Page 107 - Data Science class 11
P. 107

The attackers compromised the credentials of two Marriott employees to have an access to one of the third party
            applications used by the hotel chain. Marriott cybersecurity systems did not pay attention to the suspicious activity of
            these employees’ profiles for two months. With third-party vendor monitoring and user and entity behavior analytics,
            Marriott could have detected the breach before hackers gained clients’ data.

            1.6.3  case #3: gaining a Business advantage by
                     general Electric (gE) Employees

            This was a case of stealing trade secrets of GE. As reported, two employees of General Electric (GE) stole data on
            advanced computer models for calibrating turbines the company manufactured. They also stole marketing and pricing
            information for promoting this service.

            Thereafter, one of the employees started a new company which started taking tenders in that particular field. This
            resulted in losing several tenders to the newly founded company. The case was reported by GE to FBI. After several
            years of investigation in 2020, the insiders were convicted of their crime and sentenced to prison time and $1.4 million
            in restitution to General Electric.

            GE employees downloaded thousands of files with trade secrets from company servers and sent them to private email
            addresses or uploaded them to the cloud. One employee also convinced a system administrator to grant him access
            to data he wasn’t supposed to have access to.

            On the top of it, none of these malicious actions generated a response from the GE cybersecurity system. Deploying
            access management and user activity monitoring solutions could have helped GE detect intellectual property theft in
            time and accelerate the investigation by gathering proof.

            1.6.4  case #4: case of Purposely Damaging cloud
                     infrastructure of cisco by its Former Employee

            WebEx by Cisco is the leading enterprise solution for video conferencing, online meetings, screen share, and webinars.
            One of the former Cisco employee illegitimately gained access to company’s cloud infrastructure. He generated a
            malicious code, by virtue of which 456 virtual machines were distorted. Due to this, 16000 users of WebEx could not
            access their accounts for two weeks continuously.

            The company had to spend approximately 1.4 million dollars in employee time for auditing as a consequence of
            this event. The company audited their infrastructure and fixed the damage but the company had to pay a total of
            $1,000,000 as compensation to the affected users.

             The incident happened back in September 2018. The case has not yet been resolved in court (as of December 2020).
            The attacker may face up to five years in prison and a fine of $250,000.

            1.6.5  case #5: scamming of viP Users by Phished twitter Employees
            In July 2020, some profound hackers gained access to 130 private and corporate Twitter accounts. The account had
            more than a million followers each. They were indulged in 45 different accounts to promote Bitcoin business. The list
            of hacked accounts included some of the personalities of international repute— like Barack Obama, Bill Gates, Jeff
            Bezos, Elon Musk, Michael Bloomberg, Apple, Uber.
            As a consequence of this, Twitter’s stock price fell by 4%. The company no longer released its new API in order to
            update security protocols and spread employee awareness on social engineering attacks.
            Twitter employees suffered due to a chain of spear phishing attacks. Hackers contacted Twitter employees working
            from home and introduced themselves as Twitter IT administrators. They even asked for user credentials and this
            is how they gathered information on company employees. Using these compromised accounts, the attackers then
            gained access to administrator tools. With these tools, they reset the accounts of famous Twitter users, changed their
            credentials, and tweeted scam messages.


                                                                                        Ethics in Data Science  105
   102   103   104   105   106   107   108   109   110   111   112