Operating system security are techniques to ensure the Operating System integrity. There are specific steps and measures that are used for the protection of OS from treats, viruses, malwares, hacking and most importantly breaches (Marsh, 2017). Data Breach refers to the incidents where sensitive, confidential and protected information and data has been used, stolen or has unauthorized accessed and viewed the data. This data breaching concept may involve PII (Personal Identifiable Information), PHI (Personal Health Information), intellectual property or trade secrets etc. For protecting the data and information from getting hacked and protect against data breaches, cryptography techniques are studied and practiced, for securing communication in the presence of third party known as the adversaries. This is a technique of storing and transmitting data in some particular form such that only the authorized party would be able read and process the file.
In this section we are selecting the Data breach occurred in Gmail in the month of May 2017 “Massive Phishing Attack Targeted Gmail Users”. It was generally known as the sophisticated phishing scam that was targeted to gain access to the accounts by a third-party app in public Gmail accounts. The scenario was that the accounts was depicted as from the user’s trusted contacts and were notified to the individuals if they want to share the Google Doc with the malicious app(Alazab & Broadhurst, 2017). On clicking the link once the real security page of Google is opened. On reaching the security page the person was provoked to allow usage of fake Docs app of the Google such that to manage the customer’s email account.
This massive phishing attack had a prior sophistication that targeted only the Gmail users seeking for gaining control over the entire history and confidential documents that has been spread all over the other contacts. This left the millions of Gmail users to risk in phishing scam.
There the worm, that arrived in the inboxes of the users posed as emails of their trusted contact. On giving permission to the fake app these poses as GDoc that represented to manage the user account. The worm further spread itself out of the affected users contact such that others entrusting their respective contact list do the same or reproducing several times such that anytime the user gets stuck (Ryder, 2016).
Phishing trend in data breach has become one of the most easily operated breaching systems since the evolvement of the cybercriminal marketplace. Here the attackers cooperates and connects to specializing their skills in phishing kits or else sells the data to some scammers who are willing to conduct the phishing campaigns (Khosla & Dubey, 2016). These scamming are reported as increasing in the number day by day and sophistication of phishing attempts and so targets some of the specific department within the organizations. The engineering that are involved in this kind of data breaching attacks are more sophisticated and targeted. These sites or organization seeks for ongoing relationship that validates the access to the company information by building trust rather than just sending generic scams to the large number of customers of the company. Many prime businesses are targeted and face such scams. And as assumed that the technology can provide protection is generally the false one (Paté?Cornell, 2017).
As per the Google CEO, it was explained that the worm was a common one, but because of its extraordinary approach and unusually sophisticated construction there created a havoc within the millions of Gmail users. The link in the Gmail account appeared remarkably realistic and trustworthy but was made for the data breaching of the Gmail users. The worm came from someone the user already knew or from the real login system of payload manipulated Google.
It was updated from the Google that the malicious account was disabled further and pushed updated security system to the users. The exposure of this vulnerability took only an hour and was told in the news channel which reported that only 0.1 percent of the total Gmail users were affected. It has been advised that if there is any malicious act in the users profile then the user may check Google’s Security Checkup page. This helps to see if there is any third party app have granted access to the user account. In the presence of this fake Google Doc app there is a way to revoke access such that to protect the privacy of the account.
There is some Email security advised for the individual as well as for the organization since there are some obvious targets for the cybercriminals to get the access and create breaches from the email id. Some of the personal level that are meant by remaining vigilant by not disclosing the emails send from unknown users/senders, searching for padlocks and hence checking all the encrypted on sites where one enters sensitive data and not using unsecure networks. For organizations for remaining vigilant by deploying the encryption of the email wherever possible, scanning the email for malwares, spam’s and phishing and implementing the web security to block the access to identify the phishing sites (Liang, 2017).
Google puts a barrier to the scam within an hour and hence the organization eliminates almost 1 million users those who got affected by this breaching.
References
Alazab, M., & Broadhurst, R. (2017). An Analysis of the Nature of Spam as Cybercrime. In Cyber-Physical Security (pp. 251-266). Springer International Publishing.
Khosla, P., & Dubey, P. (2016). Survey Paper on Cyber Crime: A Threat to National Security. IITM Journal of Management and IT, 7(1), 62-65.
Liang, G., Weller, S. R., Zhao, J., Luo, F., & Dong, Z. Y. (2017). The 2015 ukraine blackout: Implications for false data injection attacks. IEEE Transactions on Power Systems, 32(4), 3317-3318.
Marsh, D. (2017). Are Ethical Hackers the Best Solution for Combating the Growing World of Cyber-Crime? (Doctoral dissertation, University Honors College, Middle Tennessee State University).
Paté?Cornell, M., Kuypers, M., Smith, M., & Keller, P. (2017). Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies. Risk Analysis.
Ryder, N. (2016). Cyber crime and terrorist financing.
On May 12th 2017, a cyber-attack took place known as the Ransomware WannaCry. This spread over the world beating thousands of targeted users, which included large corporations and public utilities. WannaCry is an attack on the computer system which has mainly window based operating system. It is considered as a cyber attack which hit the global market. The WannaCry is a virus (Pei et al., 2016). The main concept of the attack was that the virus would encrypt all the files and other information in the computer system and it would directly demand for ransom in order to decrypt the files. The ransom was asked mainly in the form of bit coin crypto currency. This cyber attack crippled temporarily the National Health Service hospitals and other facilities in the states of United Kingdom. Created a chaos within the British patients, created havoc in the emergency rooms, and delayed many vital medical procedures.
1. There was a prolific hacking attack called the ransomware which held the computer hostage until and unless they pay the amount to the ransom. The crypto currency is mainly a asset which is in digital form which is designed to work as per a medium which can be used as a exchange. As per it was estimated that around 230000 computers all over the world were victim of the thread which was conducted in 150 countries around the world (Nayak, Mishra & Ram, 2016). The virus was considered mainly as a network worm which has the capability of moving from one machine to another, it used EthernalBlue to exploit the window system in order to gain access over the system. The files or the system which are usually affected by the attack usually displayed a ransom note as a technique of the demand of the bitcoin (Babu & Sasankar, 2017).
2. The first attack of WannaCry was heard from the UK’s health service. This was one of the major computer systems hacking till date. This was also called the WannaCrypt.
The infected computer gets encrypted by the malicious attacker or scrambles all the information and data. The programmer puts a screen demanding for the money for getting back the access to the computer or the network. Typically as the time passes the price amount gets higher and until the end of the countdown all the documents gets destroyed. Technology innovations are taking place in very sphere and in every aspect. But it is always taken into consideration that with every technological aspect their always lies some technological risk, these risk are directly linked with the technology. The main affected parts with the virus lied in every angle that can be thought of, from big organization to hospitals to emergency services. It was reported that in major organization the virus was infected and important data was accessed (Michael, 2017). The result of the attack was the important information related to the organization was in the encrypted form. In the field of medical the hospitals equipment displayed the message of the virus and ransom was asked in order for their proper working. This affected the overall working of the machine and the overall working of the hospitals who were affected. The emergency aspect where also a affected area. The attack stagnated the overall working of the service due to the attack.
3. The attack was carried out merely by an unwanted message or attached to a downloading file. The attack would directly infect the overall data areas in the system and access the root of operating system. The file after the attack are encrypted, by which the files cannot be no longer be accessed. The access can be done by paying ransom money in the form of bitcoin (Pei et al., 2016). This could be very much critical if it is related to services where it directly related to some very important files relating to an organization or an emergency service aspect.
4. The affected company or organization by the ransomware attack could have followed some of the following steps such that to prevent themselves from further data breaches:
This implementation would enable the user to see what a word or excel file document looks like (Morehouse et al., 2017). The viewer in this aspect does not support macros as a result of which the user doesn’t have to take any consideration regarding the macros.
Conclusion
This can be concluded that that in any online payment portal is one of the most important aspects which have to deal with and the solution with regards to the problem should be achieved as soon as possible. The websites which deal with online payment usually comprise of many vital information which can to be protected. If the stated information is in the hand of any third person it could lead to a big problem. The security aspect should be considered as a main priority any aspect of technology.
References
Babu, C. M., & Sasankar, A. B. (2017). Intrusion Detection Systems for Mobile Ad-Hoc Networks. International Journal, 5(5).
Komar, M., Sachenko, A., Kochan, V., & Skumin, T. (2016, April). Increasing the resistance of computer systems towards virus attacks. In Electronics and Nanotechnology (ELNANO), 2016 IEEE 36th International Conference on (pp. 388-390). IEEE.
Michael, D. (2017). Virus Wanna Cry là gì và phòng tránh?| Michael Duy.
Morehouse, M. A., Lovecký, T., Read, H., & Woodman, M. (2017). Quantify? or, Wanna Cry? Integrating Methods Training in the IR Classroom. International Studies Perspectives, 18(2), 225-245.
Nayak, P. K., Mishra, D., & Ram, S. (2016). Attack of malicious objects in computer network under antivirus and quarantine defence. International Journal of Applied Engineering Research, 11(9), 6250-6253.
Pei, Y., Pei, H., Liang, X., & Zhu, M. (2016). Optimal control of a computer virus model with network attacks. Communications in Mathematical Biology and Neuroscience, 2016, Article-ID.
Renaud, K. (2017). It makes you Wanna Cry.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download