The information taken can be used by attackers to perform credential stuffing attacks. According to OWASP, credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. Many daily users have the same or similar username/password combinations for multiple accounts, which makes this type of attack somewhat successful. The attackers can use that information to gain access to credit card, bank accounts, and even hotel and airline loyalty points to bundle and sell on the dark web (Snider & Weise, 2016). The Yahoo breach reinforces the need for users to utilize varied passwords for their online accounts, and to reset them frequently. It is unfortunate that large companies like Yahoo are vulnerable to attacks in this day and age, but it proves the point that no one is safe, and we as the user base need to take additional steps to ensure the privacy of our information.
OWASP. (2015). Credential stuffing. OWASP. Retrieved April 24, 2017, from: https://www.owasp.org/index.php/Credential_stuffing
Snider, M. & Weise, E. (2016). 500 million yahoo accounts breached. USA Today. Retrieved April 24, 2017, from:https://www.usatoday.com/story/tech/2016/09/22/report-yahoo-may-confirm-massive-data-breach/90824934
2. I found an article that listed various cybercrimes, so I chose one of them to focus on. It does not give a year at which it happened, but it does say a few days before Thanksgiving. Apparently a woman fell victim to a ransomware attack via “CryptoWall, an encryption malware so powerful it is technologically impossible to break open” (Cucu, 2016, para. 3). In further research of CryptoWall, I discovered that the Trojan usually comes from spam emails, malicious ads on sites, or as a payload from other malware (Symantec, 2014). This Trojan requires a decryption key to be entered, which is only provided by the attacker if the appropriate conditions, usually monetary payment, are met within a given timeframe. In the case of the woman in focus, she was required to pay $500 within the first week or $1000 by the second week. Most unfortunately for her, since the attack occurred around Thanksgiving, banks were closed and she was unable to meet the first week time requirement. Apparently the attacker had a soft side and allowed her to pay the $500 on the second week to get her files back.
Ransomware, I think, is an underrated attack form. It is reported that “an estimated $150 million” is being netted, a year, through ransomware (Boatman, n.d., para 2). Thankfully, I have not fell victim to such attacks, but I do think such a situation would be rather frightening.
Boatman, K. (N.d.). Beware the Rise of Ransomware. Retrieved from https://us.norton.com/yoursecurityresource/detail....
Cucu, P (2016, November). These True 12+ Internet Crime Stories Will Make You Care About Cybersecurity [Updated]. Retrieved from https://heimdalsecurity.com/blog/12-true-stories-that-will-make-you-care-about-cyber-security/
Symantec. (2014, September). Ransom.Cryptowall. Retrieved from https://www.symantec.com/security_response/writeup...