Network vulnerabilities
Network vulnerabilities, according to Jing et al., are caused by the system's ineffective security procedures, which might be disregarded by undesired traffic (2014).
Network intrusion
Network intrusion is the term used to describe unwanted access to and activity within a computer network. A recent network attack that happened as a result of hacking affected JLA Enterprise. The company's extensive cybersecurity system was operational at the time of the attack, but the hackers were nevertheless able to get past the security measures and access the network. The hack only took a short while to carry out, but before it was stopped, the majority of the company's data were collected. The hackers who were involved took their time to carefully plan and research on the weaknesses of the network, as demonstrated by the nature and extent of the attack.
Time of Attack
On Friday 25th of August 2017, a security breach was detected at JLA Enterprises after the cybersecurity system discovered data being copied from its servers. The hack took place at 0300Hrs while the secure servers of the company had just been rebooted. The company had been experiencing problems with the servers earlier during the day, and while the problem persisted, a reboot of the system was recommended. According to the logs that were obtained during the forensic examination of the network, the hack took place at 0327Hrs and lasted for one hour and twenty-nine minutes before it was detected by the security systems set up on the network servers.
Access to the Network
The entrance into the primary servers of the company was a precision hack that was performed by highly skilled individuals who knew the weak spots in the security of the servers. The hack took place at after a malware made its way to one of the computers being used in the company. One of the new staff of the company had received an anonymous email that contained a file with malware, and upon opening the file, the malware got injected to the servers. The firewalls of the servers were not able to detect the malware and as a result made its way to the network's servers. The malware was able to initiate its attack, which was programmed to copying and sending data to a remote server. The security systems only detected the attack when the data was being copied to remote servers that did not appear to be in the network's domain.
Assessment of the Attack
To assess the details involved in a hack, it is necessary to review the logs of the primary server of the network system (Kizza, 2013). During the hack, several computers in the JLA Enterprise network were targeted by the hack to retrieve information that they contained. The lead I.T manager's computers were targeted, and several files of important company security information were copied. Another victim of the attack was the Financial department's computers that were hacked into and most of their financial records copied to the remote server. The personal computers of some of the members in the finance department that were connected to the network at the time were also hacked, and private information of some of the personnel was copied. The CEO also was targeted, but the hackers were not able to access his files since by that time the security protocols had been reinitiated to stop the hack.
Of interest are the network engineers’ computers
Of interest are the network engineers’ computers that were hacked into and all their files copied and erased. The assessment shows a large amount of data was copied within the short period that the hackers were able to gain access to the network. The data that was stolen was crucial for JLA Enterprise’s operations and their partners that had done businesses with the company, which left them exposed. Hackers who did not give their intentions for the hack took the stolen data; however, it was the determination that the hack was for purposes of obtaining the company's financials. This is because the finance department was the worst hit by the hack and most of their data copied by remote servers.
Attack mitigation
Following the attack on the JLA Enterprise network, the damages it caused the company was excessive, and future attacks need to be avoided. Information theft is fast becoming a familiar cyber-crime since information can be manipulated for the benefit of the hackers (Das & Nayak, 2013). The use of personal information for blackmail or the selling of financial information to competitors is among the expected usage of the stolen data from the JLA network. However, the damage to the system was swiftly moderated once the hack was discovered at it is presumed to have saved the company further damages. The company network engineers were able to stop the attack but unable to retrace the source of attack as the hackers were able to hide their IP address.
Future Security
It is only proper for JLA Enterprise to focus on improving their cybersecurity to prevent future attacks to their networks. The assessment showed that the system is prone to attack by malware that can infect the computers in the network and copy data. Therefore, improving the security protocols in the network will provide the company with a hack free network and strengthen their cybersecurity (Kizza, 2013). Lastly, it is vital for the system to undergo further scrutiny to ascertain that all the elements of the malware that attacked the network are entirely removed.
References
Das, S., & Nayak, T. (2013). Impact of cyber crime: issues and challenges. International Journal of Engineering Sciences & Emerging Technologies, 6(2), 142-153.
Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. (2014). Security of the internet of things: Perspectives and challenges. Wireless Networks, 20(8), 2481-2501.
Kizza, J. M. (2013). Security Assessment, Analysis, and Assurance. In Guide to Computer Network Security (pp. 145-168). Springer London.
