators to go undetected for an extended period of time (Goldstein, Perlroth and Corkery, 2014). Furthermore, the simple flaw was able to explain why other related organisations were unaffected by the security breach particularly at a time when controversial economic sanctions had been deployed by the United States. Prevention of the Attack From the analysis done on the security breach, it was clear that a simple flaw was the root cause of the problem unlike previously thought where experts proposed malicious bugs or Softwares sourced from the dark web. This kind of attack is easy to guard against as seen in other countless occasions. Many organisations the likes of JPMorgan invest heavily in computer security more so, on authentication and authorization, i.e. the access methods of this attack. Therefore, even though the attackers acquired login credentials of an employee, the security systems should have been able to detect and stop the violation. For one, a common practice seen today is the application of two-factor authentication mechanisms. In essence, institutions that host confidential information use different techniques to provide users access to their systems, these techniques verifies the identity of the user beyond resemble doubt. For instance, having acquired the login credential, JPMorgan should have genera ted a one-time access code for the user to access the system, this would have defiantly stopped the attack (TRC, 2015). However, the attack on JPMorgans system showcased a common problem seen in many organisation today, that of network vulnerabilities. As highlighted by many security experts, many organisation today fail to secure their systems at certain periods of the year when their focus is shifted to other crucial activities such as payment processes done during high turnover sessions. Moreover, this problem is aggravated by the acquisitions done by the organisations. These acquisitions make it difficult to integrate security systems owned by the parent company with those of the affiliate organisation and as a result of this weakness attacks are easily conducted through the weaker affiliate systems. A solution to this problem is to develop separate security measures for the acquired organisations, this ensures security is maintained prior to the integration (TRC, 2015). Nevertheless, despite the extensive challenges faced, organisations like JPMorgan whose annual returns surpass billions should employ basic if not sophisticated cyber security techniques. For instance, the multiple authentication techniques mentioned above where multiple factors are used to grant authority e.g. biometric, token and passwords must be used. Moreover, routine analyses should be done on existing systems through network management systems that evaluate transferred data packets for any alterations (Valdetero Zetoony, 2014). These simple security techniques could have prevented the attack on JPMorgans system even if the login credentials of one of its members was stolen. References BITS. (2011). Malware risks and mitigation report. Financial services roundtable. Retrieved 03 March, 2017, from: https://www.nist.gov/sites/default/files/documents/itl/BITS-Malware-Report-Jun2011.pdf Crowe. P. (2015). JPMorgan fell victim to the largest theft of customer data from a financial institution in US history. Retrieved 4 March, 2017, from: https://www.businessinsider.com/jpmorgan-hacked-bank-breach-2015-11?IR=T Farrell. G Hurtado. (2015). JPMorgan's 2014 Hack Tied to Largest Cyber Breach Ever. Bloomberg. Retrieved 4 March, 2017, from: https://www.bloomberg.com/news/articles/2015-11-10/hackers-accused-by-u-s-of-targeting-top-banks-mutual-funds Goldstein. M, Perlroth. N Corkery. M. (2014). Neglected Server Provided Entry for JPMorgan Hackers. Deal book. Retrieved 4 March, 2017, from: https://dealbook.nytimes.com/2014/12/22/entry-point-of-jpmorgan-data-breach-is-identified/ Krebs. (2016). Hyatt Card Breach Hit 250 Hotels in 50 Nations. Retrieved 4 March, 2017, from: https://krebsonsecurity.com/2016/01/hyatt-card-breach-hit-250-hotels-in-50-nations/ Osborne. C Day. Z. (2016). 250 Hyatt hotels infected last year with payment data stealing malware. ZDNet. Retrieved 4 March, 2017, from: https://www.zdnet.com/article/250-hyatt-hotels-infected-last-year-with-payment-data-stealing-malware/ Prince. K. (2017). 8 Ways to Prevent Data Breaches. IT business edge. Retrieved 4 March, 2017, from: https://www.itbusinessedge.com/slideshows/show.aspx?c=79585slide=9 Symantec. (2011). 6 steps to prevent a data breach. Retrieved 4 March, 2017, from: https://eval.symantec.com/mktginfo/enterprise/other_resources/b-6-steps-prevent-data-reach_20049431-1.en-us.pdf TRC. (2015). Data breach report. IDT911. Retrieved 03 March, 2017, from: https://www.idtheftcenter.org/images/breach/DataBreachReports_2015.pdf Valdetero. J Zetoony. D. (2014). Data security breaches; incidence preparedness and response. Washington legal foundation. Retrieved 03 March, 2017, from: https://www.bryancave.com/images/content/2/2/v2/2285/DataBreachHandbookValdeteroandZetoony.pdf Wattles. J. (2015). Hyatt Hotels data hacked. CNN tech. Retrieved 4 March, 2017, from: https://money.cnn.com/2015/12/23/technology/hyatt-malware/ Weise E. (2014). JP Morgan reveals data breach affected 76 million households. USA today. Retrieved 4 March, 2017, from: https://www.usatoday.com/story/tech/2014/10/02/jp-morgan-security-breach/16590689/