this is the case study of yahoo mail cyber attack.

1. SEMINAR ON YAHOO MAIL CYBER
ATTACK
Submitted to: Submitted by:
Sr. Lect. Shikha Maheshwari Rohit kumar mishra
Sr. Lect. Arihant Jain

2. Yahoo Mail
 Yahoo is the second-largest email service
worldwide, after Google's Gmail, according to
the research firm comScore.
 There are 273 millionYahoo mail accounts
worldwide, including 81 million in the U.S.

3. What happened In Yahoo Mail
Cyber Attack
 The cyber attack on yahoo was on 30 jan 2014.
 The attackers likely targeted third-party
databases to obtain customer usernames and
passwords.

4.  company said that on 30 jan 2014, a “handful”
of its servers were impacted but said there
was no evidence of a compromise to user
data.
 Yahoo Inc. said in a blog post on its breach
that "The information sought in the attack
seems to be names and email addresses from
the affected accounts most recent sent
emails."
Company Statement After
Accounts were hacked

5. Reaction Of Yahoo On Attack
 Yahoo said it is resetting passwords on affected
accounts and has "implemented additional
measures" to block further attacks.
 The company would not comment beyond the
information in its blog post. It said it is working
with federal law enforcement.
Continued…

6.  “These attackers had mutated their exploit,
likely with the goal of bypassing IDS/IDP orWAF
filters”.
 This mutation happened to exactly fit a
command injection bug in a monitoring script
our Sports team was using at that moment to
parse and debug their web logs.

7. What was the Criminals' End-
Game?
 By reading the recent emails found in the Inbox
and Sent mail, the criminals are likely able to
determine other places where theYahoo email
user has additional accounts.
 Based on our current findings, the list of
usernames and passwords that were used to
execute the attack was likely collected from a
third-party database compromise.

8. Type Of File Used
 The bit.ly URL that is used in the attachment to
the affected users.
 The attackers have apparently been referencing
a non-existent MSNBC news report in the email.
 Redirects to a fake MSNBC page that reportedly
hijacks yourYahoo Mail account immediately if
you are logged in.

9. Techniques by which cyber
attacks are done
 Socially engineeredTrojans
 Unpatched software
 Phishing attacks

10. Socially engineered Trojans
 Socially engineeredTrojans provide the No. 1
method of attack .
 An end-user browses to a website usually
trusted - which prompts him or her to run a
Trojan.
 The user executes the malware, clicking past
browser warnings that the program could
possibly be harmful.

11. Countermeasure For Socially
engineered Trojans
 Social engineeredTrojans are best handled
through end-user education that's informed
by today's threats.
 An up-to-date antimalware program can't
hurt, but strong end-user education provides
better bang for the buck.

12. Unpatched software
 Coming in a distant second is software with
known, but Unpatched exploits.
 The most common Unpatched and exploited
programs are Java, Adobe Reader, and Adobe
Flash.

13. Countermeasure For Unpatched
software
 Stop what you're doing right now and make sure
your patching is perfect.
 If you can't, make sure it's perfect around the top
most exploited products, including Java, Adobe,
browser admins, OS patches, and more.

14. Phishing attacks
 Everything looks great; it even warns the
reader not to fall for fraudulent emails.The
only thing that gives them away is the rogue
link asking for confidential information.
 Approximately 70 percent of email is spam.

15. Countermeasure For Phishing
attacks
 Decreasing risk from phishing attacks is
mostly accomplished through better end-user
education -- and with better antiphishing
tools.
 Make sure your browser has antiphishing
capabilities.

16. Method Used To Hack Yahoo
Mail
 The phishing method was used in yahoo mail
cyber attack .
 In general it is a way of attempting to acquire
information such as usernames, passwords,
and credit card details by masquerading as a
trustworthy entity in an electronic
communication.

17. Type Of Phishing
 Spear phishing
 Clone phishing
 Whaling
 Rogue WiFi (MitM)

18. Spear phishing
 Phishing attempts directed at specific individuals
or companies have been termed spear phishing.
 Attackers may gather personal information
about their target to increase their probability of
success.
 This technique is, by far, the most successful on
the internet today, accounting for 91% of
attacks.

19. Clone phishing
 A type of phishing attack whereby a legitimate,
and previously delivered, email containing an
attachment or link has had its content and
recipient address(es) taken and used to create an
almost identical or cloned email.
 The attachment or link within the email is
replaced with a malicious version and then sent
from an email address spoofed to appear to
come from the original sender.

20. Whaling
 Several recent phishing attacks have been
directed specifically at senior executives and
other high profile targets within businesses,
and the term whaling has been coined for
these kinds of attacks.

21. Rogue WiFi (MitM)
 Attackers set up or compromise freeWifi access-
points, and configure them to run man-in-the-
middle (MitM) attacks, often with tools like
sslstrip, to compromise all access point users.

22. What Yahoo Have Done After
Attack
 The company has taken a few steps to ensure
your security is restored by sending
notification e-mails that instruct users who's
Yahoo Mail accounts have been broken into
to change their passwords.
 They asked the users who got in touch with
them if they got such an email and clicked on
the link.

23. The Steps To Be Followed When
Yahoo Account Has Hacked
 If yourYahoo Mail account has been hacked, you
should make sure to change log-in credentials.
 If you have a similar user name at Gmail or
Twitter or any other social networking site, it
would be a good idea to change that information
as well.
 Be wary of any odd e-mails from theYahoo
contacts and never click on any links inside of
messages.

24. THANK YOU