***The Assignment Guidelines is In Word Doc.***
***Read the Guidelines Carefully***
***Check The PDF File to make sure NOT to use one of the cases***
CSIS-3001 – Introduction to Cybersecurity OBJECTIVE & PURPOSE: The purpose of this assignment is to be able to: Identify a data breach incident from news media and provide an overview of the case; Analyze common security failures and identify specific cybersecurity principles that have been violated; Given a specific scenario, identify the cybersecurity principles involved or needed to increase the cybersecurity posture; and describe appropriate measures to be taken should a system compromise occur (Business Continuity Plan). DESCRIPTION OF ASSIGNMENT:
Your assignment will be to first to identify and conduct investigation using (Google, news report, government report, and any other valid source) into a data breach incident of an organization in the past several years. *** NO CASE That will be and/or was reviewed during class will be accepted (Check the PDF File) Ensure you select new case, not one covered in class. Assignment done on cases covered in class will get immediate zero*** · Data Breach Overview: Provide an overview of the data breach incident you selected, the organization that it occurred in, and indicate if any prior data incidents occurred in that organization previously (Use references to support your claims). FORMAT: All text in the proposal should be word-processed (letter or correspondence-quality font), New Times Roman or Calibri, 12 point, double space and standard margins. The body of the proposal should be 5- to 7-pages long (not including title page, Table of Contents, Reference List). GRADING AND RUBRIC: This case will be graded out of 100 points. This assignment will weight 10 points of your final grade. Does not meet standard Nearly meets standard Meets standard Title page Total mess, nothing is there Few required items there All required items there and looks professional TOC page Total mess, nothing is there Few required items there All assignment sections noted, page numbers indicated, and looks professional Overall layout Total mess Few required items there Assignment looks highly professional Data Breach Overview Not found Few required items there Section noted in a professional appearance with proper APA citations Cybersecurity Failures Not found Few required items there Section noted in a professional appearance with proper APA citations Cyber Risk Management Not found Few required items there Section noted in a professional appearance with proper APA citations Business Continuity Plan Not found Few required items there Section noted in a professional appearance with proper APA citations Conclusion Not found Few required items there Section noted in a professional appearance with proper APA citations References Not found Some references appear and not fully in APA All references appear and follow closely APA Filename Not per guidelines Few required items there Fully following the filename guidelines DEADLINE: The assignment is expected to be completed by the deadline February 25th, 2022 SUBMISSION: Please submit the assignment in MS Word format ( x) to the Canvas Assignments Dropbox. A direct link to Assignment Dropbox is provided in the course menu bar on the left. |
2
/
1
0/2
2
CSIS
3
001 – Intro to Cybersecurity
ATM Hack of
2013 = $
4
0M
…in
8
hrs
1
1
Learning Objectives:
By the end of this session, students should be
able to:
• know business device intrusions, specifically
when it relates to ATMs
• be familiar with some of the cyber-physical
challenges with ATMs and other business
devices
• learn how cyber criminals are collaborating to
conduct advanced cyber attacks
2
2
1
2/
10
/
22
What’s an ATM?
• Automated Teller Machines (ATM)
• “Bankomat
”
3
What’s an ATM (Cont.)
4
4
2
2/10/22
ATMs Attacks
5
5
ATMs Attacks (Cont.)
6
Source: https://www.youtube.com/watch?v=uKcFgCCwwZ8&feature=youtu.be
6
3
2/10/22
From the Media…
• December 20
12
and February 2013, a cyber-ring
of criminals, operating in more than 24 countries
• $5 million was stolen around the world on
December 21, 20
12
• Additional $40 million was stolen on February 1
9
,
20
13
• Almost 3000 ATMs in New York City in a matter of
hours
• Hackers coordinated with cells on the ground to
carry out a precise, sophisticated attack
• Total over $45 million global ATM heist
7
7
From the Media… (Cont.)
• Yonkers NY working-class
– Three worked as bus drivers for special-needs
children
– Two worked at Kmart
– Another delivered pizza for Domino’s
• Required ”very very low skills” by operators
• Cyber-ring CC: An organization in Russia
involved in money laundering
• Trips to meet in Bucharest (Romanian capital)
8
8
4
2/10/22
From the Media… (Cont.)
9
9
From the Media… (Cont.)
10
10
5
2/10/22
From the Media… (Cont.)
• Far-reaching and best-coordinated cyber-
attack
• Using data stolen from prepaid debit card
accounts
• MasterCard
alerted
USSS
11
11
From the Media… (Cont.)
12
12
6
2/10/22
13
From the Media… (Cont.)
“
”
Source:
13
Attack Overview
14
Credit-card
processing company
• Visa and MasterCard
prepaid debit cards DB
• Secured 12 account
numbers for cards issued
by the Bank of Muscat in
Oman (Middle east)
• Raised the withdrawal
limits
Cashing crews
14
7
2/10/22
Anatomy of the ATMs Breach
15
15
Inside ATM
16
16
8
2/10/22
Inside an ATM (Cont.)
17
17
Inside an ATM (Cont.)
18
18
9
2/10/22
ATM Hack – Closer Look
19
19
ã 2022- -Dr. Yair Levy , College of Computing and Engineering (
Hacking ATM via SMS
20
20
10
2/10/22
41 ATMs in Taiwan in July 2016
21
21
22
ATM Hacking Mitigation
• Use of geo-location + face recognition → 2FA
22
11
2/10/22
23
ATM Hacking Mitigation (Cont.)
• Multibiometrics ATMs
23
• Questions?
• Discussion
24
CYBERSECURITY
Everyone’s job!
24
12