Professional Documents
Culture Documents
ASSIGNMENT-01
INFORMATION SECURITY
AMAAN AHMAD
SP22/BCT/004
How did it occur? According to the FBI (Federal Bureau of Investigations), the
breach began with a spear-phishing email sent to an unnamed Yahoo employee. They
further added that it is unclear how many employees received such emails however
only one click was required for the attackers to gain access to the system.
The attacker’s motive: According to the FBI (Federal Bureau of Investigations), the
attack was launched by the Kremlin Intelligence Services of the Russian government
and the Russian Cybercrime Underworld to gain access to the data and information of
important White House, government, military, banks, and casinos personnel and
institutions. The copies of the whole database were sold for USD 300,000 to hackers,
spammers, and cybercriminals.
Countermeasures: The breach happened in 2013 and 2014 however the news came
out in 2017. After this Yahoo’s business took a huge hit and it was sold to Verizon
Communications. Verizon merged Yahoo with AOL. Both Yahoo and AOL were then
merged into a new telecommunications company called Oath. The FBI reported that
Yahoo employees were not properly trained or briefed about the looming cyber
security threats, and if the company had invested in employee training and awareness
programs then the breach could have been prevented. A huge chunk of data could
have been secured by communicating with their user base regularly and asking them
for simple password resets after some time.
Impact: 100 million customers in the United States and 6 million customers in
Canada
URL: https://edition.cnn.com/2019/07/29/business/capital-one-data-breach/
index.html