IT Security and Risk Management NMIMS Solution June 2024

Description

NMIMS Global Access
School for Continuing Education (NGA-SCE)
Course: IT Security and Risk Management
Internal Assignment Applicable for April 2024 Examination
Assignment Marks: 30

Instructions:
 All Questions carry equal marks.
 All Questions are compulsory
 All answers to be explained in not more than 1000 words for question 1 and 2 and for
question 3 in not more than 500 words for each subsection. Use relevant examples,
illustrations as far as possible.
 All answers to be written individually. Discussion and group work is not advisable.
 Students are free to refer to any books/reference material/website/internet for
attempting their assignments, but are not allowed to copy the matter as it is from the
source of reference.
 Students should write the assignment in their own words. Copying of assignments from
other students is not allowed.

 Students should follow the following parameter for answering the assignment questions
1. Even in this age of Google Pay, Apple Pay and Samsung Pay, where you can use virtual
payments to purchase items in real stores and restaurants with your smartphone, the
“old fashioned” credit card and debit card isn’t going away anytime soon. With that
said, many people who use them are afraid that the payment information that’s on those
cards could be lifted by hackers, even if they remain inside a wallet. That fear includes
the newer credit and debit cards that have RFID chips inside. That’s why some folks
who use those kinds of cards are buying RFID blocking wallets, which are supposed to
keep hackers from taking your payment information. Explain RFID Hacking and ways
to avoid it. (10 Marks)

2. Access control is a method of guaranteeing that users are who they say they are and that
they have the appropriate access to company data. Most security professionals
understand how critical access control is to their organization, which access control
techniques would you want or expect your bank to employ to keep your bank account
safe? Give detailed justifications for your recommendations. (10 Marks)

3. Covid Lock is a new Android ransomware that conducts a lock-screen attack against its
victims. A security research Team, in the course of monitoring newly registered
Coronavirus and COVID labeled domain names, discovered a website luring users into
downloading an Android application under the guise of a COVID-19 heat map. The
coronavirusapp.site domain initially contained an iframe sourcing directly from
infection2020.com (a website from an independent developer for tracking US-based
COVID-19 news) and a small banner above that encouraged the installation of the
malicious application for real time updates.
The app portrays itself as a Coronavirus Tracker. As soon as it starts running, it asks the
user to allow it to conduct battery optimization. The ransomware does this to keep itself
running in the background and to make sure that Android does not close the app to
optimize battery performance. Once the initial phase is over, the app requests access to
Android’s Accessibility feature. By integrating accessibility features and services, Android
developers can improve the app’s usability, particularly for users with disabilities. But it is
common for attackers to use this functionality to keep the malware persistent.
Once admin rights are achieved by the app, the attack is launched. As soon as the victim
clicks on “Scan Area For Coronavirus,” the phone locks itself with a message on the
locked screen. It asks for $250 as ransom in the form of bitcoins. Failure to do so,
according to the attacker, can lead to the leaking of the victim’s private data, including
photos, videos, and more.

a. Explain the various types of malware and how is ransomware different from a
virus/worm? (5 Marks)

b. What precautions should an employer of an SME take to prevent ransomware attacks
on a company resources? (5 Marks)

********************************************************************************************