A Case Study Assignment
This assignment will be based on the following article:
Chen, J 2019 'Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada', Trend Micro Security Intelligence Blog.
Answer the following questions in relation to the article. Assume that the audience for your responses is senior level management, who do not have a strong technical background. The word limit for this assessment item is 1,000 words.
1. Why did the adversaries encrypt the payment data using AES and encode using Base64 before exfiltration?
2. The adversaries in this attack used a compromised Javascript file hosted on the webserver to cause the client to transmit the payment data to a server which the adversaries controlled. Describe two other methods the adversaries could have used to achieve the same outcome.
3. The case study identifies at least three parties, PrismWeb/PrismRBS, 201 (individual) campus stores and the adversary group. Of the former two parties, who was primarily responsible for defending against this attack? What actions could the other (non-responsible) party have taken to mitigate against this type of vulnerability?
4. Compare and contrast the characteristics of the attack with the Dridex Financial Trojan.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.