01-135202-037

Bahria University, Islamabad Campus

Department of Computer Sciences
Information Security
Assignment-3
(Spring-2022 Semester)

Course: Information Security Date: 30-05-2022

Summited Date: 07-06-2022
Faculty’s Name: Dr. Kashif Naseer Qureshi Max Marks: 10

NAME MARYAM KHALIL

ENROLL 01-135202-037
CLASS BSIT-4A

Q. No. 1. Discuss the following 5 recent Cyber Attacks

1. Proxy Logon Cyberattack
Proxy Logon is known as a pre-authenticated vulnerability. This means an
attacker does not need to log on or complete any sort of authentication process to
execute code remotely, Proxy Logon is the name that was given to Microsoft
vulnerability number CVE-2021-26855. The Proxy Logon attack can be used against
unpatched mail servers running Microsoft Exchange Server 2013, 2016 or 2019 that
are set up to receive untrusted connections from the outside world. This enables
threat actors to execute commands on unpatched, on-premises Exchange Servers
by sending commands across Port 443. Proxy Logon is known as a pre-
authenticated vulnerability. This means an attacker does not need to log on or
complete any sort of authentication process to execute code remotely
The best thing that organizations can do to protect themselves against this exploit
is keep their systems updated with the latest patches. They should also avoid
making Exchange Server directly accessible from the internet
01-135202-037

2. Facebook Cyberattack

cyberattack is any offensive maneuver that targets computer information

systems, computer networks, infrastructures, or personal computer devices.
Cyber attackers stole data from 29 million Facebook accounts using an automated
program that moved from one friend to the next, the social media giant has
revealed. But the company said that was less than the 50 million profiles it initially
reported after investigators reviewed activity on accounts that may have been
affected. Facebook said it would message affected users over the coming days to
tell them what type of information had been accessed in the attack.

Cyber security specialist Jake Moore said there is a “chance” the issue
could be related to a cyber attack.

He told the PA news agency: “There have been many reports and I’m
struggling to find out exactly what has happened - I’m reading it could be
DNS related, which means there is an issue with the connection not
knowing where to go to your device.

That’s when Facebook (META) reported on tweet that

We’re aware that some people are having trouble accessing our
apps and products. We’re working to get things back to normal
as quickly as possible, and we apologize for any inconvenience.
3:22 AM · Oct 5, 2021

3. Poly Network Breach

Launched in August 2020, Poly Network is a cross-chain protocol that enhances interoperability
between homogeneous and heterogeneous blockchains. The network focuses on fixing chain
data issues involving transactions, security, and trust.
01-135202-037

Cryptocurrency platform Poly Network was hit with a major attack last week which
saw the hacker, or hackers, make off with more than $600 million worth of tokens.

In a bizarre twist, the hacker has now returned most of the stolen money but is
withholding more than $200 million of the funds until “everyone is ready.”

Poly Network promised the hacker a $500,000 bounty for the restoration of user
funds, and even invited them to become its “chief security advisor.”

After a hacking theft of more than $600 million in early August, Poly Network reports it has
regained control of all stolen assets. The hacker, who Poly Network refers to as “Mr. White Hat,”
began returning assets shortly after the hack, before withholding the private key necessary to
unlock access to those assets. Poly Network has also offered a bounty to the hacker worth
$500,000. Poly Network isn’t a crypto exchange or digital wallet platform. Instead, it helps
facilitate crypto transfers between different cryptocurrencies’ blockchains. This can help people
use their cryptocurrency across different networks. “We are in the process of returning full asset
control to users as swiftly as possible,” Poly Network wrote in its latest update. But recovering
stolen digital assets at all is far from a guarantee for crypto investors. Cryptocurrencies are
decentralized and largely unregulated across the globe, so there’s historically been very little
investors can do if their crypto is stolen by hackers.

4. MGM Hotel Attack

In February 2020, HT reported that MGM had suffered a data breach affecting
approximately 10.6 million guests. At the time, MGM Resorts had confirmed that
the information posted to the dark web stemmed from an earlier security breach
the company had experienced in 2018 when one of its cloud servers was hacked
The personal data of approximately 10.6 million consumers who stayed at MGM
resorts appeared online this week, ranging from home addresses and contact
information to driver’s licenses and passport numbers in some cases. The data,
which was obtained during a July 2019 leak, was published on a hacking forum on
Monday and verified by ZDNet and Under the Breach, a soon-to-launch data breach
monitoring service. The file contained personal details including full names,
birthdates, addresses, email addresses and phone numbers. For about 1,300
individuals, more sensitive data such as driver’s licenses, passports, or military ID
cards, was found online.
01-135202-037

It's not the first time a hotel chain has been involved in a data breach. In 2018,
Marriott hotels reported a data hack involving 300 million people who stayed at
Starwood hotels. "Breaches like the one impacting MGM are often difficult for
consumers to respond to," security expert says.

5. WHO Attack?
A grim milestone has been crossed today in the war in Ukraine – more than
100 attacks on health care verified by WHO since the start of the war on 24
February. The attacks so far have claimed 73 lives and injured 51.

Of the current total of 103 attacks, 89 have impacted health facilities and 13
have impacted transport, including ambulances.

“We are outraged those attacks on health care are continuing. Attacks on
health care are a violation of international humanitarian law," said Dr Tedros
Adhanom Ghebreyesus, WHO Director-General, at a press conference.
“Peace is the only way forward. I again call on the Russian Federation to stop
the war.”

The World Health Organization has verified 43 attacks on health care in the three
weeks since Russia invaded Ukraine and says hundreds more facilities remain at
risk.

On Wednesday WHO Director-General Tedros Adhanom Ghebreyesus outlined the

agency's efforts to meet Ukrainians' immediate health needs and said more donor
support is needed. The WHO has received just $8 million of its $57.5 million appeal
so far, he added.
"Huge amounts of money are being spent on weapons. We ask donors to invest in
ensuring that civilians in Ukraine and refugees receive the care they need," he said.
"And we continue to call for attacks on health care to stop."

More than 300 health facilities lie within conflict lines or areas that Russia claims to
control, Ghebreyesus said, and another 600 are within 10 kilometers (or just over 6
01-135202-037

miles) of the conflict line. The World Health Organization has opened a field office in Poland
to coordinate its response to refugee health needs. The agency is also sending equipment and
supplies to Ukraine. Some 220,000 pounds of things like oxygen, insulin, surgical supplies are
already on the way. Russia has targeted health care facilities in previous conflicts, such as the
Chechen War.