Please Respond to Eric’s article discussion.
FlexBooker Attack
• What type of attack occurred? A malware attack, allowing full control over FlexBooker systems.
• Was the attacker successful in penetrating the system or network? Yes, A hacking group called Uawrongteam managed to compromise FlexBooker’s data by exploiting its AWS configuration (Sveinsson, 2022).
• What, if anything, was the attacker able to access or obtain? FlexBooker’s data breach exposed 3.7 million accounts including email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data (Sveinsson, 2022).
• What is the effect to the organization and customers because of the attack? FlexBooker had to send a notification statement out to all customers their AWS servers had been compromised. Their website was down for approximately 12 hours. According to Avital (2022), the passwords downloaded from their system were encrypted, but the encryption key was not downloaded. FlexBooker’s reputation was severely tarnished and many customers left the leaving a large financial impact to FlexBooker. Customer’s information was sold on the black market.
• What can you learn from this incident? First, how important it is to set permissions for this type of sensitive data. Second, the importance of network behavior anomaly detections tools are to detect when a certain user’s access is during off hours and larger files are transferred than usual.
• If you are the network engineer or the person in charge of the network/infrastructure/data, what would you have done differently to prevent this from happening again? To try and avoid this from happening, I would have had separate administrator login credentials for the server holding personnel identifiable information (PII). To try to prevent the attack from downloading everything it was targeting, I would have had network behavior anomaly detection in place to throw a red flag when someone was downloading more data than their account usually does. Network anomaly detection may have also thrown a red flag when that particular user was logged in off hours, for longer than usual, or logging in and out repeatedly.
References
Sveinsson, R. L. (2022, August 2). Top 10 data breaches so far in 2022 | ERMProtect cybersecurity. Cybersecurity | Digital Forensics | Crypto Investigations. https://ermprotect.com/blog/top-10-data-breaches-so-far-in-2022/
Avital, N. (2022, April 20). Five takeaways from FlexBooker’s data breach. Blog. https://www.imperva.com/blog/five-takeaways-from-flexbookers-data-breach/
BasuMallick, C. (2022, March 18). Top 10 network behavior anomaly detection tools in 2022. Business and Industry News, Analysis and Expert Insights | Spiceworks. https://www.spiceworks.com/tech/networking/articles/network-behavior-anomaly-detection-tools/