1. Cybercrime has been steadily increasing over the past few years, and in 2014 Yahoo suffered one of the largest breaches ever in terms of user accounts (Snider & Weise, 2016). The theft of at least 500 million accounts which may have included ?names, email addresses, telephone numbers, dates of birth, and in some cases, encrypted or unencrypted security questions and answers? (Snider & Weise, 2016). Yahoo thinks that this breach may have been due to a hack from a state-sponsored actor, Peace, who was allegedly selling Yahoo account information on the dark web (Snider & Weise, 2016). This breach is concerning not only because of the amount of accounts that were attained, but also because of the type of information that was taken.
The information taken can be used by attackers to perform credential stuffing attacks. According to OWASP, credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. Many daily users have the same or similar username/password combinations for multiple accounts, which makes this type of attack somewhat successful. The attackers can use that information to gain access to credit card, bank accounts, and even hotel and airline loyalty points to bundle and sell on the dark web (Snider & Weise, 2016). The Yahoo breach reinforces the need for users to utilize varied passwords for their online accounts, and to reset them frequently. It is unfortunate that large companies like Yahoo are vulnerable to attacks in this day and age, but it proves the point that no one is safe, and we as the user base need to take additional steps to ensure the privacy of our information.
OWASP. (2015). Credential stuffing. OWASP. Retrieved April 24, 2017, from: https://www.owasp.org/index.php/Credential_stuffing
Snider, M. & Weise, E. (2016). 500 million yahoo accounts breached. USA Today. Retrieved April 24, 2017, from:https://www.usatoday.com/story/tech/2016/09/22/report-yahoo-may-confirm-massive-data-breach/90824934
2. I found an article that listed various cybercrimes, so I chose one of them to focus on. It does not give a year at which it happened, but it does say a few days before Thanksgiving. Apparently a woman fell victim to a ransomware attack via ?CryptoWall, an encryption malware so powerful it is technologically impossible to break open? (Cucu, 2016, para. 3). In further research of CryptoWall, I discovered that the Trojan usually comes from spam emails, malicious ads on sites, or as a payload from other malware (Symantec, 2014). This Trojan requires a decryption key to be entered, which is only provided by the attacker if the appropriate conditions, usually monetary payment, are met within a given timeframe. In the case of the woman in focus, she was required to pay $500 within the first week or $1000 by the second week. Most unfortunately for her, since the attack occurred around Thanksgiving, banks were closed and she was unable to meet the first week time requirement. Apparently the attacker had a soft side and allowed her to pay the $500 on the second week to get her files back.
Ransomware, I think, is an underrated attack form. It is reported that ?an estimated $150 million? is being netted, a year, through ransomware (Boatman, n.d., para 2). Thankfully, I have not fell victim to such attacks, but I do think such a situation would be rather frightening.
Boatman, K. (N.d.). Beware the Rise of Ransomware. Retrieved from https://us.norton.com/yoursecurityresource/detail….
Cucu, P (2016, November). These True 12 Internet Crime Stories Will Make You Care About Cybersecurity [Updated]. Retrieved from https://heimdalsecurity.com/blog/12-true-stories-that-will-make-you-care-about-cyber-security/
Symantec. (2014, September). Ransom.Cryptowall. Retrieved from https://www.symantec.com/security_response/writeup…
Needs help with similar assignment?
We are available 24x7 to deliver the best services and assignment ready within 3-12hours? Order a custom-written, plagiarism-free paper

