Skip to main content
Springer Nature Link
Log in

Case Studies

  • Chapter
  • First Online:
IT Security Controls

  • 2219 Accesses

Abstract

This chapter reviews three well-known attacks and identifies some of the referenced controls that could have been implemented to prevent or reduce the impact of these attacks. The case studies describe the incidents based on reports, interviews, or official investigations. Each attack differs in its nature, and the suggested controls were based on the reviewed information for each case, not meaning that other controls could have been applied.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+
from €37.37 /Month
  • Starting from 10 chapters or articles per month
  • Access and download chapters and articles from more than 300k books and 2,500 journals
  • Cancel anytime
View plans

Buy Now

eBook
EUR 17.99
Price includes VAT (Netherlands)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 70.84
Price includes VAT (Netherlands)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.

Notes

  1. 1.

    www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html

  2. 2.

    Mulligan, J. (2014, February 4). Written Testimony of John Mulligan. Target.Com. https://corporate.target.com/_media/TargetCorp/global/PDF/Target-SJC-020414.pdf

  3. 3.

    www.reuters.com/article/us-target-cyber-settlement-idUSKBN18J2GH

  4. 4.

    https://krebsonsecurity.com/2013/12/cards-stolen-in-target-breach-flood-underground-markets/

  5. 5.

    https://corporate.target.com/press/releases/2013/12/target-confirms-unauthorized-access-to-payment-car

  6. 6.

    US Senate Committee on Commerce, Science, and Transportation. “A “Kill Chain” Analysis of the 2013 Target Data Breach.” www.commerce.senate.gov/services/files/24d3c229-4f2f-405d-b8db-a3a67f183883. March 2014.

  7. 7.

    https://krebsonsecurity.com/2015/09/inside-target-corp-days-after-2013-breach/

  8. 8.

    Ibid. 6, page 3.

  9. 9.

    http://download.microsoft.com/documents/customerevidence/8466_Target_Development_Technologies_Gro.doc and http://download.microsoft.com/download/3/A/D/3AD464EA-F2B4-4E62-B11F-14E37727557C/Target_Hyper-V_CS.PDF (obsolete)

  10. 10.

    https://krebsonsecurity.com/2015/09/inside-target-corp-days-after-2013-breach/

  11. 11.

    US Senate - Committee on Commerce, Science, and Transportation. (2014, March). A “Kill Chain” Analysis of the 2013 Target Data Breach. US Senate. www.commerce.senate.gov/services/files/24d3c229-4f2f-405d-b8db-a3a67f183883

  12. 12.

    www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data

  13. 13.

    https://krebsonsecurity.com/2014/01/a-closer-look-at-the-target-malware-part-ii/

  14. 14.

    https://corporate.target.com/_media/TargetCorp/global/PDF/Target-SJC-020414.pdf

  15. 15.

    Ibid.

  16. 16.

    https://en.wikipedia.org/wiki/2016_Dyn_cyberattack

  17. 17.

    www.dynstatus.com/incidents/nlr4yrr162t8

  18. 18.

    www.wired.com/2016/10/internet-outage-ddos-dns-dyn/

  19. 19.

    https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/

  20. 20.

    https://blog.cloudflare.com/inside-mirai-the-infamous-iot-botnet-a-retrospective-analysis/

  21. 21.

    Wikimedia Commons. “File: Level3 Outage Map (US) - 21 October 2016.png. https://commons.wikimedia.org/w/index.php?title=File:Level3_Outage_Map_(US)_-_21_October_2016.png&oldid=565260119. May 27, 2021.

  22. 22.

    https://securityaffairs.co/wordpress/51640/cyber-crime/tbps-ddos-attack.html

  23. 23.

    https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/

  24. 24.

    https://krebsonsecurity.com/wp-content/uploads/2016/10/IoTbadpass-Sheet1.pdf

  25. 25.

    Security professionals should set an appropriate value for RRL, as it may increase the likelihood of a DNS cache poisoning attack to a legitimate requestor.

  26. 26.

    NHS ‘could have prevented’ WannaCry ransomware attack - BBC News

  27. 27.

    www.england.nhs.uk/wp-content/uploads/2018/02/lessons-learned-review-wannacry-ransomware-cyber-attack-cio-review.pdf

  28. 28.

    www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS.pdf

Author information

Authors and Affiliations

  1. Doha, Qatar

    Virgilio Viegas & Oben Kuyucu

Authors
  1. Virgilio Viegas
    View author publications

    Search author on:PubMed Google Scholar

  2. Oben Kuyucu
    View author publications

    Search author on:PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Viegas, V., Kuyucu, O. (2022). Case Studies. In: IT Security Controls. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-7799-7_8

Download citation

Publish with us

Policies and ethics