Week 1 Assignment 1

docx

School

Collin County Community College District *

*We aren’t endorsed by this school

Course

1371

Subject

Information Systems

Date

Oct 30, 2023

Type

docx

Pages

Uploaded by MinisterMask26335

OSINT on Lowes Lowes.com Their website led me to their Facebook, Twitter, Instagram, and YouTube where I can follow updates. Lowes Instagram I can see everyone who Lowes is following and who follows them. I can use this information to see what companies or people they may partner with. I can also cross reference their followers with a list of employees to see who may be active on social media. Facebook I can see everyone who Lowes is following. I can use this information to see what companies or people they may partner with. The account information tells me there are multiple people who control the account. These people are located in the United States, India, and one other country I was unable to see. Twitter I can see everyone who Lowes is following and who follows them. I can use this information to see what companies or people they may partner with. I can also cross reference their followers with a list of employees to see who may be active on social media. LinkedIn I am able to search for people who work at Lowes. I find a large amount of people in different positions. Including their Senior Vice President. I am able to use the information on many Lowes Associates LinkedIn accounts to find their Facebook accounts. These can have a wide range of security depending on the individual’s awareness and knowledge on social engineering tactics. A hacker could use this information to try to target someone directly, by sending them Facebook messages or emails with embedded malware. Google I searched for lowes CEO and found Marvin Ellison. I was able to find his LinkedIn which led me to a variety of information and posts including one angry post about loss prevention, and the numbers being inaccurate. The person was Bradley Cook and claimed to be a stakeholder. There was also a link at the bottom of his post that I didn’t click on. Bradley Cook After looking at his LinkedIn profile, he doesn’t have much on there and doesn’t have a picture. I searched his name with lowes stake holder and I found another LinkedIn profile saying he was a Lowes Assembler. Stockholders Their top stockholders are Vanguard, BlackRock, S SgA Funds Management, JPMorgan, and Fidelity Management. lowesb2c.b2clogin.com The login portal for Lowes service providers is open access Suppliers Illinois Tool Works, Stanley Black & Decker, and Deere & Company are Lowes’ largest suppliers Google Cloud According to a 2022 Google Could Blog, All of Lowes.com is run through Google cloud, and almost completely on Carbon Platform. This allowed Lowes for better load balancing and led to a successful online Black Friday, but having information so readily available does allows someone to try to target their cloud servers directly. On-Premises software Lowes uses Oracle Fusion Cloud ERP and EPM as their on Premises system since 2022. Vendorgateway.lowes.com The login portal for Lowes vendors is open access Lowes.suppliesgateway.co m The login portal for Lowes suppliers is open access

OSINT on Lowes Vendors A.O. Smith, Blackstone and Mansfield plumbing were lowes 2022 vendor partner of the year Social Media is a great way to find vulnerabilities or specific targets within an organization. We learned in the Fundamentals of Information Security class that common targets of Social Engineering are higher ups with large amounts of access. Other common targets are people who have some privilege or access, but little security knowledge, and the hacker is able to raise their privilege once inside. Cloud storage, Vendors, and Suppliers are huge vulnerabilities. While a company can control what they produce in their own code and firewalls, they can’t control what their suppliers do. We know from past attacks like the 2013 Target attack that vendors and suppliers with logins can be a huge vulnerability as you can’t be certain they have received proper security training. The 2021 Microsoft Exchange Server attack showed us that using cloud storage can have huge risk, as once a vulnerability is found it can be used against hundreds or even thousands of companies and can take months to completely patch. The Department of Defense had to step in to completely patch the Microsoft Exchange Servers.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version