Tuesday, May 5, 2020
Computer Security Breaches for OneLogin- myassignmenthelp.com
Question: Discuss about theComputer Security Breaches for OneLogin. Answer: OneLogin Security Breach OneLogin provides a single password platform for the users to access multiple application and website using single password. Technically OneLogin saves the credentials of different websites and allow user to access them by using single password that is for OneLogin and then it submit the credentials to those websites. This is a paid service, generally used by the organization and its employees. OneLogin has more than 2000 organizations as their customers who are spread among 44 countries ("OneLogin breached, hacker finds cleartext credential notepads", 2017). This covers passwords for more than 300 applications including 70 SaaS (Software-as-a Service) service providers. SaaS is a cloud computing application. Nowadays cloud computing applications are becoming trend in the organizations in order to enhancing the performance of the organization. Cloud computing like SaaS, IaaS, and PaaS are comprised of different applications, which needed more than one credentials. This led to the nee d of system like the one OneLogin is offering to the users. What was the problem? The problem was that the information that was saved in the server of the OneLogin and that server was reported to be breached. Although, the files were encrypted but even that there is possibility that the hackers who can breach the server, they could also decrypt those files. No doubt, the credentials saved by the OneLogin were very personal and could let unauthorized users to manipulate those data by accessing the websites. Those files were saved in the form of table for all the users and properly encrypted, but OneLogin had also reported that the intruders or hackers might have got access to those files by using decryption codes ("OneLogin breached, hacker finds cleartext credential notepads", 2017). This information includes banking details, transaction details made between the stakeholders and the partners of various organizations twitter passwords and many more personal and sensitive information. Any organization or individual may have to suffer a great loss by loosing such imp ortant credentials. OneLogin security was breached last year also but even that the service providers were not able to keep these information secure. Who were affected? This data breach affected all the customers of OneLogin service providers, which includes more than 2000 companies and millions of the customers. OneLogin was very loyal to the customers from the beginning but continuous data breaches forcing the individuals to be not reliable on this service ("OneLogin breached, hacker finds cleartext credential notepads", 2017). In this new world of technology everyone is moving forward towards the digital world, means almost each and every industry and organization are implementing the cloud computing for their operations and OneLogin is supporting the users by giving access to those application in better and easy manner. The data and information that were being saved on the OneLogin about the organization were also informed by the service provider that their data have also been compromised. This intrusion has affected the reputation of this service provider after the second data breach (Martin, Borah Palmatier, 2017). Previously, organizations w ere completely relied on this service but now they do not want to be the customer of OneLogin. Various individuals were also taking benefit of this service by keeping their social media and other mails credential saved at OneLogin including the bank account details and other very personal information. They were also affected by this breach. How the Attack was carried out? An external unauthorized user gets access to the server of the OneLogin by using AWS API (communication language between the applications) application programming. It was being estimated that the intruders targeted the database of the U.S. from where the security breach has been estimated to be started. The hacker used AWS language keys to get access to the servers through another service provider, which was other than OneLogins server interface (Martin, Borah Palmatier, 2017). Technically, APIs is a language that is being used for the conversation between more than one application to exchange data and information. APIs allows the developer to collect and save pre-written components of the software, so prewritten codes and the APIs both need to work together. The hackers found a way to implement this language to get access to the server and actual coding to decrypt the encrypted files. Those data were saved in the notepad format, which was in the hand of the intruders or hackers. Pr ecaution was provided to the files before uploading to the server by encrypting those files but it can buy only some time, so the OneLogin had sent letters to its users to change their credentials in order to protect the information that has been sold out already. What could have been done to prevent the Attack? There are various precautions which could have prevented this security breach, implementing by both the customers and the OneLogin service providers. Firstly, from the customer side it can be said that organization or an individual should not have completely relied on the service provider and should have kept the very very personal data to themselves. OneLogin side it can be said that it should have learned from the past attack and improved its security in more advanced manner (Hossain, Hasan Skjellum, 2017). Cyber security is a precaution that should do by keeping in mind the futures threats not the present threats. The Log management that OneLogin was using to keep the files saved should be restricted to the SAML- based authentication. If OneLogin had provided the users with an option of auto changing password, means the password that it was saving should be changed in certain interval of time could not have let it happen, after that, the hackers would have left with nothing (Chen g, Liu Yao, 2017). Ransomware Cyber Attack This was a chin cyber attack, which was increasing rapidly into the systems of the global computers. This attack was started during the duration of 12th May to 15th May 2017 (ODowd, 2017). It was named WannaCry Ransomware, as the intruders were manipulating the coding as mentioned below and asking money in-exchange of the ant-virus named double-pulsar in the form of Bit Coin Currency (Mohurle Patil, 2017). This attack was communicable that it was travelling, spreading and expanding to the whole world by using internet as the medium. It was not reported actually but approximately 230, 3000 computers among 150 countries were affected by this intrusion. What was the problem? Computer users with enabled internet were not able to access their files related to the personal business operations. For the access to those files users had to pay ransom in big amount to the hackers. The malicious virus that was being spread among the computers were technically, encrypting the files with certain unknown coding, which in result blocking the users to access those files (Pascariu, Barbu Bacivarov, 2017). Few IT experts somehow got a way to encrypt those files but after doing systems online, it was being again affected by that virus with an update. However, few of them were able to decrypt the files without paying ransom to the hackers but most of them had to pay by the fear of losing all the documents related to the organizational operations. This malicious virus was attacking the systems, which were not upgraded and running on the pirated software. Virus was coded in order to affect the mostly used operating systems like Windows 7, Windows 8, Server and Windows XP, as these operating systems were more popular and were applicable in all the organizations, hackers targeted that software. Who were affected and how? These causes severe damage in the world and damaged many computers globally. Most damaged computers were reported in the Chinese university, as most of the users were using operating system that were bought from the black market and being operated on the pirated operating systems (Collier, 2017). As reported, more than 100,000 computers were damaged by this malicious virus attack. Most of the hospitals and UK and US were also targeted, which resulted in several delay operations and surgeries and other management activities. This breached affected mainly the big corporations but also make very common persons suffered. Several federals had been also targeted like Indian and Chinese police whose systems were left not other than dust after this malicious virus attacked those systems (Millard, 2017). However, Indian police stopped the spreading of this breach by sending their systems offline. Automobiles big corporations like Hitachi, Renault were also not safe from this attack; they had also become the prey and had to pay to the intruders or because of the intruders. Russias all the big industries including, telecommunication and several others sectors. How was the attack carried out? It was being estimated that the attack was started at the London when a European citizen accessed a zip file on 12th May 2017. The virus uses that system as the host and coding let that malicious virus operate systems automatically and connected to the internet. Firstly the coding were programmed in a manner that any IT expert thinks that the virus was trying to get access to the website which was in real nowhere on the internet (Ehrenfeld, 2017). This was coded to manipulate the experts and gather more time for other coding. The primary software to make this happen was EternalBlue, which was in real, registered software created by the U.S. Agency for their espionage process. This was stolen and exposed to the market which was available online free. The intruders used this software to get access to the storage system of the computers and additional coding was made to encrypt the files (Gandhi, 2017). This encryption was new of its kind and unknown to the experts, which implies the in truders to ask ransom in-exchange of the decryption-coding anti-virus named Double Pulsar. What could have been done to prevent the attack? Following are the precautions that could have stopped this unwanted and unauthorized incident to take place and harm this much population. If the users were using the original operating system and their updated versions, it could not have let this malicious virus to make such a big damage (Gandhi, 2017). Computer system should always be kept at auto-update mode, in order to check for new updates and update the software whenever gets an internet connection. U.S. agency created that software which was the primary medium for this event; they should have warned the universe about this software and should have informed about the precautions that could have stopped it (Martin, Kinross, 2017). Microsoft was launching security patches after the attack, which they should have made available before the attack regarding such intrusions. References Cheng, L., Liu, F., Yao, D. D. (2017). Enterprise data breach: causes, challenges, prevention, and future directions.Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery,7(5). Ehrenfeld, J. M. (2017). WannaCry, Cybersecurity and Health Information Technology: A Time to Act.Journal of Medical Systems,41(7), 104. Gandhi, K. A. (2017). Survey on Ransomware: A New Era of Cyber Attack.International Journal of Computer Applications,168(3). Hossain, M., Hasan, R., Skjellum, A. (2017, June). Securing the Internet of Things: A Meta-Study of Challenges, Approaches, and Open Problems. InDistributed Computing Systems Workshops (ICDCSW), 2017 IEEE 37th International Conference on(pp. 220-225). IEEE. Hutchings, A., Holt, T. J. (2017). The online stolen data market: disruption and intervention approaches.Global Crime,18(1), 11-30. Martin, G., Kinross, J., Hankin, C. (2017). Effective cybersecurity is fundamental to patient safety. Martin, K. D., Murphy, P. E. (2017). The role of data privacy in marketing.Journal of the Academy of Marketing Science,45(2), 135-155. Martin, K. D., Borah, A., Palmatier, R. W. (2017). Data privacy: Effects on customer and firm performance.Journal of Marketing,81(1), 36-58. Mohurle, S., Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5). ODowd, A. (2017). Major global cyber-attack hits NHS and delays treatment. OneLogin (2017). Retrieved 23 August 2017, from https://oag.ca.gov/system/files/Sample%20Notice_9.pdf PASCARIU, C., BARBU, I. D., BACIVAROV, (2017) I. C. Investigative Analysis and Technical Overview of Ransomware Based Attacks. Case Study: WannaCry. Spillner, J. (2017). Exploiting the Cloud Control Plane for Fun and Profit.arXiv preprint arXiv:1701.05945. Collier, R. (2017). NHS ransomware attack spreads worldwide.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.