Timeline and Duration of the Attack
The data breach was detected at 3:23 am by a local network intrusion detection system (NIDS) installed to protect the JLA Enterprise network. NIDS “analyzes network traffic at all layers of the Open Systems Interconnection (OSI) model and makes decisions about the purpose of the traffic, analyzing for suspicious activity” (Kumar et al., 2013, p. 77). The hackers took advantage of the nighttime when most security professionals could not respond.
Method of Intrusion
A phishing email is the most likely version of how hackers were able to get inside the JLA Enterprise network. Some of the employees sent the login and password of their work account to a fake email or clicked on a link in this from a work device. The situation is similar to the 2014 JP Morgan Data Breach (SentinelOne, 2016). Nine years ago, hackers exploited this network vulnerability too.
Systems Compromised
The hackers successfully compromised the computers of all non-managerial and non-manual workers in the JLA Enterprise. Cybercriminals could not establish connections or install malware or spyware on non-mobile devices of junior, middle, and senior management and entity executives. Local NIDS found no traces of intrusion on employees’ devices higher in the corporate hierarchy. Additional software diagnostics, as part of the forensic examination, did not show anything suspicious either.
The cyber-thieves managed to access the computers of all non-management and non-manual employees. The entry point for the cybercriminals was the device of the employee who fell for the phishing email and sent their work login and password to them. During the forensic examination, it was found that the work gadgets of other categories of JLA Enterprise members do not contain traces of suspicious activity inside their operating systems and programs.
Data Breach and Exfiltration
The hackers managed to extract critical data for the JLA Enterprise, and if this becomes publicly known, reputational losses are inevitable. Similar behavior was exhibited by the hackers responsible for the Equifax breach in 2017 (Miyashiro, 2021). In the present case, the cyber-thieves succeeded in stealing JLA Enterprise’s customer data, the entity’s financial data, and the business organization’s history of collaborations with other firms.
As established in the previous paragraphs, the cybercriminals responsible for intruding on JLA Enterprise’s internal network have breached the data. For the cybercriminals to carry out this attack, they discovered and exploited a network weakness via email phishing sent to one of the workers. Data breach is one of the most commonly used hacking strategies and, unfortunately for the JLA Enterprise, one of the most effective.
Signs of Persistence and Future Threats
The cyber-attack on the JLA Enterprise took approximately 17 minutes from 3:23 am to 3:40 am. However, one must remember that data breaches are cybercriminal operations with long lead times of 90 days or more (Table 1). The network structure and the information security capacity of the company have been analyzed for an extended period. Data theft from the JLA Enterprise has been planned for a long time.
As noted above, the hackers could not break into the computers of the firm’s management and executives, so the local network has some persistence. It can be enhanced through collaboration with national-level and global entities (Maurer & Nelson, 2021). Installing a behavior-based malware detection system as an additional one also provides greater information security (Cloonan, 2017). Regularly testing them specifically for their ability to detect various multi-stage and complex attacks will prevent future hackers from stealing JLA Enterprise data (Khorkov, 2012). The company seems to have neglected all these protective measures in the past.
References
Cloonan, J. (2017). Advanced malware detection – Signatures vs. behavior analysis. Infosecurity Magazine. Web.
Khorkov, D. A. (2012). Methods for testing network-intrusion detection systems. Scientific and technical information processing, 39(2), 120-126.
Kumar, B. S., Raju, T. C. S. P., Ratnakar, M., Baba, Sk. D., & Sudhakar, N. (2013). Intrusion detection system- Types and prevention. International Journal of Computer Science and Information Technologies, 4(1), 77–82. Web.
Maurer, T., & Nelson, A. (2021). The global cyber threat. Web.
Miyashiro, I. K. (2021). Case study: Equifax data breach. Web.
SentinelOne. (2016). The most devastating cyber attacks on banks in recent history. Web.
Appendix
Table 1:History of JLA Enterprise data breach