OCU C)ISSO A Discussion Lesson 17
- This topic has 6 replies, 4 voices, and was last updated 2 days, 3 hours ago by
.
-
Posts
-
-
-
A common cybersecurity crime that shows clear means, opportunity and motive is a phishing based data breach. In one real example, an employee received an email disguised as an internal IT message asking them to verify their login. The criminal had the means by creating a realistic spoofed website, and because of the opportunity, the employee had clicked without checking the sender and of course the motive to steal credentials and access company financial records was the endgame. Once the attacker logged in, they quietly exported sensitive data and attempted to sell it online. This crime affected the organization in several ways. Operations slowed while systems were secured, employees had to reset accounts, and the company spent money on forensic investigators. The breach also damaged trust with customers who worried about their information being exposed. Overall, one simple phishing email caused major financial and reputable harm, showing why strong awareness and training are essential.
-
Hi Carlos, this example shows how phishing can cause serious cybersecurity damage. An attacker used fake emails to steal login information and access sensitive data. The breach caused financial loss and harmed customer trust. How can organizations improve employee training to prevent phishing attacks?
-
-
In the 2013 Yahoo data breach, the attacker had a clear means, opportunity, and motive.
Means: The hacker used stolen credentials and exploited weaknesses in Yahoo’s outdated security systems to infiltrate the platform. Yahoo’s reliance on old encryption and unpatched software made it easier for the attacker to access user accounts.Opportunity: Yahoo was slow to update its security measures and lacked robust monitoring, giving the attacker an ideal chance to move through the system undetected.
Motive: The goal was to steal valuable personal data, such as names, emails, passwords, and security questions, for profit. Stolen data could be sold, used for identity theft, or leveraged to attack other accounts. The breach had significant consequences for Yahoo. Over three billion accounts were compromised, resulting in a loss of trust among users and damaging Yahoo’s reputation. The company faced lawsuits, financial losses, and a substantial drop in value when Verizon acquired it.
Wikipedia.(2013). Yahoo data breaches. https://en.wikipedia.org/wiki/Yahoo_data_breaches-
Hi, Mjulius. The attack you mentioned sounds quite dangerous to the organization. More than 3 billion accounts is a lot of information to have compromised. It truly shows the importance of maintaining good security and keeping up with any new attacks to protect users’ data, especially with bulk data like Yahoo’s.
-
-
A couple years ago Aaron Swartz decided to pull off a technological heist. Using his programming gifts and internet knowledge, he understood how to navigate through MIT’s campus network and complete large downloads. He had the means to do so from his knowledge of the internet and his previous experience with download huge amounts of files (Zimmerman, n.d.). Swartz’s motive for downloading JSTOR’s 4.8 million files was to upload them onto the internet because he believed others should access it for free (Zimmerman, n.d.). Swartz had the opportunity to do this task because of the way MIT’s security was implemented. To them, it simply looked like a suspicious amount of downloads on their system, they only thing they could eventually do was to to block most IP addresses to prevent more files from being downloaded (JSTOR, 2013). This is not an ideal protection mechanism because it hinders users’ productivity, but it eventually became necessary. Because of this, they made attempts to restore system use while also maintaining strong authentication, but even their systems could not detect some of the large downloads (JSTOR, 2013). If their system had been stronger, Swartz would have had less opportunity to do all of this.
References
JSTOR. (2013, July 30). JSTOR Evidence in United States vs. Aaron Swartz. https://docs.jstor.org/summary.html
Zimmerman, T. (n.d.). ‘Hacktivist or Thief?’: What the Aaron Swartz Case Means to the Open Access Movement. Conference on College Composition & Communication. https://cccc.ncte.org/cccc/committees/ip/ipreports/swartzcase?/-
Hi Isabelle! You make a good point highlighting how security gaps enabled Swartz actions. It shows how relying only on basic controls like IP blocking isn’t enough. Stronger monitoring, detection, and layered security could have limited the activity earlier while still balancing usability for legitimate users.
-
-
- You must be logged in to reply to this topic.
