IT Security and Risk Management | NMIMS Assignment Help June 2023 Questions

Q1. Even in this age of Google Pay, Apple Pay and Samsung Pay, where you can use virtual payments to purchase items in real stores and restaurants with your smartphone, the “old fashioned” credit card and debit card isn’t going away anytime soon. With that said, many people who use them are afraid that the payment information that’s on those cards could be lifted by hackers, even if they remain inside a wallet. That fear includes the newer credit and debit cards that have RFID chips inside. That’s why some folks who use those kinds of cards are buying RFID blocking wallets, which are supposed to keep hackers from taking your payment information. Explain RFID Hacking and ways to avoid it.

Q2. Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data. Most security professionals understand how critical access control is to their organization, which access control techniques would you want or expect your bank to employ to keep your bank account safe? Give detailed justifications for your recommendations.

Q3. CovidLock is a new Android ransomware that conducts a lock-screen attack against its victims. A security research Team, in the course of monitoring newly registered Coronavirus and COVID labeled domain names, discovered a website luring users into downloading an Android application under the guise of a COVID-19 heat map. The coronavirusapp. site domain initially contained an iframe sourcing directly from infection2020.com (a website from an independent developer for tracking US-based COVID-19 news) and a small banner above that encouraged the installation of the malicious application for real time updates.

The app portrays itself as a Coronavirus Tracker. As soon as it starts running, it asks the user to allow it to conduct battery optimization. The ransomware does this to keep itself running in the background and to make sure that Android does not close the app to optimize battery performance. Once the initial phase is over, the app requests access to Android’s Accessibility feature. By integrating accessibility features and services, Android developers can improve the app’s usability, particularly for users with disabilities. But it is common for attackers to use this functionality to keep the malware persistent.

Once admin rights are achieved by the app, the attack is launched. As soon as the victim clicks on “Scan Area For Coronavirus,” the phone locks itself with a message on the locked screen. It asks for $250 as ransom in the form of bitcoins. Failure to do so, according to the attacker, can lead to the leaking of the victim’s private data, including photos, videos, and more.

a. Explain the various types of malware and how is ransomware different from a virus/worm?

b. What precautions should an employer of an SME take to prevent ransomware attacks on a company resources?