Suez: The New Lock Method
Tylar Samuel
Department of Cybersecurity, Old Dominion University
CPD 494: Entrepreneurship- Professional Studies
Professor Akeyla Barbour
April 21,2023
Bank fraud has always been prevalent in society, now, with today’s technological advancements, it has gone digital. In 2006, a young Russian hacker who went by the screen name of Slavik created and sold a bot net that later earned the title Zbot, short for Zeus bot. The malware was first reported to be found on a young woman’s computer and posted to an online forum for help identifying its intent. This malware was purposed to crawl into a computer quietly, search through their file, storage and browser history, in search of usernames and passwords to steal and give to its owner. The information the malware was seeking was specific to online banking information. Once the information was received, the malware would report its finding back to its owner, who would log into their accounts with their information and steal the account holder’s money. As Zeus developed and expanded, it became an even more detrimental threat to its victims. Along with financially decapitating a user’s account, the malware then turned the infected computer into a spy by connecting it to a network of infected computers, completely under the hacker’s control. Due to the nature in which the username and password were stolen, when the hacker logged in with the user’s correct information, it appeared as though there was no foul play. This virus continued to attack countless victims until May 2009, when the FBI began receiving reports large scale fraudulent transfers.
In total, it’s estimated that the ZeuS botnet infected 500,000 to one million computers worldwide, and 25% of those computers were in the US. The FBI reported they estimated that the US victims lost over $100 million from fraudulent bank transfers alone. Another $27 million was collected from ransomware payments when hackers informed institutions that to receive their infected devices back, they had to pay for it to be released. This aspect of finance needs new and creative ways of protecting their user’s information. As technology advances so do cyber criminals. Therefore, an increase of protection must take place to ensure these criminals are unsuccessful in their endeavors.
Suez is my solution to malware created like Zeus. Suez will be securing software, with the potential for app development. The software will work with the creation process of becoming an online bank user. The development of this software is to work as an added safeguard to secure financial information. A user would be expected to create their username and then be redirected to Suez, a third-party source for securing financial data. There, a user would specify the parameters in which their password or passphrase should exist. After answering a series of randomly generated personal questions, Suez could then populate 8,12- or 22-character passwords, depending on the specifications of the users.
In creating Suez, to aid in the fight against criminals stealing information and money, this software can become a target. Suez would become a target due to the nature of the information it holds. This would mean, in order to the better protect Suez, the encryption has to be strong but flexible. The Advanced Data Encryption Standard is to be considered when designing a sustainable way to protected sensitive information of this sort. Compare the encryption to a target. The more the target moves the harder it is to hit. In cyber security, I’ve learned nothing is “unhackable”, so a contingency must also be created to decrease the chances of fallout. In the event the software is hacked, Suez would have an everchanging encryption key with no sole admin user, this way the data will continuously separate the passwords from the users. This would make it harder for the hacker to pin point whose information belongs to who, even if they were to gain access.
Most internet users do not possess a high level of understanding concerning cyber security and the facts support this claim. The average user does not change their password monthly but 90 percent of internet users are fearful of being hacked. 53 percent of those individuals rely mainly on memory to manage their passwords. 51 percent of individuals use the same password for both personal and business account. 57 percent of internet users have been scammed in phishing attacks and have yet to change their password. As of January, this year, 23 million accounts still use the password 123456. After an analysis of 15 billion passwords, it was determined that the average password length is eight characters. 57 percent of employees find password management a nuisance that hinders them from working efficiently (Vojinovic,2023).
Here are some facts that would petrify the 90 percent of already fearful internet users. I wonder if these internet users are aware that it only takes 10 minutes to crack a lowercase password that is six characters long. A cyber-attack every 39 seconds. In each second, 75 records are stolen. 300,000 new malware programs are made daily. Cybercrime is more profitable that the illegal drug trade. Russian hackers can infiltrate a computer network in 18 minutes, whereas North Korea needs two hours and China, four. The fee to create a consumer account on the black market is a single dollar. There were 3.5 million positions in cybersecurity in 2022. The United States approximately loses 100 billion dollars every year due to cybercrime. The most expensive computer virus to date cost 38.5 billion was called MyDoom. The United States allocates nearly 15 billion dollars to the cybersecurity budget. The average individual is every right to be fearful of cybercriminals because we are currently in the middle of cyber war. We are losing compared to these criminals. Countries are losing money. Data is being stolen and sold and we are under serviced in this division of crime. Leaving the field wide open for attackers to take what they please.
Cybercrime is a criminal activity that targets a users’ computer, the computer network or a networked device. Cybercrimes are carried out by one individual or a groups/organization. Cybercrime involves targeting using viruses or other types of malwares. It can also look like criminal activity using computers to commit other crimes. As we advance in the technological world, these cyber criminals continue to find different methods to create maximum data and financial devastation. These cyber-attacks have a multitude of methods to perform financial cyberattacks. The most common method of cyber-attack lies in social engineering tactics. Common ways to gain access unauthorized access to a computer or network include malware, ransomware, phishing, DDoS attacks and ATM Cash out attacks.
Malware is software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and harmful action. Most often, malware is the general term used to refer to a wide variety of damaging software programs. Financial malware cyber-attacks have risen in recent years. There has been global financial loss caused by malicious malware. As stated by Cybersecurity Ventures, malware had risen to approximately 115.4 billion dollars in losses across multiple industries in 2021. The growing malware cyber-attack samples are being developed too often to be handled by the current cybersecurity tools being installed. An example of financial malware cyber-attack would be the first sight of intrusion. The intrusion then prompts the user to install some sort of fake software or update. If and once the download takes place, the malware infects the host across all networks and steals confidential data. Attacks like these can also be done through mobile devices. Financial entities are not able to control the user’s installation process on their personal devices. That leaves these devices exposed to numerous threats and a multitude of social engineering attacks. Malware and social engineering attacks often go hand in hand through tactics like phishing emails to scam a user.
Security attacks had increased 31 percent from 2020 to 2021. Attacks on businesses and companies affect the conglomerate as well as the individual because often times those businesses or companies have sensitive or personal information for the consumers. Kaspersky published a fact stating, “A single attack- whether it’s a data breach, malware, ransomware or DDoS attack, on average cost the company 200,000 dollars (Kaspersky). In 2021 United States banks and financial institutions made close to 1.2 billion dollars in ransomware payments, which is triple the amount in the year 2020. The issue of cyber-attacks had grown so severe that in November of 2021 leaders from 36 countries and the European Union met to discuss counteractive methods that can be put in place to protect again ransomware attacks. President Joe Biden declared a state of emergency amidst the Colonial Pipeline attack in 2021. The cyber-attack shut down the pipeline for several days which caused a fuel shortage in the Southeast states in the US. This attack prompted President Biden to sign a preventative measure that requires certain businesses to report cyber incidents and ransomware payments to the CISA (Cybersecurity Infrastructure and Security Agency). As of November 2021, the concern for the nation was preventing attacks and warning the public to be weary of the threat faced (CNBC).
These preventative measures are working in tangent with cyber security analyst to begin to manage what rapid digitization is doing to the world. Automation for all its convivence, has caused the financial sector to take a hit. The FSISAC (Financial Servicers Information Sharing and Analysis Centre) revealed in 2022 that cyber threats for the financial sector have increased due to the web portals and banking apps. These apps were made with the intention of making general finance responsibilities “simpler,” but the risk of compromising entire banking systems has drastically increased because of these simpler methods for general banking. Remote working is another example of how simpler solution are costing companies hundreds of thousands of dollars. After Covid-19, many companies and businesses opted for hybrid or total remote work. This was in attempt to maximize the company’s efficiency while cutting cost on was ted office environment. That trend carried over past the worst of the coronavirus and remote work became a popular style choice in which to do work. This new working infrastructure has also been adopted by financial institutions which has inadvertently widened the attack surface for cybercriminals. The company servers being accessed from offsite increases the likelihood of back door connections being mad and sensitive information being taken (sangFor).
In February of this year, an article posted on the Banking Journal, written by the American Banking Association stated, “More that 60 percent of global financial institutions with at least 5 billion dollars in assets were hit by a variety of cyberattacks over the past year, according to a new survey by Contrast Survey.” 64 percent of these financial institutions noticed an increase in attacks that exploited vulnerabilities found in apps. (ABA,2023) While Suez is not able to stop all types of data breaches, it can secure data which will cut down on a few methods of infiltration.
Capital One suffered a data breach in 2019. A woman by the name of Paige A Thompson accessed Capital One’s AWS server, which stored 100 million credit card applications dating backing to 2005. She then stole 100 million credit card applications and posted the stolen information on GitHub, then bragged about the incident on her social media pages. Capital One found out about the data breach dump by a good Samaritan GitHub user. This breach impacted nearly 100 million people in the US and more the 6 million in Canada. 140 thousand social security numbers, 1 million Canadian Social Insurance numbers and 80 thousand bank account numbers. The Capital One data breach is classified as one of the most devastating breaches in the financial industry (Kost, 2023) Learning from this breach Suez intend to secure all cloud technology. Capital One may have been able to avoid such devastation if the company could secure the transition to cloud storage. Suez attempt to be that securing factor by acting as a third-party transition space for larger corporations to safely store data in cloud storage with an attack monitoring solution. When referring to securing the app or mobile device software, Suez ensures all firewall configurations are in place before allowing a transfer of data. Misconfigurations of web application firewalls was a key factor in making this breach possible. Having a reliable system is imperative in monitoring cyber-attacks. In later developments, Suez would incorporate attack surface monitoring software with the personnel to match in order to not only prioritize securing information but staying on the offensive by constantly testing our own software to spot ways to improve our security measure.
More recently, Flagstar Bank became another victim to a cyber-attack. In June of 2022 1.5 million Flagstar customers were impacted by this devastating attacks. Flagstar is one of the largest financial providers in the US and their data breach led the leaking of 1.5 million Social Security numbers. Along with Social Security information, banking information and personal information such as birthdays, addresses etc were released in the attack. This attack was the second on this financial institution. The first attack took place in December of 2021. Flagstar Bank stated there was no evidence of exploitation in their investigation but urged customers to monitor credit card activity. This breach at Flagstar helped me tweak the coding of Suez to create a security software that takes account for all possibilities. There were no specific attack vectors verified in the investigation which means it could be all. So, Suez is going to expect the unexpected by constantly hold itself accountable through consistently random penetration tests. If Suez is able to catch the problem before it becomes one, the software is that much better at protecting your information. Regular security audits and simple annual penetration tests could have prevented this breach of data.
Outside of banking, any personal information stored online is susceptible to attack by these cyber criminals. LinkedIn is a prime example of just that. The LinkedIn breach released
Cyber threats are constantly evolving and the tactics to do so are improving at rapid pace. Attack vectors access a computer or network server with intent to do harm with a variety of methods at their disposal. Suez is an innovative software that intend to make the retrieval of sensitive information more difficult. The research done on this market concludes that companies cannot keep up with cybercriminals and the average individual does not want to. Companies and small businesses are under attack by these cyber criminals and are losing the battle. The average person is weary of attacks but is unsure how to properly manage their information. Suez attempts to bridge this gap by placing the responsibility for safely storing data. The application software works as a third-party information storer made by future white hat hackers for the average individual. The app intends to be a smooth transition for stored information. Unlike the standard cloud or a drive, the information stored is encrypted and continually hashed making the challenge considerably more difficult for a hacker.
In practical use to gain access to this data by cellular device or laptop, a biometric key with a second factor authentication would be the safest way to manage the data. Once inside the application software, the effectiveness lies in the simplistic manner in which it is presented to the user. The user, company or small business answers a few questions to personalize their experience with the app or download and generates usable passphrases for your protective needs while storing that information and other pertinent files. The app/ software also possesses a feature which allows it store sensitive information and encrypt it. Using attack surface monitoring software our software can self-highlights any data vulnerability and notify our researchers to create a stronger software and push the updated versions as the issues are solved.
It is unrealistic to not account for all that can go wrong with the application software world as technology move at such a rapid pace. As we advance in methods to better secure the information trusted to us, the best way to ensure effectiveness would be to constantly put ourselves under the microscope. Holding ourselves accountable is one thing but, I intend for Suez to do better than that. Suez is software that strives to be the best at what it does, in doing so we are constantly testing our firewalls and cloud technology to prevent cybercriminals from accessing vulnerabilities. As we branch out and become the popular choice for outsourcing data protection, so does the team and so does budget.
The best way to ensure the quality of the application software remains impenetrable is to maintain a level of staffing that meets our company’s needs. Often times companies over project their number to give themselves a better head start but Suez will work with a transparent motto. The business aspect of Suez wants to maintain transparency with the consumer to gain the respect and loyalty behind the name. With all technological advancements there will be hick-ups but we intend to work around the clock to ensure we do our best job at keeping our valued customers information safe. This will be done in two ways, manual and automatically. Our beta tester of the software will have working code that allows the software to run test against itself and report its finding. From there, we can determine how to strengthen the gaps.
It’s completely understandable how these activities can go by the waste side in the big scheme of the institutional financial obligations and also the average individual. These companies are being overworked and entering fields they aren’t fully prepared for. The same can be said for the average employee got hired to work their department not defend the company. For all the good smart technology has done, we still have a way to go. By adding Suez to their servers, we take over that responsibility with trained cybersecurity analysts to pick up the company’s slack. As a third-party protection software financial institution can get back to focusing on providing top notch financial services.
In today’s society technological innovations have continually improved. In 1973 Motorola demonstrated the first handheld cellular device, seven years later the first laptop was invented. Most individuals can concur that these items contain imperative and sensitive information that could be essential to life. An example of the importance of these devices would be an iPhone. In 2022, a study concluded 120 million individuals are iPhone users in the United States. 120 million people accounts for 49 percent of smartphone users. Out of the 49 percent of iPhone users, 41 percent also have an iPad or Mac, sharing one iCloud account (Laricchia, 2022). All Apple devices are equipped with a NotePad to take notes or hold information. An iPhone users can store information such as passwords, documents, passes etc. in this feature, which then uploads and saves to the cloud. Now your information is stored in three different locations, your phone, your cloud and your laptop/desktop or tablet. Suez intends to be inclusive program that would take over the responsibility of NotePad by hold that sensitive information in one location and continually hashing the information, making it more difficult if not impossible to be decrypted.
Suez is the app every cellular device needs and the download available software every laptop and desktop should require. Suez takes away the hassle of storing personal information and creates a safe and hash place for you to store important data. This app is designed to hold sensitive information and continually hash and rehash the information. Along with the storing of information, by answering a few questions, Suez can generate passwords or phrases that renew themselves continuously with the information gathered. In detail Suez began as a simple application software created to hash generated passwords through the app. Since continuing my research and gathering data on how to best serve the consumers need, Suez has evolved to creation a solution to securely storing sensitive information for both businesses and the individual user. The two main features of Suez include the application’s ability to stored sensitive information and creating various length passwords or phrases to its specific users.
Firstly, the best way to ensure the success of Suez is to staff correctly, efficiently and with optimal conditions in mind. One of the benefits of an application software like Suez has to lie in working conditions. Staffing is paramount and will be taken extremely seriously when in the hiring process. Due to the sensitive information in which the company will be responsible for, the employees must be fully screened and a cleared before hired. With that said, the company wants fresh green faces. Newly graduated college student to millennials. This is done with the thinking of younger minds lead to newer visions. Suez is a protective application software but beyond Suez is a company that foster new ways of thinking. By integrating all the facets of different apps, Suez aims to provide a new sense of safety for the tech industry. This idea was brought about by a young woman who needed to write a paper to graduate. If innovative thinking can be sparked in the classroom, the idea can be fostered in reality. Suez intends to be that place for bright minds looking to expand the theories of cyber protection.
As an individual who has worked in many fields, morale is important. Taking time to appreciate the employees, create room for growth within the company, mental health check-ins and regular assessment meetings for progress checks will be incorporated in the company’s work policy. This is in attempt to foster loyalty and trust withing the company. By listening to Suez employees and understanding how we can improve their experience, we create happy workers who enjoy their jobs. This may sound far-fetched but in reality, Suez employees are the most essential part of the application software. Doing our best to ensure we foster a happy work environment cuts down on issues like understaffing, mental health check-in ensure the worker knows there are outlets, opportunity for growth helps Suez employees strive for greatness knowing there not stagnant and progress meetings help the entire team communicate, share ideas and feel heard by higher ups.
In order to get Suez to a place where its able to be marketed, the program requires a team. A team of skilled Cyber analysts, IT specialists, programmers and business management agents. This team can create and recreate a good model of what Suez would look like in theory. Suez above anything would need time. Any innovation takes time to create but in the case of Suez time is an understatement. A software application like Suez does not exist as a whole and I believe the reason is due to the complexity of what Suez is trying to accomplish. There are different software applications that can store information, generate passwords or encrypt and hash data but none encompass all of that in one convenient application. Suez is prepared for a lot of trial-and-error phases which will be little or no cost due to the multitude shell scripting software that will allow the programmers and specialist to work on creating a strong code. While the specialists and programmers are fortifying the code, the analyst will be working against their goal. By starting off trying to penetrate the code, Suez can be fortified brick by brick making it stronger throughout the entire process. The foundation is key and once it reaches a 70 percent success rate through testing, it can be prepared for real world application.
Suez is the application software of the future. It’s a simple download that eases some of the stressful parts of life. Cyber threats are growing and evolving and as the criminals get better so should the protection. Suez is that protection. In creating this innovation, I learned about a market I did not know existed. I found out how underserviced financial institutions are in regards to cyber security professionals
References
https://www.sangfor.com/blog/cybersecurity/cyber-attacks-on-banks-devastate-financial-sector
https://usa.kaspersky.com/resource-center/threats/what-is-cybercrime
https://www.statista.com/statistics/236550/percentage-of-us-population-that-own-a-iphone-smartphone/
https://www.mass.gov/service-details/know-the-types-of-cyber-threats