Panera Bread Website Security Breach: An Essay On Cybersecurity Attacks.

1.Search the web for news on computer security breaches that occurred during January-August 2018. Research one such reported incident. Prepare a report focusing on the following issues.

2.Research the WannaCry and the Petya cyber-attacks and prepare a report.

1. The problem

Panera Bread Company is running a chain of the cafes and the restaurants in the United States and Canada. The headquarters of the Panera are located at Sunset hills, Missouri, which is a suburb of St. Louis and the company operates as Saint Louis Bread Company in the Greater St. Louis (Calfas, 2018).  The company is engaged in the business of delivering the soups, pasta, sandwich and also some kind of drinks and bakery items. The company is also the owner of the Au Bon Pain and the outlets are spread across the 2000 locations.

The Panerabread.com, the Web site for the American chain of the bakery café which is the fast casual restaurant and then leaked millions of the records of the customers which includes the emails and residential address, birth dates and the last four digits of the credit card number which is for at least last eight months before it was gone online. The incident occurred in the month of April and the year 2018 (Fimin, 2017).

The data available in the plain text on the site of Panera consists of the customer who generally ordered food online from the website of the Panera . The St Louis based company has more than 2200 retail outlets in the United States. The real problem occurred when the customers records were being shared by the Houlihan and the copies of the email were exchanged with the Panera Bread CIO John Meister. The company accused Houlihan that he was trying to run the scam and the security was breached by him and the incident reportedly became vulnerable (Calfas, 2018).

It started with the email in the last summer, from one of the security researcher who told Panera Bread that its website is explicitly exposing the data of the sensitive customers. But after few months the problem went unfixed for months and the researcher went public with the proof of flaw. The news as heard from the analyst reported that the Panera’s response was half baked.

According to the researvher Dylan Houlihan he spoke in the story that eh waited for 8 months on the problem being fixed by the Panera, However after the issue was brought into the light the website of the Panera was taken down. Once the data was fumbled and leaked, 37 million records were breached at once and the same was informed by the security journalist Brina Krebs. The Houlihan was trying to report the data and the bug to the company, however he was being dismissed (Bission, 2018).

How and why it occurred?

The company was initially playing at the back foot, depicting 10000 customers has been affected but the true number came to be 37 million (Hackket, 2018).

Earlier the company has published the statement which spoke about the problem of the ransom ware attack and according to the company the problem has been fixed by the within the receiving of the notification by the Krebs (Krebs Security, 2017).

There are several steps that can have been followed in order through which the security breach might have avoided and it also helps the company to prepare itself for future attacks.

Encryption works effectively and remarkably well as it is one of the ways to secure the confidential data of the organisation. With encryption, the circumstance changes drastically. This is a mechanical shield that stays powerful regardless of whether human mistakes, for example, misconfiguration happens. A lot of information that would somehow or another be unprotected will not be forwarded to any individual who does not have the encryption key.

This is also another way that to help the data to protect the data against the breach of the security. The request to ensure against information break, best practices are to encode both optional and essential duplicates of information. ScramFS offers the instruments for ensuring both the primary and secondary copies (Mohurl & Patil, 2017).

(Source:  The verge, 2017)

The password shall also be changed so that the hackers cannot hack the computers easily and there are majorly different kinds of vaults that expect you to just recall the access and the ability to watch the data from the vault (Palisse, et al 2016).

The review of the system and the logs talk about base lining the system on the daily basis. For example when reviewing the security servers and log of the databases, the administrator raises the multiple 529 events. Therefore it is necessary to create a powerful baseline system which needs proper attention and security (Seigel, 2018).

WannaCry is a ransom ware that spread rapidly across the different computers and affected the PC’s. The ransom ware encrypted all the files and the data of the clients and demands a ransom which is to be paid by the user to decrypt the data so as to get the access back (Mohurle & Patil, 2017).

Petya ransom ware on the contrary which belongs to the family of encrypting the data. The Petya ransom ware was introduced in the year 2016. There were different variants of the Petya ransom ware were seen in March 2016 which came into existence in March 2016.

What could have been done to prevent it

The problems in both the events are almost same. The Petya ransom ware uses the Eternal Blue exploit which is similar to the Wanna Cry a son eof the means to propagate the data of the clients. However it was also engaged into the SMB network techniques. Petya built the list of different IP addresses which mainly includes the data from the primary addresses on the local area network (McKnight, 2017). Petya was using two major methods to spread across the network. The first method was Execution across the network shares and secondly though the SMB exploits.

When compared to the WannaCry the attackers of the WannaCry also uses the technique of the SMB which means the Server Message Block. The SMB protocol basically assists various nodes on the network. It is also believed that the national security agency of the U.S discovered the vulnerable situation and instead of reporting and communicating the same to the InfoSec community; it helped to develop the Exploit Code which is termed as Eternal Blue. The main thing the WannaCry do is to access a long gibberish URL. The Wannacry was not trying to target the specific organisation rather; its main focus was on the companies which are having the out-dated software (Mohurle & Patil, M. 2017).

The recent attacks of the WananCry and the Ransom ware left thousands of the business which are spread across more than 150 countries worldwide reeling with the countless Internets. The monetary mechanisms sued by the people were Bit coin in order to regain the files. Further, there is a huge scope for the WannaCry attacks and the Petya Ransom ware.

There are many online communities which are used to provide the training and expertise eon hacking and cracking the codes to enter into the computer of the clients and the same

Online communities that provide hacking facility to the hackers and they ultimately build their own system which pretty much looks like the same (Osborne, 2018).

Ransom ware is a booming and increasing underground industry and there has been an upside in the attacks in the recent years. In 2015 Ransom ware infections grew by 114% over the previous year which also resulted in increase of the demand of the money by the perpetrators to over $350 to give back the files according to the Symantec Internet Security Threat Report. Wanna cry influenced the thousands of the framework across the world and it is the most crucial ransom ware attack. This attack was unbeatable on the basis of many grounds such as that it can place the effect over the network and the organisation framework is vulnerable in terms of the PC frameworks. Around the globe the WannaCry was hacking the numerous PC’s and squeezes the data and scrambles it. In this way the clients generally have the conversation with mail and point towards the hacked and information records (Richardson, & North, 2017).

2. WannaCry and Petya Ransom Ware

The robust filtering is also one of technique that is used to block spam and fraud mails and also the utilisation of the cloud computing is another option to boot the systems. To eliminate this problem there are several procedures and the methods that are being incorporated in order to protect the confidential data and files.

Malware is getting to be sufficiently complex to avoid the possibility of the detection. One technique for uncovering it is to keenly observe the outbound system activity. Doubts shall be questioned when the count of the outbound organisations or the movement of the malware is unable to be caught. The theft of the sensitive data needs to me monitored on an early basis in order to avoid the future possibility. (Kao & Hsiao, (2018).

The operating system shall be kept up to date and all the cache files and the history shall be cleaned from time to time. It is so simple that the operating system if originated outside the perimeter of the network the possibility of the vulnerability will be entirely low.

No matter what is the size of the organisation, having a plan full of security, can take back the situation to a normal state (Thomas & Galligher, 2018). The security plans shall be sculpted individually for different organisations differently. Also the companies and the organisations shall focus in to buy the new policies that can implement the security plans and practices to deal with. Completely eliminating security breaches is an impossible task yet the companies can achieve the security to an extent so that it can save itself from the possibility of the future threats

References

Bission, D. (2018). The 10 biggest data breaches so far. Retrieved from https://blog.barkly.com/biggest-data-breaches-2018-so-far

Calfas, J. (2018). Panera bread created million users data online. Retrieved from https://time.com/money/5225880/panera-breads-website-is-the-latest-big-data-breach-heres-what-to-know/

Fimin, M. (2017). Are employees part of the ransomware problem?. Computer Fraud & Security, 2017(8), 15-17.

Kao, D. Y., & Hsiao, S. C. (2018). The dynamic analysis of WannaCry ransomware. In Advanced Communication Technology (ICACT), 2018 20th International Conference on (pp. 159-166). IEEE.

McKnight, J. (2017). The Evolution of Ransomware and Breadth of its Economic Impact (Doctoral dissertation, Utica College). United States: John and wiley

Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack 2017. International Journal of Advanced Research in Computer Science, 8(5).

Palisse, A., Le Bouder, H., Lanet, J. L., Le Guernic, C., & Legay, A. (2016). Ransomware and the legacy crypto API. In International Conference on Risks and Security of Internet and Systems (pp. 11-28). New York: Springer

Hackket, R. (2018). How Panera Bread Fumbled Its Data Leak—And What to Learn From Its Mistakes. Retrieved from https://fortune.com/2018/04/04/panera-bread-data-leak-lessons/

Retrieved from https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/

The verge, (2017). Panera Bread leaked customer data on its website for eight months. Retrieved from https://www.theverge.com/2018/4/3/17192348/panera-bread-leaked-customer-data-breach-website

Osborne, C. (2018). The eight-month data leak may have exposed customer credit card information. Retrieved from https://www.zdnet.com/article/panera-bread-data-leak-reportedly-exposed-millions-customer-records/

Richardson, R., & North, M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10-21.

Perlroth, N., Scott, M., & Frenkel, S. (2017). Cyberattack Hits Ukraine Then Spreads Internationally. The New York Times. 10(1), 22-28.

Seigel, S. (2018). Panera’s data breach puts attention on risks of loyalty programs. Retrieved from https://www.washingtonpost.com/news/business/wp/2018/04/04/paneras-data-breach-puts-attention-on-risks-of-loyalty-programs/?noredirect=on&utm_term=.f6a5c982ea12

Thomas, J., & Galligher, G. (2018). Improving backup system evaluations in information security risk assessments to combat ransomware. California: Routledge.