Ransomware remains a problem every person needs to be concerned about. This type of malware strikes at any time and nobody is immune. In fact, a ransomware attack in May 2017 hit more than 150 countries and more than 200,000 victims. This includes prominent organizations such as governments and hospitals.
With Target handling the security breach as best as they could, investigators and the Department of Justice are trying to figure out how the security breach happened. Upon investigation, it is believed that “the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying merchandise…”(Reuters, 2013. p.1). Even though investigators provided the theory above, they are still unsure of how the cyber criminals were able to take so many card numbers from almost all the Target stores. The investigators and feds are still looking into how and who stol...
At the Aim Higher College there have been recently discovered malware on the campus systems that are due to many recent attacks. I used an Anti-virus protection software called AVG on the computer systems on campus and ran a whole computer scan. The results came back very quick of numbers of malware being high and medium priorities that these should not be taken lightly. Furthermore, the scan found many viruses, Trojans, and malicious software and applications.
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications.  Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. 
Ransom by definition: a sum of money demanded or paid for the release of a captive. With this, one can somewhat tell what ransomware is - a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Standing strong as one of the most destructive and profitable malware till date for the perpetrators, it is reported “Since last couple of weeks we have been seeing 500+ incidents per day of this malware. The incidents are being reported from all over India.” says Mr. Katkar, CTO of India’s leading antivirus software Quick Heal, dated early September.
The points of weakness identified in the hack on TJX included lack of encryption in processing, vulnerability to wireless attacks, vulnerable USB ports, lack of processing logs, weak compliance practices, and auditing failures. In order to minimize its risk to a hack, TJX should have followed the COBIT or COSO frameworks for cyber security. Both frameworks outline how to plan and organize company values, assess the risk, implement control activities, and maintain and monitor its system to make sure the company’s IT system is as secure as possible. Either framework would have identified the weakness TJX faced when leaving credit card information unencrypted for a time as well as storing unencrypted information. If credit cards could not be processed
Malicious code is a real danger to modern systems. Most systems nowadays do not work in isolation; they are more likely to be connected to other systems and sometimes they can even be dependent on them. Therefore an attack on one of the systems in the network is a potential attacking attempt to any other systems, with which it is interacting. Therefore, it is inevitable for any networked or Internet-connected computers to deal with malicious code attacks at some point. Businesses lose billions of dollars each year because of malicious code attacks. Responding to the attack and restoring all the data on the computers is a time-consuming and expensive task. It is a much better practice to try preventing it through organizing and maintaining effective defenses. However, it is important to keep in mind that there is no one general solution that can help to prevent all the attacks. Attackers are constantly looking for new ways to take advantage of systems’ vulnerabilities and find new ones. That’s why organizations have to not only defend themselves against existing attack methods, but also try to predict and prevent new attacking techniques. It means that computer and network security is a never-ending challenge and expense.
Security is defined in three main areas: confidentiality, integrity, and availability. Each definition takes a corner of a triangle, which is supposed to emulate a perfect security design called the CIA triad. I will refer to these elements in the recent Target breach.
Target; an easy target
The Target breach which is said to be the second-largest retail cyber-attack in history wasn’t necessarily inventive, nor did it appear destined for success, yet hackers were able to access roughly 40 million customers personal information by installing a malware into Target’s security system.1 In the days leading up to Thanksgiving 2013 the hackers installed malware in Target’s security and payments system which was designed to steal every credit card used in store at over 1,797 U.S. locations. The data breach initially disclosed in December which exposed around 40 million customer’s names, card numbers, card expiration dates, card security codes and debit card pins were recorded for the hackers to see, although the pins were encrypted. After a later review Target disclosed additional information which later was said to be that roughly 70 million more consumers had their names, addresses, phone numbers and email addresses exposed.2
What exactly is malware?
We know that the intruder stole passwords and other key access information from a vendor. This gave access to our point-of-sale terminals and install malware. The installed malware was designed to capture and store credit and...