Module 1 consists of a very thorough introduction to security in general, and network security specifically. You have been exposed to many foundational topics and learned basic concepts and terminology. In this assignment you are to apply what you learned to explore how these topics manifest themselves in the real world. You will do a little research and write a short paper.
2017 was a tumultuous year (aren’t they all now!) in computing security. You are tasked with researching and summarizing the major security incidents of the year. To possibly include, but not limited to, cyber-attacks, data breaches, malware, ransomware, IoT attacks, web attacks, cybercrime, and cloud attacks, just to name a few general areas. You should report on at least 6 major indicents.
Your findings should be confined to 4-5 pages. For each event, or category of events, you should summarize their significance, cost, impact, frequency of occurrence and possibly a sentence or two that describes the technical nature of the event. Don’t necessarily write a lot of prose (you only have 4-5 pages), bulleted items will do. You could even structure the paper as a table. End the paper with an analysis of the similarities or implications of these attacks and possible predictions for 2018.
Each year in December, or early January, the trade press is awash with summaries of the past year and predictions for the next. A little searching on your part should yield a wealth of information.
This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.Question 1:
During 2017 there were numerous cyber attacks and security incidents associated with the use of information technology. It is estimated that the total number of cyber attacks targeting businesses doubled in 2017 when compared to 2016 (1).
For this assignment, I will select the six security incidents which occurred during 2017 and will present their main characteristics in the form of a table, as shown below.
In September 2017 Equifax made a public announcement that this company suffered a massive data breach. The attackers exploited vulnerabilities in open source software Apache Struts.
The company was aware of the security vulnerability but did nothing to prevent the potential attackers from exploiting it. Using this vulnerability, the attackers managed to gain control over three Equifax servers and later over 48 more which contained customers’ personal information (2).
It is estimated that this data breach could become the most expensive data breach ever with approximately $439 million worth of damage for Equifax (3).
It is estimated that 143 million customers were affected by this data breach. The full names, SSN, passport numbers and around 2000.000 credit card information were stolen from the customers during this data breach (4).
This data breach started in March 2017, and the company made a public announcement in September of the same year. Equifax wasn't aware of the attack until the end of July 2017. The attackers spent 76 days within Equifax network and collected piece by piece of information (2).
The technical description
The Equifax data breach was based on a vulnerability in open source Apache Struts framework named CVE-2017-9805 which allowed arbitrary code execution and insecure deserialization of user-supplied input in XML requests (5)...