A Denial of Service (DoS) attack can be committed using the ping commands we learned last week. By sending numerous large request packets to the target, the target network must respond with the same number of packets. This disrupts normal traffic to the target network. When more devices are part of the attack, it becomes a distributed denial-of-service (DDoS) attack. (NetScout, para 1).
Two Security Incident types stand out to me, as they have recently had some high-profile cases, Social Engineering and Security Holes / Vulnerabilities. Both incidents can have widespread effects, damaging systems, company’s public images, and depending on the victim, leading to loss of revenue or personal finances.
While not a Cyber Attack, Social Engineering can be the catalyst to a wide-open door for a Cyber Attack. Using persuasion psychology tactics, the bad actor will attempt to gain access to a network by conning a target to lower their guard, trust them, and perform unsafe actions against their knowledge. (Cisco, para 1). The vulnerability in this case is human error. It can largely depend on the target's trusting nature and lack of knowledge and can be damaging if no mitigative measures are in place. Some mitigative steps can be multi-factor authentication and consistent training for the organization to notice when someone is attempting to socially engineer them (Cisco, para 2).
This month, a significant breach happened at the MGM Resort in Vegas, supposedly due to a Social Engineering incident. A group called Scattered Spider is alleged to be responsible for the breach; in an interview with Financial Times, someone claiming to be a member claimed that they called MGM’s IT help desk and used information found on an employee's LinkedIn, were able to convince the support agent to obtain credentials (Morrison, para 7). They then used malware called Ransomware to hold the network hostage (Morrison, para 6). MGM shut down its systems and went into manual mode for several days to protect its data and handle the attack (Morrison, para 2). While the total damage and actual cause has yet to be seen, this may be a large cyber-attack stemming from Social Engineering.
Another security breach can be due to Security holes or vulnerabilities, which bad actors can use to breach the security of systems. Banner Health recently reached a $1.25 million settlement due to a data breach of patient information (Innes, para 1). This breach was because of vulnerabilities in their system, as hackers gained access to their food and beverage payment system and then moved to other servers containing ePHI (Innes, para 10).
Computer systems can be vulnerable to Security Holes because they can be penetration points for Bad Actors to gain access to systems and steal information, commit ransom attacks, and other ill-intentioned misdeeds. To prevent security holes in computers, it’s recommended to keep your operating system updated to the newest version (Vahid et al. ch, 8.1). It is also recommended to have a firewall to block unauthorized communication from a computer (Vahid et al. ch 8.3).
References
Cisco. (n.d.). What Is Social Engineering? https://www.cisco.com/c/en/us/products/security/what-is-social-engineering.html
Innes, S. (2023). Banner Health paid $1.25 million to resolve federal data breach probe.
AZCentral. https://www.azcentral.com/story/money/business/health/2023/02/04/banner-health-paid-1-25-million-to-resolve-federal-data-breach-probe/69871530007/
NetScout. (n.d.). ICMP Flood DDoS Attacks. https://www.netscout.com/what-is-ddos/icmp-
flood#:~:text=An%20Internet%20Control%20Message%20Protocol,echo%2Drequests%20(pings).
Morrison, S. (2023). The chaotic and cinematic MGM casino hack, explained. Vox.
https://www.vox.com/technology/2023/9/15/23875113/mgm-hack-casino-vishing-cybersecurity-ransomware
Vahid, F., Lysecky, S., Wheatland, N. (2019). TEC 101: Fundamentals of Information Technology & Literacy. Zyante Inc.
