Page 106 - Data Science class 11
P. 106
• CEO phishing attacks: As we know that CEOs have access to confidential information in a company and also have
access to important company property, they sometimes become a target of cyberattacks. CEO phishing attack is a
cyberattack in which cybercriminals impersonate the CEO and ask employees to transfer funds from accounts, send
confidential information like that of human resource or reveal secret data.
• Misuse of USB drive: Malware carried in on a USB drive can cause a security threat to a company. Malware includes
viruses, worms, trojans, hybrids, and spyware that steals, encrypts, modifies or removes company data.
• Password attacks: Users' passwords are cracked either by guessing a possible password or through a dictionary
attack by cyber attackers. To prevent such attacks, employees must ensure strong passwords and account lockout
policy, that locks out a user after a certain number of wrong attempts.
• IP spoofing: In Internet Protocol (IP) spoofing, an attacker tries to convince a system that it is communicating with a
trusted entity like a trusted website. Therefore, the attacker provides an IP address known to the system instead of its
real IP address to gain access by breaking system's firewall.
1.6 rEaL LiFE casEs oF insiDEr attacks
Insider attacks can lead to a variety of repercussions, from fines for non-compliance with cybersecurity necessities to
the loss of customer trust. Given below are the most common outcomes of a successful attack:
Some real-life cases of insider attacks are given as examples here. They demonstrate common motivations for attacks
and sources of insider threats. These incidents also show how a single attack can cause harm to a company.
1.6.1 case #1: Employee negligence caused the Data Leakage
This is a case of Microsoft customer support database. This database contained 250 million entries, accumulated
during 14 years, that were leaked. The database contained emails and IP addresses of customers, geographical
locations and notes made by Microsoft support agents. The database remained publicly accessible for a month. The
company secured the data on the same day the breach was reported.
Since the leaked data did not contain personal information and the company immediately sealed the breach and
notified the affected users, Microsoft suffered no penalties. However, Microsoft got fortunate that the insider-caused
data breach was discovered at the end of 2019. Few days later, the California Consumer Privacy Act took effect on
January 3,2020. This law inflicted a fine of $750 for each individual hurt by a breach. Under the new law, Microsoft
could have been fined millions of dollars.
From the onset of December 2019, Microsoft deployed a new version of Azure security rules. Microsoft employees
misconfigured those rules and caused the accidental leak. Access to the database wasn’t secured with a password or
two-factor authentication. Also, the company could have limited the detection time immensely by keeping track of
user records and reviewing activity with sensitive assets.
1.6.2 case #2: compromised third-party application by marriott hotel group
The famous hotel group Marriott Jewish used to provide guest services through a 3rd party application. In January
2020, the hackers gained access to over 5.2 million records of hotel’s guests. These records contained personal
information like names, gender, birthdays, contact information, loyalty account details, personal preferences, etc.
Marriott’s security team noticed dubious activity and sealed the insider-caused security breach at the end of February
2020. The investigation of this incident is ongoing. It is reported that Marriott may face serious penalties because the
stolen data included personal information. This isn’t the first data breach investigation for the company since Marriott
is still fighting a £99 million (approximately $124 million) GDPR fine for a 2018 data breach.
104 Touchpad Data Science-XI

