The Analysis of Attack on PEOPLESHARZ

Question: Describe about The Analysis of Attack on PEOPLESHARZ. Answer: Introduction: The study consists of the description of the cyber attack that occurred in the PEOPLESHARZ.COM. The cyber attack can be referred to the process of attacking an information technology by the hackers for gaining the sensitive information or damaging the system. The attack happened on 21 April 2016. Background and Problem Analysis: PeopleSharz was established by two University colleagues Mark Bukerzerg and Peter Tweet who are CEO and CTO of the organization respectively. The organization was established in the year 2012. The organization achieved 1.2 million of signed-up users in 2015. The organization established itself as an strong contender in the social media industry. The organization faced the information leakage issue due to the DDoS or distributed denial of service attack. The attackers attacked the server and got hand on the consumer information in an unauthorized way. The attackers not only did steal the information but also posted the information on Pastebin. The attackers carried out the attack in such possible way that they first recognized the vulnerability of the system and then propagated the malicious code. The attackers may have initiated the attack through the botnet attack (Alomari et al. 2014). In this context the possible botnet tools and their description has been provided in detail. Scanning: The attackers make use of different methodologies, scanning, for finding the vulnerable machines in the system. The scanning can be of different types such as following. Random scanning: The attacker at first infects a machine in the system with the use of malicious code then explores IP addresses in a random manner from the IP address space (Zargar, Joshi Tipper 2013). The attacker does this in order to check the vulnerability. Hit-listing scanning: This is one of the most conventional ways of carrying out the scanning process. The attacker makes list of potential vulnerable machines and carries out the search for the vulnerable machine until they find one. After recognizing the machine they put the malicious code in the machine (Alomari et al. 2014). Topological scanning: This attack implies the methodology of recognizing the fresh targets by using the information contained in the victim machine. In this method a pre-compromised host is used for finding the URLs within the disks of the machine. Propagating the Malicious Code: There are mainly three mechanisms that can be utilized for propagating the malicious code and constructing the attack network (Alomari et al. 2012). Central source propagation: After the attackers finds the vulnerability in the system, the attackers makes use of the potential victim machine as a zombie. They attacker provide the instruction of transferring a copy of the attack toolkit from the central position to the potential victim (Vania, Meniya Jethva 2013). Back chaining propagation: In the mechanism, the attack toolkit gets transferred from the attacker to the victim machine directly. In other words, the attack toolkit that is installed in the attackers machine establishes a secure connection with the vulnerable system. The attacker for sending the attack tool uses this secure connection (Alomari et al. 2012). Autonomous propagation: In this attacking technique the attacker transmits the attack tool kit to the fresh constructed system as soon as it enters into the system (Zargar, Joshi Tipper 2013). These are the three propagation technique that the cyber attacker may have used for hacking into the system of PEOPLESHARZs system. Botnet Tools: As per the description of the attack it can be suggested that the attacker used the attacker has used the Botnet. In the following section, the description of some botnet toos that have used by the attacker has been provided. Nitol: It is a evolving DDoS Botnet family. This tool uses TCP socket for transferring for transmitting information from the victims machine (Welzel, Rossow Bos 2014). MrBlack: It is also known as Trojan.Linux.Spike.A. This Botnet is largely used by attacker for targeting the Linux platforms. Threat Analysis: Wrong Security Practices: Injection flaws: Filtering the untrusted input can result into the failure of the web server. This situation occurs when an unfiltered data is passed to the SQL server, LDAP server and browser. This kind of mistake results into loss of sensitive information and benign hijacked as the attacker can command the entities (Umar et al. 2016). Sometimes the untrusted inputs are identical as the trusted ones and the system does not differentiate it from the trusted data. Broken authentication: This issue occurs as a collection of different problems. It is essential that all the issues generates from the same source. These are some of the reasons that can result into broken authentication. If the URL contains the season id then it can be leaked in the referrer header targeted for someone else (Nagpal Nagpal 2014). The developer does not imply the rule of encrypting the passwords within storage or transit. Obtaining the access to the server can be trivial if the session id is predictable (Wichers 2013). Sometimes the developer becomes unable to fix the session. Sometime the developer creates a web server in such a way that the session hijacking becomes easy. It happens because the developer does not implement timeouts in the right way or making use of HTTP (Nagpal Nagpal 2014). Cross-site scripting (XSS): This failure can be referred to as the failure of sanitization of the fairly widespread input. For initiating the attack, a hacker provides the JavaScript tags of the web application as an input. The users browser executes unsanitized output of the input given (Shar, Tan Briand 2013). The process as easy as generating a link and convincing a user to click on the link. However, the process is not always so simple to carry out. Object references in a direct manner: This practice is one of the most conventional one. One direct object reference refers to the expose of one internal object, database or file. The biggest issue that is associated with this attack is that the attacker can offer reference of this attack. In addition, if the enforcement of the authorization is not done then carry out activities that are completely unauthorized (Levin Hovav 2013). Taken as an example, the code consists of download.php module that lets a user to download file. It is done through the use of a CGI parameter for specifying the name of the file. The developer may be lack of concentration, forgets to put the authorization to the code. The attacker makes use of this advantage for downloading any system file. Cloud Vulnerabilities: Vulnerability can be referred to as the cloud vulnerability if it consists of the following factors. It is prevalent in or intrinsic to a core cloud computing technology. The root cause is associated with significant cloud features of one of NISTs. Difficult or even impossible to implement cloud security control (Dinh et al. 2013). Is widespread in developed state-of-the-art cloud contributions. Significant Cloud Characteristic Vulnerabilities: There are mainly five cloud characteristics such as measured service, resource pooling, on-demand self-service, rapid elasticity and ubiquitous network access (Hashizume et al. 2013). In the following the vulnerabilities has been presented that is caused from one or more of these characteristics. The unauthorized access to management interface is caused mainly because of on demand self-service. The on demand self-service requires a management interface that the cloud server users can access (Erl, Puttini Mahmood 2013). The attacker take advantage of this characteristics and exploit the system. In cloud computing, the users get access to the available services and information through a network that is protected by protocols. This protocols is somehow exploited by the attacker and the attacker remains in the middle of the connection between user and cloud application (Hashizume et al. 2013). There is a huge possibility that the user may recover data that is written by the previous user, in terms of storage and memory resources. The attacker often make use of metering data that is utilized for billing as well as service delivery (Rittinghouse Ransome 2016). This metering characteristic is one of the fundamental requirement of cloud computing. In addition, the operation is conducted by the cloud server in an abstraction level. Core technology: There are some core technology vulnerabilities that are linked with cloud computing. It can be easily assumed that the cloud computing which is a virtualized operated application allows the user to escape from the crime easily. Moreover, if the attacker is an experienced one then he or she can leave no trace of his or her existence (Botero, Szefer Lee 2013). Without any trace it gets very difficult to trace back to the actual attacker. Another vulnerability that starts from the concept of designing the web application is that considering the HTTP as a state less protocol (Modi et al. 2013). It is because the designer needs to provide the web application few notion of session state. Dependencies and Critical Success Factors to the Job: The reliance is on the different stakeholders of the organization, which principally incorporates customers of PeopleSharz and the host supplier. These individuals should be met so as to gather data about their inclusion in the security break. The different stakeholders of the organization are as following. Top managerial staff: The information rupture has influenced the governing body. They feel illsuited because of the compelling oversight for the information rupture that has happened in the organization . It is particularly critical for the directorate to comprehend the lawful scene of security rupture and for giving appropriate suggestion and it must go out on a limb identified with the matter (Lienert, Schnetzer Ingold 2013). It is particularly in charge of the individuals from the board that the organization has lost its information and paying little mind to the precautionary measure, an operational and in addition legitimate faultless security program me requirements for accomplishing the objective Worker: The representatives are additionally in charge of the information rupture. It is examined subsequent to finishing the procedure of meeting that the workers of PeopleSharz does not have satisfactory information or the organization has not gave appropriate preparing to its representatives so they can deal with the site legitimately (Lim et al. 2013). Each of the workers of the association is influenced by the information rupture and consequently it is critical that achieving program must be directed so as to lessen the odds of insider dangers (Elgin Weible 2013). It is concurred by half of the organizations that representative preparing will be useful in lessening the hazard that is connected with the security break and hacking. Customers: The customers are the ones who for the most part get influenced by the security break. The private and essential information of the customers are available the database of PeopleSharz and hacking of those information represent a test before the organization (Gilson et al. 2012). The programmers hacked the site as well as posted the private information of the customers and therefore, the private information of customers is spilled. The data and information that are hacked incorporates a portion of the money related information of the clients and thus, they confronted colossal difficulties. Host Provider: The host supplier can be in charge of the security rupture. On the off chance that an information break is done from their end then they are mindful. On the off chance that it is not their blame, they too need to endure alongside the organization (Ekval et al. 2013). This is on the grounds that if the matter of the organization reduces then the matter of the host supplier will likewise have negative impact. Recommendation for PEOPLESHARZ: The suggestion for enhancing the security practices of PeopleSharz incorporates: Represent existing Laws and Regulation: A sectoral approach has been taken by the national government for the assurance of individual data. It is particularly vital for PeopleSharz to know about the structure of laws and direction and must sees how it must be connected for the business motivations behind the association. Planning of New Federal and State laws and Regulation: As the readiness, the scene of the information security is evolving quickly, it is especially critical for the organizations to remain focused top for the proposed principles and directions that are useful for influencing the matter of the organization. Numerous new laws have tremendous effect and some require more propel planning so that the organization will follow them for making it more powerful. Observing PC framework so as to distinguish any shortcoming of Third gathering contractors: Intrusions that are brought about because of hacking and malware brings about unapproved access of data that is private. Firewalls and infection assurance programming are especially compelling for controlling or determining the issues that happened because of interruptions. As cybercriminal utilize new crooks for hacking the information and data of the organization, the organizations must remain watchful by checking the PC framework legitimately, by tending to the potential vulnerabilities adequately, by against spying programming and some more. Guaranteeing Data Security practices of outsider contractual workers: Many organizations imagine that if an outsider loses its information that has a place with the organization then there is no suggestion for PeopleSharz. Under the state break warning, an outsider contractual worker who keeps up the information if an organization must tell the organization and its individual is something happens with the information of the organization. Keeping in mind the end goal to bargain appropriately with the organization, they should guarantee the insurance of information. It is especially critical to have security reviews and also theoretical arrangements that are crucial for ensuring the information of PeopleSharz. Building up an episode reaction anticipate loss of individual data of the customers: Despite of the considerable number of safety measures the information of the organization can be lost. These conditions are particularly confounded, as they require much time for appropriate examination about the security break. The methodology needs getting to the hazard appropriately, figuring out what has been uncovered and in conclusion the warnings. An effectively thought out occurrence arrange helps in separating between the organizations for making convenient notices by legitimate examination and claims. Encryption of private data: It is guaranteed by the innovation of encryption that touchy and additionally secret data ought to be utilized appropriately. It is the most vital instrument that is utilized for versatile electronic gadgets and huge delicate information that must be exchanged electronically. The normal break that is evaluated is around a large number of dollars with a specific end goal to contribute the innovation of encryption, which is one of the best savvy measures. Surveying the significance of organization's information security for giving appropriate preparing to its workers of PeopleSharz The innovation is developing quickly and consequently it is particularly vital for the organizations to alter the principles and direction according to the need. The organizations must survey their sufficiency at whatever point a change is required in business rehearses for embroiling the security of individual data. PeopleSharz must lead viable representative tanning on the approaches of the organization. Restricting the measure of individual data gathered and building up appropriate component for arranging individual of the customers: Business should gather legitimate data, which is particularly important for the motivations behind the business so as to moderate different dangers and difficulties that are connected with the security break. Managing appropriately with the touchy data of the customers is a standout amongst the most critical errands of the organizations. One of the strategies must be trailed by the organization so that the private data of the customers can be spilled and the objective can be accomplished with the assistance of a framework that will be useful in deleting, changing and destroying different sorts of information. Considering different worldwide Laws and their effect on exchange of data: PeopleSharz must consider universal information insurance and different security laws. A developing organization like PeopleSharz must embrace substantive necessity of information rupture. The organizations that exchange information to various nations must comprehend the different developing principles and directions of information change. Conclusion: It can be presumed that the information and data of the organization is hacked by the programmer because of a portion of the security tested that the organization has disregarded before. The analysts have researched the risk, which can be a purpose behind the security break. The organization has sorted out a meeting session keeping in mind the end goal to see the effect of information rupture on different partners of the organization. The customers are influenced the most as their own and in addition private information is posted by the programmer. The private information additionally incorporates a portion of the money related data of the customers, whose spillage has put the customers in different difficulties. There are a few proposal that is given in the task that would be useful for PeopleSharz for moderating the dangers. References: Alomari, E., Manickam, S., Gupta, B.B., Singh, P. Anbar, M., 2014. Design, deployment and use of HTTP-based botnet (HBB) testbed. In16th International Conference on Advanced Communication Technology(pp. 1265-1269). IEEE. Zargar, S.T., Joshi, J. Tipper, D., 2013. A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks.IEEE Communications Surveys Tutorials,15(4), pp.2046-2069. Vania, J., Meniya, A. Jethva, H., 2013. Association Rule Based Data Mining Approach to HTTP Botnet Detection. Alomari, E., Manickam, S., Gupta, B.B., Karuppayah, S. Alfaris, R., 2012. Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art.arXiv preprint arXiv:1208.0403. Welzel, A., Rossow, C. Bos, H., 2014. On measuring the impact of ddos botnets. InProceedings of the Seventh European Workshop on System Security(p. 3). ACM. Umar, K., Sultan, A.B.M., Zulzalil, H., Admodisastro, N. Abdullah, M.T., 2016. Enhanced Pushdown Automaton based Static Analysis for Detection of SQL Injection Hotspots in Web Application.Indian Journal of Science and Technology,9(28). Nagpal, N.B. Nagpal, B., 2014. Preventive measures for securing web applications using broken authentication and session management attacks: A study. InInternational Conference on Advances in Computer Engineering and Applications (ICACEA)(Vol. 2014). Wichers, D., 2013. Owasp top-10 2013.OWASP Foundation, February. Shar, L.K., Tan, H.B.K. Briand, L.C., 2013. Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis. InProceedings of the 2013 International Conference on Software Engineering(pp. 642-651). IEEE Press. Levin, B. Hovav, M.R., 2013. Lexicalized meaning and manner/result complementarity. InStudies in the composition and decomposition of event predicates(pp. 49-70). Springer Netherlands. Dinh, H.T., Lee, C., Niyato, D. Wang, P., 2013. A survey of mobile cloud computing: architecture, applications, and approaches.Wireless communications and mobile computing,13(18), pp.1587-1611. Hashizume, K., Rosado, D.G., Fernandez-Medina, E. Fernandez, E.B., 2013. An analysis of security issues for cloud computing.Journal of Internet Services and Applications,4(1), p.1. Erl, T., Puttini, R. Mahmood, Z., 2013.Cloud computing: concepts, technology, architecture. Pearson Education. Rittinghouse, J.W. Ransome, J.F., 2016.Cloud computing: implementation, management, and security. CRC press. Perez-Botero, D., Szefer, J. Lee, R.B., 2013. Characterizing hypervisor vulnerabilities in cloud computing servers. InProceedings of the 2013 international workshop on Security in cloud computing(pp. 3-10). ACM. Modi, C., Patel, D., Borisaniya, B., Patel, A. Rajarajan, M., 2013. A survey on security issues and solutions at different layers of Cloud computing.The Journal of Supercomputing,63(2), pp.561-592. Lienert, J., Schnetzer, F. Ingold, K., 2013. Stakeholder analysis combined with social network analysis provides fine-grained insights into water infrastructure planning processes.Journal of environmental management,125, pp.134-148. Lim, S.L., Damian, D., Ishikawa, F. Finkelstein, A., 2013. Using Web 2.0 for stakeholder analysis: StakeSource and its application in ten industrial projects. InManaging requirements knowledge(pp. 221-242). Springer Berlin Heidelberg. Elgin, D.J. Weible, C.M., 2013. A stakeholder analysis of Colorado climate and energy issues using policy analytical capacity and the advocacy coalition framework.Review of Policy Research,30(1), pp.114-133. Gilson, L., Erasmus, E., Borghi, J., Macha, J., Kamuzora, P. Mtei, G., 2012. Using stakeholder analysis to support moves towards universal coverage: lessons from the SHIELD project.Health policy and planning,27(suppl 1), pp.i64-i76. Ekvall, T., Sundqvist, J.O., Hemstrom, K. Jensen, C., 2014. Stakeholder analysis of incineration tax, raw material tax, and weight-based waste fee.