Cyber Attacks on Accounting Information Systems

Introduction

Accounting information systems (AIS) contain sensitive information that comprises an important pillar of a company’s financial and organizational stability and success (Hall, 2015). The data should be kept safe and out of bound for unauthorized personnel because authorized access can have devastating outcomes. For instance, it can lead to identity theft or loss of critical data that is hard to replace (Hall, 2015). One of the effects of loss of accounting data is the crumbling of the accounting department or the entire business.

Arguments have been presented as to whether companies that are victims of AIS attackers should be held liable. Some companies manipulate accounting systems for financial gain and therefore it would be important to ascertain the main reason for cyber attacks. On the other hand, it would be important to evaluate the company’s policy regarding such attacks, its response, and the security measures implemented to prevent such occurrences.

Home Depot cyber attack

In the year 2014, the largest home improvement chain in the world was attacked by hackers who stole about 53 million email addresses and compromised more than 56 million credit card accounts (Banjo, 2014). This data breach was not very severe because the data stole did not clients’ sensitive information such as account passwords or payment card information. The attackers used information stolen from a third party vendor to gain access to the company’s system and aces the sensitive data.

The information contained a password that was used to access the company’s network. In response to the breach, the company addressed a critical vulnerability in its Microsoft’s Windows operating system that had facilitated the intrusion (Banjo, 2014). The solution to the breach was provided by Microsoft Corporation. The company mitigated the attack by repairing a security flaw while the attack was underway. The fraudsters used custom-built malware programs to access client information in different locations (Banjo, 2014). The malware program had been collecting customer’s confidential information for five months before it was detected and removed.

The firm should be held liable for the losses incurred by customers because of its poor security and preventive measures as well as lack of ongoing security checks that could have identified the breach. The attackers took advantage of security flows in the firm’s operating system and the ineffectiveness of its anti-software virus that was unable to detect intrusion and data theft. On the other hand, the company had a poor system design because it used vulnerable tags to identify the 7,500 self-checkout systems that were attacked (Banjo, 2014). The breach was estimated to cost customers and the company more than $62 million in losses. It is the responsibility of companies to protect their systems using strong and breach-free methods.

It is clear that Home Depot had put in place weak security measures that allowed hackers to attack. The firm’s response to the attack was to identify the hackers’ access point, close them, and address security flaws in their operating system (Banjo, 2014). The firm should have used stronger and more complex protection methods such as data encryption, firewalls, and virtual private networks (Gehem, Usanov, Frinking, & Rademaker, 2015). In addition, it should have isolated sensitive parts of the system that were more susceptible to attacks. The company should be held liable for its failure to prioritize the security of its accounting information system and using a weak network design. It is also important to use complex network and system designs that are impervious to external attack and intrusions.

Michaels Stores cyber attack

In 2014, an arts and crafts retailer known as Michaels Store was hacked and credit card data belonging to more than 3 million customers was stolen (Harris, 2014). Investigations into the attack began a few months after Target reported a security breach that affected more than 100 million customers (Gehem et al., 2015). Before the firm identified and stopped the breach, it had been ongoing for nine months (Jayakumar, 2014). The incident increased doubts regarding the security of customers’ information and the effectiveness of companies’ accounting information systems. According to the company, the attack involved a sophisticated malware program that its security companies described as new.

The hackers were able to attack the company’s system because its security companies had never come across such a program before. The attackers targeted its point-of-sale systems and stole information associated with more than 2.6 million debit and credit cards (Harris, 2014). The company should be held liable because of its poor security measures that could not identify a security breach that went on or nine months. One of its subsidiaries (Aaron Brothers) suffered a similar attack in which 400,000 credit cards were exposed to hackers (Harris, 2014). 54 of its stores were compromised and the attack took place even after the company announced that it could have been attacked. The company responded to the breach by hiring to security firms to address the problem (Jayakumar, 2014). The attack affected many customers because they had to be reissued with new credit cards by their banks.

The company should be held liable because of its poor security measures that had been put in place. The attackers used a point-of-sale malware program and targeted payment terminals that lacked point-to-point encryption that could have prevented the attack (Jayakumar, 2014). The company’s network was poorly designed because it lacked encryption that could have prevented the attack. On the other hand, weak security measures were revealed because the attack lasted nine months. The company should also be held liable because that was not the first attack.

In 2011, the firm was attacked and customers’ sensitive information was exposed to hackers (Harris, 2014). The company did not implement strong preventive measures after the first attack. The firm should have conducted an ongoing security upgrade on its systems. An ongoing security check and upgrade could have identified and stooped the attack in its early days. In addition, applying point-to-point encryption could have been effective in preventing the attacks. Companies are responsible for protecting their customers’ private information by designing networks that are less susceptible to attacks and intrusions, and that implement preventive measures (Gehem et al., 2015).

Neiman Marcus cyber attack

Neiman Marcus is a leading retailer of luxury products in the United States. It was a victim of a cybercrime attack that affected more than 1.1 million customers. The firm’s system was under attack for several months and the hackers stole information linked to more than 1.1 million credit and debit cards (Harris, Perlroth, & Popper, 2014). Reports indicated that the malware program sued to steal data at Neiman Marcus was the same program that was used at Target. The company’s management reported that a malware program had been secretly installed into its system and had been stealing data for approximately four months before it was detected and eliminated (Harris et al., 2014).

The malware monitored the credit card authorization process and stole data during the process. The RAM-scraping malware program scraped and stole unencrypted data (Harris et al., 2014). The attack affected many customers because MasterCard, Discover, and Visa confirmed that more than 2,400 cards involved in the attack had since been used in fraudulent financial transactions at other locations (Harris et al., 2014). The firm became aware of the attack after reports from its payment processor indicated that it was encountering many unauthorized payments at the firm’s outlets.

The firm should be held liable for losses sustained by customers because the attacks could have been stopped had the company implemented an ongoing security check and upgrade of its systems. The firm’s network had security flaws because the attack went on for several months unnoticed. The company responded to the attack by hiring a digital forensics firm to investigate the issue (Harris et al., 2014). The firm found out that Neiman Marcus was a victim of cyber-security intrusion and many customer credit cards had been compromised. In addition, it informed customers who had been affected of the attack and offering credit card monitoring for a year. This response was insufficient because several credit and debit card companies reported that more than 2,400 credit cards that had been compromise din the attack had been used in illegal financial transactions after the attack (Harris et al., 2014).

Customers were not informed early enough about the attack and were therefore not able to take precautionary measures that could have prevented further use of their credit cards in fraudulent financial transactions. The company’s liability was also evident from the top management’s failure to tell the public about their system’s security flaws that facilitated the attack (Harris et al., 2014). Companies are responsible for securing their customers’ confidential information by ensuring that their systems are safe and secure. The attack came after several retailers announced that they had experienced intrusions that led to theft of sensitive information belonging to their customers. The firm should have taken cautionary measures and conducted an ongoing security check and upgrade on its systems in order to avoid similar attacks (Gehem et al., 2015).

Conclusion

Security breaches of companies’ accounting information systems have been on the rise in the United States. In the past five years, several cases of cyber attacks have been reported among some of the largest retailers in the U.S. Firms such as Home Depot, Michaels Store, and Neiman Marcus have been targets of cyber attacks. Hackers used sophisticated malware programs to infiltrate their systems and steal sensitive customer information linked to their debit and credit cards. In all these cases, hackers took advantage of flaws in the firms’ systems.

The firms were all liable because the attacks went on for several months unnoticed by their system security personnel. On the other hand, poor network designs and weak security measures were responsible for the attacks. The firms responded by hiring private security firms to investigate the attacks after they had been ongoing for several months. This shows lack of initiative because conducting ongoing security checks and upgrades is necessary especially for companies that deal with sensitive information. The customers suffered great losses because many of the credit cards were used in other fraudulent financial transactions after the attacks. It is the responsibility of firms to design secure networks and systems in order to secure their customers’ information.

References

Banjo, S (2014). . Web.

Gehem, M., Usanov, A., Frinking, E., & Rademaker, M. (2015). Assessing Cyber Security: A Meta Analysis of Threats, Trends, and Responses to Cyber Attacks. New York, NY: The Hague Centre for Strategic Studies.

Hall, J. (2015). Accounting Information Systems. New York, NY: Cengage Learning.

Harris, E. A. (2014). . Web.

Harris, E., Perlroth, N., & Popper, N. (2014). . Web.

Jayakumar, A. (2014). Michaels Says 3 Million Customers Hit by Data Breach. Web.

The Phenomenon of the Mail Cyberattacks

Introduction

Cybercrimes are the most common type of violence in the modern world. A cyberattack is a malicious, deliberately carried-out attempt by a person or organization to penetrate the information system of another person or organization (“How cyber attacks work.,” n. d.). As a rule, the hacker seeks to gain benefits by disrupting the victim’s network. Attackers seek to exploit the vulnerability of corporate systems, which leads to an annual increase in cybercrime. This paper aims to explore such a phenomenon as mail cyberattacks and research why it happens more often.

Research

Hackers usually use a completely logical scheme to steal data. First of all, an attacker gains access to one of the company’s computers using a phishing email containing a malicious PDF or Word document. Further, the affected machine will become a springboard for attackers in the corporate network. From here, the hacker will look for other vulnerabilities to move from computer to computer in search of valuable data – tables, documents, financial information, and other necessary files (“How cyber attacks work.,” n. d.). When such data is found, they export the files, which must be collected somewhere, and usually, the attacker chooses one of the user computers on the network for storage, not the server.

Article Summary

The article titled “Most email scanner ‘allow lists’ can’t catch this O365 & Gmail attack” tells about hackers who use Adobe Creative Cloud to send viral emails to Gmail and Office 365 users. The emails look like they come from a legit source; however, users receive links that lead them directly to the website created for stealing credentials. In December 2021, the malicious campaign was first identified when Adobe’s representatives managed to halt the attacks (“Most email scanners,” 2021). The hackers work in the following way: they create an image or PDF document with an embedded viral link which is then sent to Gmail and Office 365 users.

The issue is serious since numerous large corporations use Gmail and Office 365, and the attacks threaten them to steal private and valuable information. It is complicated to prevent such emails from appearing in the account since the messages from Adobe are typically scanned as allowed. The authors of the article suggest that each organization ensures high-level security systems (“Most email scanners,” 2021). Additionally, each email receiver should check the message for spelling and grammar and inspect the links more carefully.

Personal Interest

To my mind, a cyberattack is the most common technology-related concern since data stealing is the most common crime nowadays. The article is engaging in a way that, besides informing about the problem, the authors provide practical recommendations. In addition, I found out that a major cloud base like Adobe can be hacked and cause harm to other platforms’ users. This information can be used in my future IT career as a guide to avoiding hacker attacks. Moreover, it expands the understanding of how cyber adversaries act to steal data. Finally, I can use this material as a case study for conducting research on a related topic.

Conclusion

In summary, the number of cyberattacks is constantly growing, causing personal information leakage. Even the major cloud databases like Adobe and platforms like Gmail or Office 365 are not protected from any intruders. It is highly recommended not to click suspicious links or open emails from unknown senders. Ultimately, each personal or corporate device needs a top-security system in order to avoid loss of data.

References

How cyber attacks work. (n. d.). National Cyber Security Center. Web.

Most email scanner ‘allow lists’ can’t catch this O365 & Gmail attack. (2022). CyberTalk.org. Web.

Cyber-Attacks and Their Influences on Company’s Supply Chain

Supply chains can be highly vulnerable to hacking and malware attacks and, depending on the attacker’s motivation, are susceptible to actions aimed at stealing large amounts of money and disrupting business. Yeniyurt and Carnovale (2021) note that cybercriminals are unwilling to slow down the growth of cyber threats and invent new ways to steal information from individuals and organizations of all sizes. The most common cyber risks in supply chain management include data breaches, supply chain disruption, and malware attacks. Data breaches can occur through external and internal intruders. Employees, hackers, malicious competitors, and managers can leak sensitive data and personal information outside the business. Supply chain disruption occurs when a hacker or attacker breaks into an operating system or network without permission. The goal of penetration is to create havoc on the system by deleting, replicating, and corrupting data. Malware attacks can occur with the help of ransomware that blocks the computer until the company pays a certain amount of money.

One of the cyberattack tools is sending a phishing email in order to obtain information. Ghadge et al. (2020) assert that clicking on a link in an email may result in data corruption and loss. If the phishing email is successful, the company can find the username and password used externally to collect information on the system. It can lead to unforeseen competition and serious leaks that could harm the entire corporation.

The sophistication of attacks and the complexity of modern IT, using such technologies as virtualization, mobile, and cloud computing, are forcing companies to improve the protection of their information and apply defense-in-depth technologies. According to Gaudenzi and Siciliano (2018), to successfully address cyber risks, a serious cyber and IT risk management strategy is needed that considers various corporate functions. High IT security standards for networks, software, and mobile devices, staff awareness training, ongoing process optimization, and strict access rights management and guidelines help to combat the above cyber risks. In turn, cyber risk insurance is becoming a major factor in IT risk management for many companies to manage residual risks.

A cyber-attack on a company’s supply chain is not only a short-term problem, but it also has medium and long-term consequences. First, cyber-attacks lead to the loss of external information. Cybercriminals obtain information belonging to the platform’s users, which is supposed to be a secure environment. Secondly, cyber-attacks also lead to the loss of inside information. It is a serious problem for the company as its corporate information security will be severely compromised. It may suffer from the theft of internal data or confidential information that is vital to the company’s daily operations.

Thirdly, cyber-attacks lead to the deterioration of the company’s reputation. If users have their data stolen from an external platform, then they are unlikely to trust this platform in the future. Fourth, cyber-attacks lead to serious sanctions for the company. While there is no comprehensive national privacy law in the United States, there are several sector-specific data privacy and security laws at the federal level. Moreover, there are many other state and local privacy laws. Thus, the relevant authorities closely monitor companies that violate these requirements. One of the consequences of identity theft can be the recognition that the company has violated the law, as a result of which it may face multimillion-dollar fines.

References

Gaudenzi B., & Siciliano G. (2018). Managing IT and cyber risks in supply chains. In Y. Khojasteh (ed.) Supply chain risk management (pp. 85-96). Springer.

Ghadge, A., Weiß, M., Caldwell, N.D., & Wilding, R. (2020). Managing cyber risk in supply chains: A review and research agenda. Supply Chain Management, 25(2), 223-240. Web.

Yeniyurt, S., & Carnovale, S. (2021). Cyber security and supply chain management: Risks, challenges, and solutions. World Scientific Publishing Company.

Cyber Attack: “Guardians of Peace”

Less than two years ago the film studio Sony Pictures Entertainment experienced a cyber-attack, which affected the organization greatly. The hack happened in November 2014. The criminals informed the employees that they are “Guardians of Peace” (GOP), placing their name on the computer screens along with the picture of a skeleton. During this attack, a wide range of confidential information was stolen. It was claimed that all received data would be released if the company refuses to satisfy the request, which was not explained at that time and remained unknown. In the next month, GOP threatened the company and urged it to cancel the release of the film “The Interview”.

GOP said its release would be the same as a terrorist attack. Sony accepted the demand and did not let the film run on the cinema screens but allowed the representatives of the general public to see this comedy about the intention to kill the leader of North Korea in theaters and online. Intelligence officials who worked on this case tried to find out who the members of GOP were and who sponsored their actions. The research showed that North Korea was involved, but the country denied its responsibility (Peterson, 2014).

The media represents this cyber-crime as hacking. Mainly, it happens because GOP broke into the employees’ computers and received access to the personal information. However, it was not only found but also stolen, which proves that the group wanted to exploit the weaknesses of the system. It was also a theft of data with the intention of further release (in case of not meeting the request). Thus, from the very beginning, the purpose of GOP was to steal information.

The target of the discussed cyber-crime was the film studio Sony Pictures Entertainment. GOP hacked its computers with the concrete desire to steal information about the employers, employees, and their families. They even informed the victims of the act of hacking for them to realize that it was more than an assessment of vulnerability. The group was paid to stop the release of the film that was made by Sony Pictures Entertainment, and no other organization could be addressed with the same demand. Thus, there were no doubts about GOP getting to the right target.

The fact that GOP communicated their request to the employees of the company proves that hacking was committed in order to make Sony meet the demand. Except for that, the data were stolen to threaten the organization and make the request to cancel the release of “The Interview” even more critical. Thus, this firm was selected as a target, and its abolition was the only thing that could satisfy the demand. In particular, Sony made a film and was going to release it while GOP wanted to stop the process and hacked the company.

Sony’s system was not efficient enough, which allowed the attack to be successful. Alvarez (2014) paid attention to the “security vulnerabilities in the service, particularly after Sony failed to act on multiple warnings from the culprits” (par. 3). Such opinion was supported by numerous professionals, including Sanchez (2015). It was stated that Sony had not paid enough attention to Internet security and left significant data hardly protected. Its firewalls and system of intrusion detection failed to work efficiently and effectively (Martin-Vegue, 2015).

The attackers did not try to hide. They left their name – GOP – on the screens of Sony’s computers. Still, the only information initially available was that they were a group of hackers. However, it was found that they worked under the sponsorship of some individuals or organizations, but intelligence officials did not know who or what it was. The investigation showed the connection with the North Korean government, and the content of the film makes such opinion look well-grounded and decent (Peterson, 2014).

However, with the course of time, other versions were also developed. For example, Paganini (2015) reported that at the beginning of 2015 Russian hackers claimed that the attack was made by them. As North Korea does not admit their responsibility, and no authoritative evidence regarding Russia exists, the issue remains unsolved.

The fact that Sony experienced the cyber-attack and its confidential information were disclosed affected the organization adversely. First of all, it had to meet GOP’s demand and alter the designed plan of action regarding the film. It dealt with the negative impact on workers’ and clients’ perceptions of the company. It had to restore the brand and re-attract customers. The organization had to implement changes in the security system. It was supposed to assess the situation and cope with vulnerabilities.

Sony had to be able to prove its efficiency and security after the attack always because workers, clients, and suppliers would not be likely to cooperate with the organization that could not ensure the safety of the important information. The company needed to find a practice in which it exceeded the competitors to prove that it was still not only good enough to remain in the market but also was one of the leaders in the industry.

Sanchez (2015) believes that the attack could have been prevented if Sony implemented Critical Controls that provide an opportunity to reduce such risks. The organization should have conducted Gap Assessment to see its vulnerabilities and then select and implement specific controls. The attention should have been paid to data protection and encryption, wiper malware, use of administrative privileges and audit logs, and implementation of secure network engineering.

References

Alvarez, E. (2014). . Web.

Martin-Vegue, T. (2015). . Web.

Paganini, P. (2015). . Web.

Peterson, A. (2014). The Sony Pictures hack explained. Web.

Sanchez, G. (2015). . Web.

Combatting Aircraft Cyberattacks: Effect of Pilot and Crew Training

Recent times have experienced widespread aircraft cyber-attacks globally. The risks associated with these cybercrimes can be mitigated and combatted through continuous training and knowledge to the crew and pilots. With the discovery of various aircraft safety risks, the aviation industry can overcome these issues by enhancing development strategies and safety measures to strengthen their air traffic and ground operations (Federal Aviation Administration, 2017, para. 2).

The key measures developed by the federal aviation association of America involve training, empowerment, and policy development to the pilots and crew team. When the aircraft team and the pilots have trained adequately on the safety measures and cyber-attacks, there is an involvement in the delivery and efficiency of their operations. There would be a reduced time for the aircraft system due to training the crew and pilots in the aircraft operations (Raju, 2017, para. 4). Therefore, the s study focuses on evaluating the effect of pilots and crew training on combatting aircraft cyberattacks in triple R, Colorado.

Method of Analysis

Research Question

Between 2015-2020, what is the effect of pilot and crew training on combatting aircraft cyberattacks in Triple R, Colorado?

Data Collection

The Federal Aviation Administration (FAA) technical library provides a database for all the aircraft and aeronautics operations in the united states of America that can easily be searched and verified by clicking on the sites. These databases provided ensure an easy and effective search and classification of the data into various groups for easy analysis, interpretation, and presentation. Once the data has been grouped, there is a need to code them effectively through the knowledge of data coding and verification into their appropriate means for analysis and interpretation.

This study has searched data based on the aircraft cyber-attacks and pilot training within Triple R, Colorado, using the time limit between 2015-2020 as reflected in the research question. The key knowledge test expected were generated from various colleges offering such aviation courses and are registered by the FAA. Dataset was strictly on the key tests and their results based on the various colleges and institutions that offered the training. In addition, the dataset was extracted from the performance results of various courses conducted to the crew on the mitigation of frequent cyber-attacks.

These datasets arose from the aircraft operations from Triple, R, Colorado, which formed a basis for analysis of how conducting training to the pilots would affect their understanding and reduce the cyber-attacks (Daniel, 2019, para. 2). The key question the extracted data aimed at responding to is the effect of pilot and crew training on combatting the cyber-attacks experienced in most parts of the world. The involved information data for five years period between 2015 and 2020.

Data Analysis

The data was downloaded in the.XML format and imported into the SPSS program for analysis. The data was discrete since it involved measurable quantitative numerically measurable quantitative statistics. The frequencies of knowledge tests and their results were computed from various data from the colleges for both the pilot and crew training conducted. The data has been arranged in tables to show summaries of means, median, standard deviation, and variances.

The data was run using the analysis section to compare various statistics from the two sets to determine the cumulative distribution from the tables. The results from the dataset were downloaded and saved in the.SAP files, which are easily translated. Table 1 and 2 and figure 1 show the frequencies table and histogram from the analyzed data. T histogram shows the trends in the knowledge results from training the pilots and crew differently and their impact on combating the cyberattacks from the aircraft.

Results

Summary and Conclusions

This study shows that there is a general decline in aircraft cyber-attacks when training is conducted on the pilots and crew. The training knowledge imparted to the pilots and the airline crew accounts for a 78% reduction in the frequent occurrences of these incidents. Wh n the crew is well trained on cybersecurity-related issues, there would be a slow rate of cyber-attacks from the planes as there would be increased knowledge about the basic requirements of air attacks.

In addition, as the knowledge continues growing among the participants in most aviation industries globally, there is a general decrease in cyber-attacks since an organization can control most threats through knowledge acquired. These findings indicate that the continuous government and aviation industry efforts have enabled airline travel to be one of the safest transportation industries. The advanced information technology system in the aviation industry has increased safety and poses advantages in mitigating cyber security threats.

The findings from more reliable plans to mitigate the attacks as the stakeholders are empowered. Continuous training ensures reduced attacks from online sources amongst the key aviation participants. Ho ever, this study is limited since the ability of each participant to conceptualize various cybersecurity threats in detail has not been explained, and this poses a challenge in dealing with the recent attacks.

As experienced in most recent operations, the cyber-attacks involve rapid use of technology which must they must understand in detail and actions are taken appropriately. However, the dataset from FAA does not produce the results statistics of the attacks, and this becomes a problem when analyzing the degree of the occurrence of the attacks. Future studies on this area should focus more on understanding the causative factors and how to mitigate them using the most advanced technological understanding. In conclusion, this study analyzes how imparting knowledge to the aviation industry participants could reduce cybersecurity threats.

References

Daniel, P. J. (2019). Civil Aviation and CyberSecurity. Ho ey-well Aerospace Advanced Technology, 56-59. Web.

Federal Aviation Administration. (2017). Ai craft Cybersecurity: The pilot’s perspective. Aeronautics Association, 1-8.

Raju, P. (2017). Ma aging Cybersecurity Risk in Weapon Systems. Aircraft Systems Authorizing Official, US AIrforce, LCMC, 36-46.

Frequency Tables

Table 1: Pilot Training Results
Frequency Percent Valid Percent Cumulative Percent
Valid 5 1 .7 .7 .7
11 1 .7 .7 1.3
13 1 .7 .7 2.0
19 1 .7 .7 2.7
24 1 .7 .7 3.3
25 1 .7 .7 4.0
26 1 .7 .7 4.7
27 2 1.3 1.3 6.0
28 6 4.0 4.0 10.0
29 9 6.0 6.0 16.0
30 14 9.3 9.3 25.3
31 15 10.0 10.0 35.3
32 25 16.7 16.7 52.0
33 24 16.0 16.0 68.0
34 20 13.3 13.3 81.3
35 14 9.3 9.3 90.7
36 6 4.0 4.0 94.7
37 4 2.7 2.7 97.3
38 2 1.3 1.3 98.7
39 2 1.3 1.3 100.0
Total 150 100.0 100.0
Table 2: Crew Training Outcome
Frequency Percent Valid Percent Cumulative Percent
Valid 1 9 6.0 6.0 6.0
2 19 12.7 12.7 18.7
3 28 18.7 18.7 37.3
4 35 23.3 23.3 60.7
5 28 18.7 18.7 79.3
6 18 12.0 12.0 91.3
7 13 8.7 8.7 100.0
Total 150 100.0 100.0
Histogram
Figure 1: Histogram

Penetration Testing: Cyber-Attacks

Introduction

The technological landscape has been changing fast, increasing the need for mobile devices and associated applications. Mobile apps constitute a larger mobile environment that includes mobile devices, internet infrastructure, data centers, and file servers. This creates a complicated assault surface. With the expanded utilization of mobile devices with improved features such as sensors, location-based services (GPS), and near-field telecommunication, the threat landscape has grown even more (Bui et al., 2021). Institutions have started engaging in mobile application pen testing in response to the growing complexity of cyber-attacks and the significant rewards offered for mobile app defects.

Consistency Evaluation of Data-Usage Reasons in Mobile Apps

While privacy rules and regulations oblige applications and services to declare the reasons for their data collecting to users, data utilization in an app’s real operation does not always match the privacy policy’s primary objectives. The discrepancies pave the way for cyber-attacks that may be directed at mobile devices’ applications, software, or data. The authors offer PurPliance, an end-to-end autonomous system that detects anomalies between the data-usage intents declared in a privacy statement and the actual processing behavior of a mobile device app. Their main goal is to address unforeseen data collection by mobile apps.

Anomalous data usage by an app should raise an alarm because the application could be used to spy on the phone. Depending on a semantic argumentation evaluation and a classification of data-usage purposes, the system evaluates objective terms and conditions in privacy policy statements. Privacy rules and data transfer are then mined for data-usage objectives. Finally, the system employs a formal model to discover conflicts between privacy policies and data flows. PurPliance raises the F1 score of inconsistency recognition by 52% when contrasted to a state-of-the-art methodology (Bui et al., 2021). The system has improved detection precision from 19 percent to 95 percent and recall from 10 percent to 50 percent compared to a state-of-the-art method in end-to-end disagreement detection (Bui et al., 2021). In addition, the presented system detects contradictions in 18.14 percent of confidentiality and flow-to-policy discrepancies in 69.66 percent of apps, according to Bui et al. (2021). This data demonstrates significant discrepancies between the privacy user policies and actual mobile operation.

Mobile Sensors

Users’ interactions with current cell phones have been revolutionized by mobile sensors, which have improved their entire experience. However, the lack of adequate access control for monitoring these sensors opens the door to a slew of risks. Rogue apps and websites can exploit sensor data to launch a variety of attacks (Diamantaris et al., 2021). Although people tend to concentrate on direct sensor data, ads have been evaluated as one of the ways rough which attacks can be launched through a mobile device’s sensors.

The authors provide a unique attack vector that takes advantage of the advertising ecosystem to perform powerful and stealthy mobile sensor-based attacks. Because of the incorrect network access of sensor information in WebView, these attacks do not require any additional app permissions or unique user activities, and they target all Mobile applications that feature in-app advertising (Diamantaris et al., 2021). In two different attack types, intra-app and inter-app data exfiltration, motion sensor data may be leveraged to infer users’ confidential touch input, such as credit card credentials. While the former impacts only the app that delivers the ad, the other influences all Android apps on the device.

Furthermore, the authors discovered severe defects in Android’s app segmentation, life cycle monitoring, and access control systems. They were found to allow for continuous intrusions even after the ad-serving app is transferred to the background or the user terminates it. In addition, because in-app advertising can rely on privileges designed for the app’s essential operation, they can access data from protected sensors like the camera, microphone, and GPS (Diamantaris et al., 2021). The authors undertake a large-scale, end-to-end, parametric study of adverts seen in apps available on the official Android Play Store to provide a complete assessment of this developing threat. Their research shows that advertisements in public are already obtaining and leaking motion sensor data, underscoring the necessity for more stringent access control measures and isolation techniques.

Source-Tracking Technique for Encrypted Messaging

While popular messaging methods like Whatsapp, Facebook, and Messenger provide end-to-end encryption for users, the same qualities also make it difficult for messaging applications to implement any level of content moderation. Poor content control can contribute to the unfettered spread of inappropriate content on such networks, such as misinformation (Peale et al., 2021). Over the years, researchers have tried various tracking methods to identify the source of messages in an attempt to unravel fraudulent messages. The authors referred to an earlier study that used message tracking to identify the path of a forwarded message. In many cases, a forwarded message does not reveal the source of information, a significant fact leading to the spread of malicious information. Although the earlier technique was successful, its privacy guarantee and storage requirement for the platform needed improvement. Leveraging past successes and current needs, the authors developed an improved system for source tracking.

The presented system has two main contributions: privacy protection and accountability. According to Peale et al. (2021), source-tracking allows messaging systems to provide the privacy protections that come with typical end-to-end encryption. This is an important feature because almost all messaging companies have implemented end-to-end encryption systems. In addition, the source-tracking method allows users to hold fraudulent message sources accountable. This method relies on an effective source-tracking technique where the original sender can be easily identified when malicious content is reported along the chain. This introduces accountability, limiting the chances of threat penetration through forwarded messages.

Examining Mobile Ad Fraud via Invalid Traffic

As Real-time Bidding (RTB) gains popularity in programmatic advertising, invalid traffic from click farms has become a significant threat to online advertisement. It relies on a large number of real smartphones to conduct big-scale ad fraud schemes. The authors based their research on click farms to analyze the impact of fraud through invalid traffic through several techniques. In this paper, the researchers take the first step in detecting and measuring click farm-based invalid traffic on a wide scale (Sun et al., 2021). Their research begins with an assessment of the device’s characteristics using a real-world categorized dataset, which provides a set of characteristics that identify fraudulent gadgets from benign ones.

They develop EvilHunter, a method for identifying malicious devices via ad bid request records, with an emphasis on grouping fraudulent devices, based on these criteria. The proposed system works through various techniques to identify and categorize fraudulent gadgets. First, the researchers employ a classifier to differentiate between fraudulent and benign devices. Second, devices are grouped relying on app usage patterns, and, lastly, re-label devices are in groups using the majority vote. On a real-world-labeled dataset, EvilHunter achieves 97 percent precision and 95 percent recall (Sun et al., 2021). The proposed method leads to the discovery of many cheating tactics used by fraudulent clusters by studying a super click farm.

Security Guarantees for Decentralized Group Communication

Secure group messaging technologies that provide end-to-end encryption for team communication must deal with three main challenges. First, they should address the issue of mobile devices going offline often. Second, they should consider the frequency of group members being enrolled and withdrawn, and lastly, handle the danger of device breaches during long-term chat sessions. Existing research focuses on a core network architecture in which all communication is routed through a central server trusted to maintain a constant total order on group state modifications (Weidner et al., 2021). The authors adopt homogeneous network communication for distributed networks with no central authority in this study, defining distributed continuous group key agreement (DCGKA), modern cryptography primitive that encompasses a decentralized, secure group communication protocol (Weidner et al., 2021). This approach achieves forward confidentiality and post-compromise privacy in the event of gadget compromise.

Conclusion

In conclusion, mobile technology has become increasingly essential for communication, exposing it to a myriad of threats through cyber-attacks. Mobile devices, software, and data stored in the gadgets provide a basis for evaluating the routes followed by hackers in launching attacks on mobile devices. The researchers discussed herein have explored data use reasons, sensors, mobile adverts, and group messaging to reveal the need and methods of penetration testing for improved mobile security.

References

Bui, D., Yao, Y., Shin, K., Choi, J., & Shin, J. (2021). Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Web.

Diamantaris, M., Moustakas, S., Sun, L., Ioannidis, S., & Polakis, J. (2021). Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Web.

Peale, C., Eskandarian, S., & Boneh, D. (2021). Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Web.

Sun, S., Yu, L., Zhang, X., Xue, M., Zhou, R., & Zhu, H., Hao, S., and Lin, X. (2021). Understanding and detecting mobile ad fraud through the lens of invalid traffic. Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Web.

Weidner, M., Kleppmann, M., Hugenroth, D., & Beresford, A. R. (2021). Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Web.

Cyberattack Prevention Efforts

This post addresses the assigned scenario in a thorough manner and sheds light on its business implications. To start with, I agree that making cyberattack prevention efforts focused on improving the key target companies’ cybersecurity potentials would be a feasible strategy to pursue. Due to the recent advancements in cybersecurity technology, such as cloud-based solutions, companies involved in such cases can even work on collaborative security-enhancing solutions (Razaque et al. 1). Stopping the group as soon as possible can also become a matter of national defense due to Microsoft products’ extensive uses for governmental purposes and large-scale resource management. To de-anonymize the Lapsus$ group, it is also reasonable for the investigators to consider its members’ tendency to brag about their successful hacking attempts online. Due to imperfect coordination, sooner or later, even the most careful and skillful criminal groups commit costly mistakes that facilitate de-identification, so keeping track of their online behaviors would be a crucial priority.

The case that this post presents and the associated analysis are definitely thought-provoking and interesting to read. With this relatively new BITB phishing technique, gaining unauthorized access to users’ personal information can become easier than before, the implications of which can be far-reaching. Unfortunately, in spite of advancements in techniques for the timely identification of phishing websites, phishing remains a common concern for both individuals and organizations (Abbasi et al. 410). For business entities, its devastating consequences might be financial and reputational, and novel approaches to stop the leakage of sensitive information, including the development of the phishing funnel model, are gaining traction nowadays (Abbasi et al. 410). Therefore, I fully agree with the discovery’s dangerous nature and its potential role in facilitating other parties’ attempts at establishing phishing websites that might be even more difficult to spot.

Works Cited

Abbasi, Ahmed, et al. Information Systems Research, vol. 3, no. 2, 2021, pp. 410-436. Web.

Razaque, Abdul, et al. Applied Sciences, vol. 11, no. 17, 2021, pp. 1-21. Web.

Are Pilots Prepared for a Cyber-Attack?

Background

According to the authors’ argument, the topic of the paper is pilots’ vigilance toward cyber-attacks by applying human factors to evaluate the behaviors of pilots. The writers claim to add knowledge to the audience by presenting technology-centric elements that have brought affected aviation frameworks (Gontar et al., 2018). The key finding that contributes to the body of knowledge is increased incidents of cyber-attacks using cell phones and computers in private and public perspectives. The authors want to enlighten the reader about cyber-crime that has affected many aircraft due to pilots’ faultiness in their duties. The research objectives include exploring whether cyber-attack relate certainly to pilots’ tasks. The other objective is to investigate whether cyber-attack cautions attenuate the attack’s effects on pilot workload.

Summary Leading to Conclusion

The author’s make their arguments based from the data about the increased rates of attacks on civil aircraft by distracting adversary computer systems and networks in aviation during fly-by-wire management systems. The article is an empirical study since the study uses direct and indirect observation and experience to test the hypotheses. As depicted in the introduction, the theoretical background is majorly influenced by the rise of attacks on civil aircraft by distracting adversary computer systems and networks in aviation during fly-by-wire management systems. The hypotheses are listed and follow the literature review since they discuss cyber-attack influence on pilot’s visual information and acquisition of data through effective and secure strategies (Verleye, 2019). Methods used in this paper include the test design and the use of samples and dependent measures to satisfy the study’s objectives. A sample of 22 pilots aged 25-63 years participated in the study to ensure there is effective accumulation of information to the area of study.

The models used follow the theory discussed since authors have discussed scenarios basis, eye-tracking systems, and flight information procedures, all being elements that have contributed to the possibility of cyberattacks. The findings from statistics showed significant effects of the cyber-attacks in all perspectives, but the notable one being strong interaction (Gontar et al., 2018). Additionally, cyber-attacks increase pilots’ workload, such as alarms and engaging activity that lead to an eased environment in manipulating aircraft data. Conclusions follow the findings due to allegiance to cyber-attacks influence on pilots’ workload, system trust, and acquisition strategies that show pilots’ behavior while working.

Critical Evaluation

The strengths of the article are that authors attributed most of their points to various sources. The paper is well-organized in paragraphs and shows transition to the new ideas. Their work has conceptual advantage to the reader due to the focus on aviation security. The article’s sample used is phenomenal towards getting enough information. However, their study lacked a literature review that could be a basis of the argument from the gaps left. Many people have written about aviation security by specifically touching on techno-centric variables contributing to the attacks. The article has many citations, which questions the reader about the authenticity of reviewing all the sources and getting relevant information (Verleye, 2019). Despite the authors alleging that researchers have ignored human workers’ reaction behaviors to the cyber security methodology, they have not given clear indication to on the available gaps for further study.

The sample used does not represent all the required targets. Thus, the sample number is low as it should have included other people in the cabin crew serving in various technical areas for aircraft (Gontar et al., 2018). Additionally, the sample does not give the roles under which the population used worked, making the study have reliability issues. There are sensitive issues such as system management of aircraft that need to be analyzed in length to navigate other possible traits that help the reader understand the pilots’ behavior while on duty. There should be mention of protective strategies that use modern applications in securing aircraft while in operation. Thus, the paper is enriching in terms of aviation security matters but requires further exploration to reduce research gaps.

References

Gontar, P., Homans, H., Rostalski, M., Behrend, J., Dehais, F., & Bengler, K. (2018). . Journal of Air Transport Management, 69(8), 26-37.

Verleye, K. (2019). . Journal of Service Management, 30(5), 549-576.

Cyberattacks from Nation-States and Cybercriminals

Introduction

Cyberattacks from nation-states and cybercriminals have affected the world by interfering with critical messages and information. Spear-phishing, fake personas, and bogus company profiles are some means that nation-states and cybercriminals use to conduct cyberattacks. The cyberattacks relate to infrastructure, military security, and businesses, and the nation-states and cybercriminals use them to distort critical messages for decision-making in these institutions. In businesses, cybercriminals may use their ability to embezzle themselves into the company’s supply chain by counterfeiting information and websites. The Computer Fraud and Abuse Act provides guidelines and laws that protect firms from intrusion by restricted audiences through hacking. This report extracts information about the advanced cyberattacks from nation-states and cybercriminals. It also discusses approaches to discover stealth, hidden and obfuscated attack vectors that can be hidden in regular data infrastructure, including servers, workstations, and the operating systems and applications within those devices.

Effects of Cyberattacks

Nation-states use cyberattacks to create tension in the victim states by altering the security systems. The nation-states’ attacks relate to infrastructure, military, and businesses that result in unprepared decision-making or failure in operation. The attacks may be through complex technological systems or, at times, simple processes. Cybercriminals prefer to use social engineering techniques to trap the target audience in contributing to information leakage. They use social media platforms to send spear-phishing emails and websites that are attractive to the recipient. The recipient opens the phished emails, not knowing they are exposing themselves and their organization to the risks of information loss. Information integrity and protection should be critical areas for consideration and emphasis for all organizations. Companies must educate their employees on how to take caution and alarm in cases of susceptible intrusion.

Cybercriminals and nation-states participate in cyberattacks to influence public opinion and create military espionage while manipulating critical government decision-making processes. Enemies may use cyberattacks to propagate rumors about the organizations and ruin their reputations. Influencing crowds to hate a country’s leadership causes conflict, leading to an unbalanced reaction. Similarly, foes may use cybercrimes to interfere with a country’s security and military systems by relaying incorrect information to the controllers. The hackers also steal data from the victims without permission causing a loss in the reliability of the data. In business, propagators of cybercrimes may conduct attacks to inflate infrastructural assets and steal trade secrets. The process causes commotion within the organization and may result in business failure to conduct market operations.

The SolarWinds and Marriot Data Breach Cases

Countries may attack particular organs of their neighboring countries by stealing critical information surrounding their security systems businesses and interfering with critical events like elections. Such breach of cyber rights disrupts victimized countries and contributes to the loss of crucial files. The process is costly for the affected firms since there are many inconveniences as the firms have to shift their attention to retrieving their files and trying to secure their systems from similar attacks. In the recent past, the United States, through the Solar Wind company that develops software for businesses and government agencies, experienced a cyberattack in 2020. The breach existed for several months without causing alarm until mid-December of the same year. Donald Trump, the former president of the United States of America, blamed China for the attacks (Jaworsky &Oiaoan, 2021). However, other government agencies later blamed the Russian government for the breach. The initial lack of accurate information on the propagator indicated that cyber attackers and nation-states prefer being incognito rather than public.

Another significant incidence of cyberattack was the Marriot Data breach in 2014 which was not discovered until 2018 when an internal security tool identified suspicious access into the guest reservation data for Marriot Starwood Hotels. The alert escalated to demand better investigations that discovered that the hotel’s database was under siege before Marriot’s takeover in 2016 (Sanger, Perlroth, Thrush & Rappeport, 2018). The breach led to the theft of customers’ information from contacts, emails, date of birth, gender, and many more. The attack attracted penalties and fines that contributed to losses in the 2018 financial period. It took a long period to notice the problems hence a more significant loss in resources and data.

Approaches to Discover Stealth, Hidden, and Obfuscated Attack Vectors

Stealth Detection

Stealth is a sub-discipline of military tactics that comprise electronic countermeasures that are difficult to detect. However, very high ultra-frequencies (V/UHF) can detect secret activities. Very high ultra-frequencies possess a similar magnitude as stealth; hence their signal is affected by a resonant that is not affected by stealth (Yener, 2018). Thus, it is easy for them to detect stealth and have gained emphasis on their application despite being of poor resolution that picked noise, including clouds and rain.

Hidden Attack Vectors

It is often difficult for businesses to detect breaching in time because some of the hacker’s tactics are too personalized, for instance, spear-phishing that sends mail to specific individuals. However, organizations should engage in practices that aid in raising the alarm in case their systems detect offenders. One way they can use to detect hidden attack vectors is to accommodate antivirus software in their operations to detect upcoming threats. Antivirus software notices many unwanted activities like malware, spyware, ransomware, and malicious emails to provoke the recipients into falling into traps.

Obfuscated Attack Vectors

Obfuscation is creating a code that is unintelligible to handle that initially gave security for applications and other computer software. However, some people use them to create malware that destroys other people’s computers by altering the coding system (Ndichu et al., 2019). Encryption, data masking, and tokenization are standard means of obfuscation hackers use to waste time for the targets and bypass code analysts. Companies may monitor obfuscated attack vectors by using a threat detection log. Detection logs contain information about all events occurring within a company’s cyber systems. Reviewing logs helps eliminate possible threats by changing the codes. Additionally, the firms may use automated monitoring systems to secure their property and monitor the employees’ behavior (Mavroeidis & Josang, 2018). The process requires one to think like the attacker to extract all the looming threats in the systems.

Benefits of Threat Hunting

Threat hunting plays a critical role in an organization since it offers protection from violators. Organizations must consider all means they can use to secure their data systems because hacking may be detrimental to their development. Businesses must protect their insider information from workers who engage in malicious activities that may leak security passwords and patterns. Threat hunting protects organizations from possible threats by attacking surface exposure. It also reduces the time between the occurrence of the threat and the response, thus reducing the impact of the damage caused on the organization. Moreover, the process facilitates a speedy and accurate response to cybercrimes (Schmitt, Kandah, and Brownell, 2019). Threat hunting exposes the company to the types of insecurities likely to occur. Thus, the business gains experience in creating an effective response team. It gives the business awareness of its weaknesses concerning cyber security techniques and uncovers the traitors within the organization. Businesses must have a cybersecurity department to conduct threat hunts to unmask previously unknown and ongoing non-remediated threats.

Conclusion

Social media platforms are the main avenues for the trending of cybercrimes because hackers send vindictive data to extract information unlawfully from the person or find a way to steal important organizational trade secrets. Besides hacking business systems, other agencies that face similar problems are government agencies that hold vital information systems regarding the country. The government has illegalized hacking and other computer fraudulent behaviors through the Computer Fraud and Abuse Act, thus ensuring controlled attacks. Organizations should work concurrently with other governmental and non-governmental agencies that aid in upholding their rights.

References

Jaworsky, B. N., & Qiaoan, R. (2021). The politics of blaming: The narrative battle between China and the US over COVID-19. Journal of Chinese Political Science, 26(2), 295-315.

Ndichu, S., Kim, S., Ozawa, S., Misu, T., & Makishima, K. (2019). A machine learning approach to detection of JavaScript-based attacks using AST features and paragraph vectors. Applied Soft Computing, 84, 105721.

Mavroeidis, V., & Jøsang, A. (2018, March). Data-driven threat hunting using Symon. In Proceedings of the 2nd International Conference on Cryptography, Security, and Privacy (pp. 82-88).

Sanger, D. E., Perlroth, N., Thrush, G., & Rappeport, A. (2018). Marriott Data Breach Traced to Chinese Hackers. The New York Times, A1-L.

Schmitt S., Kandah F. I., and Brownell D. 2019. “Intelligent threat hunting in software-defined networking,” 2019 IEEE International Conference on Consumer Electronics (ICCE), pp. 1-5.

Yener, Ü. (2018). Radar performance analysis approaches for the evaluation of radar systems (Master’s thesis, Middle East Technical University).