Threat Analysis and Exploitation|My essay solution

Posted: March 3rd, 2023

Running Head: Security Assessment Report (SAR) 1
   

 

Security Assessment Report (SAR) 2

 

 

 

threat analysis and exploitation

 

Jeremy McGary

Charlotte Olaniyi

Marcelina Swan

Tyler Twaddell

 

SECURITY ASSESSMENT REPORT (SAR)

Company name: CST 610 Team 1 Industry Sector: Financial Institution Period of Assessment: 1 February – 14 March 2023

Project 3

CST 610: Cyberspace and Cybersecurity Foundations

MARCH 14, 2023

University of Maryland Global Campus (UMGC) Professor Dr. Steven Richman

 

 

Table of Contents 1.0 BACKGROUND 4 1.1 Purpose 4 2.0 FINANCIAL SECTOR – JEREMY MCGARY 5 2.1 The Financial Services Threat 5 2.2 Financial Services Critical Infrastructure (CI) 5 2.3 Scope Covered In Security Assessment Report 5 3.0 FINANCIAL SECTOR ASSESSING SUSPCIOUS ACTIVITY IN THE CRITICAL INFRASTRUCTURE – ALL TEAM 1 MEMBERS 5 4.0 LAW ENFORCEMENT – MARCELINA SWAN 6 5.0 THE INTELLIGENCE COMMUNITY – CHARLOTTE OLANIYI 6 5.1 Threat Actor Definition and Rationale 6 5.2 Tools, Techniques and Procedures 6 6.0 THE INTELLIGENCE COMMUNITY CYBERTHREAT LIFECYCLE – ALL TEAM 1 MEMBERS 6 7.0 EXPLOITATION METHODS (HOMELAND SECURITY) – TYLER TWADDELL 6 7.1 Example Threats and Exploits 6 7.2 Example Vulnerabilities 6 7.3 Countermeasures 6 8.0 HOMELAND SECURITY RISK AND IMPACT – ALL TEAM 1 MEMBERS 7 9.0 RECOMMENDATIONS – ALL TEAM 1 MEMBERS 7 10.0 SUMMARY OF REFERENCES – ALL TEAM 1 MEMBERS 8

 

Table of Figures and Tables

 

No table of figures entries found.

 

 

 

 

1.0 BACKGROUND

According to our Project 3 assignment, Distributed Denial of Service attacks (DDoS), web defacements, sensitive data exfiltration and other attack vectors typical of nation state actor(s) on the U.S. financial network. The Team 1 collaborative efforts have found:

· The financial services sector discovered the network breach and the cyber-attacks.

· The law enforcement sector provided additional evidence of network attacks found using network defense tools.

· The intelligence agency identified the nation state actor from numerous public and government provided threat intelligence reports.

· The Department of Homeland Security provided the risk, response, and recovery actions taken as a result of this cyber threat.

Purpose

Our goal according to our Project 3 assignment is to provide education and security awareness to the financial services sector about the threats, vulnerabilities, risks, and risk mitigation and remediation procedures to be implemented to maintain a robust security posture, and take the lessons learned from this cyber incident and share that knowledge with the rest of the cyber threat analysis community using:

· Data and resources brought by each Team 1 representative.

· Test results from any prior lab testing done which is relevant to the financial institution. For example, leveraging network security skills by using past port scans, network scanning tools, and analyzing Wireshark files to assess any suspicious network activity and network vulnerabilities.

 

2.0 FINANCIAL SECTOR – JEREMY MCGARY

[Select and describe a specific, real, recent attack/network breach, “The Threat,” on a target financial institution or part of the financial services Critical Infrastructure (CI). The attack(s) could include distributed denial-of-service (DDOS) attacks, web defacements, sensitive data exfiltration, and/or other attack vectors typical of a nation-state actor per the given scenario in “Start.” This is your starting point and reason driving the Security Assessment Report (SAR) and is the specific focus of the After Action Report (AAR).]

 

The Financial Services Threat

· Describe the specific threat and impact on the specific financial institution or part of the financial services CI.

· Then describe the impact that the threat would generally have on the financial services sector.

· Provide relevant submissions from the Information Sharing Analysis Council related to the financial sector.

Financial Services Critical Infrastructure (CI)

· General Description of Financial Services Critical Infrastructure (CI) (include diagrams). Where or how does the target financial institution or part of the financial services CI fit into this?

· The importance and impact of Industrial Control Systems on the financial services CI.

· Other CIs which may be affected by attacks on the financial services CI (include diagrams)

Scope Covered In Security Assessment Report

· Include Why?

 

3.0 FINANCIAL SECTOR ASSESSING SUSPCIOUS ACTIVITY IN THE CRITICAL INFRASTRUCTURE – ALL TEAM 1 MEMBERS

· What are critical information systems in the U.S. CI? Which are predominant in the financial sector?

· What cyberthreats and vulnerabilities are facing the U.S. critical infrastructure? Which are particularly significant in the financial sector?

· What port scanning, network scanning and traffic analyzation tools and data are available to assess any suspicious network activity and network vulnerabilities? How would they be used? (Use your lab experiences and lab data from your 600 and 610 courses to identify the tools and methods here and actual data throughout the report.)

4.0 LAW ENFORCEMENT – MARCELINA SWAN

· Describe the impact that the specific threat and other threats could have on the law enforcement sector.

· How did this specific attack affect the law enforcement sector?

· How might these be mitigated or prevented?

 

5.0 THE INTELLIGENCE COMMUNITY – CHARLOTTE OLANIYI

[Provide an overview of the life cycle of a cyberthreat. Explain the different threat vectors that cyber actors use and provide a possible list of nation-state actors that have targeted the U.S. financial services industry before.]

 

Threat Actor Definition and Rationale

· What is a threat actor?

· What are the reasons why threat actors would attack the U.S. and its financial services CI? Provide real current examples which support these reasons.

· Provide a possible list of nation-state actors that have targeted the U.S. financial services industry before. What has each done that supports the reasons given?

· What nation-state or other threat actors were involved in the incident?

· What were their reasons for attacking the U.S. and its financial services institution or CI in the incident?

Tools, Techniques and Procedures

Procedures (What is used by threats to attack? Real current examples would be excellent to include.) [Provide intelligence on the nation-state actor and the actor’s cyber tools, techniques, and procedures, using available threat reporting such as from FireEye, Mandiant, and other companies and government entities that provide intelligence reports.]

 

· Explain the different threat vectors that cyber actors use. What was used in your specific event?

· Explain cyber tools, techniques, and procedures used by nation state actors on the critical infrastructure. What was used in your specific event?

· List example social engineering attacks used by threats against U.S. (Real current examples would be excellent to include.) What was used in your specific event?

 

6.0 THE INTELLIGENCE COMMUNITY CYBERTHREAT LIFECYCLE – ALL TEAM 1 MEMBERS

· Provide an overview of the life cycle of a cyberthreat.

· Identify the stage of the cyberthreat life cycle where you would observe different threat behaviors. (The SAR includes ways to defend and protect against the threat. The AAR looks at and evaluates what was done for your specific incident.)

· Propose an analytical method in which you can detect the threat, identify the threat, and perform threat response and recovery. (The AAR looks at and evaluates what was done for your specific incident.)

· What specific threat behaviors were observed in each part of the life cycle in your incident?

· What was in place or missing to defend and protect against the threat in each part?

· What methods were used to detect the threat, identify the threat, and perform threat response and recovery in each part? How successful were they? What was deficient?

 

7.0 EXPLOITATION METHODS (HOMELAND SECURITY) – TYLER TWADDELL

[Use the US-CERT and similar resources to discuss the vulnerabilities and exploits that might have been used by the attackers in your incident.] Provide a definition and an overview of exploitation.

 

Example Threats and Exploits

· List and summarize real current threats and exploits to web applications. What may have been used in your specific event?

· Discuss how you would apply these findings to the financial sector. (Your AAR should report whether and how well any were applied to your specific event.)

Example Vulnerabilities

· List and summarize vulnerabilities of web financial services applications. Which may have been present in your specific event?

· Discuss how you would apply these findings. (Your AAR should report whether and how well any were applied to your specific event.)

Countermeasures

(Identify remediation approaches for the threats and vulnerabilities. Remember that there are multiple methods of addressing any one threat or vulnerability. You can point these out now. By the time you get to your recommendations you should select which method and justify why.)

 

· What responses and risk mitigation steps should be taken if an entity suffers the same types of attacks as in your incident? Which were taken in your specific event? (The AAR would have and assess the responses and risk mitigation steps taken in your event.)

· What security tools might be used in each of these measures? What was used in your specific event? (The AAR would have and assess the tools used in your event.)

 

 

8.0 HOMELAND SECURITY RISK AND IMPACT – ALL TEAM 1 MEMBERS

(Identify risks created by threats exploiting vulnerabilities. Real current examples, including in your incident, would be excellent to include.)

 

· Provide the risks and impacts to an entity suffering the same types of attacks as in your incident.

· Provide a risk-threat matrix and a current state snapshot of the risk profile of the financial services sector. Include current threats, current vulnerabilities, current risks and potential impact. (Your AAR would have a risk-threat matrix and the security posture snapshot for the incident in which the financial institution or part of the financial services CI was attacked.)

 

9.0 RECOMMENDATIONS – ALL TEAM 1 MEMBERS

[What are your recommendations to the White House Cyber National security staff regarding the Financial Services Sector current situation and potential mitigation and prevention measures and tools which address the threats and vulnerabilities? Use of a table with discussion of key aspects is effective. You’ll reserve specific recommendations to the Financial Services Sector, for your specific event, for inclusion in the AAR.]

 

10.0 SUMMARY OF REFERENCES – ALL TEAM 1 MEMBERS

 

????? University of Maryland Global Campus (UMGC) (n.d.). Distributed Computing: In Depth. Retrieved from https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-resource-list/distributed-computing–in-depth.html

????? University of Maryland Global Campus (UMGC) (n.d.). Operating System Fundamentals. Retrieved from https://leocontent.umgc.edu/content/scor/uncurated/cst/2215-cst610/learning-topic-list/operating-system-fundamentals.html

Project 3 – After Action Report (AAR)

CST 610: Cyberspace and Cybersecurity Foundations

[Your Name]

[date]

Professor Steven H Richman – Section 9044

University of Maryland University College

 

 

 

 

 

 

 

AFTER ACTION REPORT (AAR)

Financial Sector

[Period of Assessment]

[Report Date]

[Note: The purpose of an After Action Report (AAR) is to analyze the management or response (i.e., security controls) to an incident, training exercise or event by identifying strengths to be retained and possibly enhanced, as well as identifying potential areas of response that may have been lacking. Parts of the AAR will normally contain material found in the Security Assessment Report (SAR). Both cover the incident. The SAR is directed to the White House Cyber National security staff and is a broader assessment of security in the financial sector and the critical infrastructure, the need for which may have been brought on by a specific incident. The AAR is directed to the Financial Services sector with a focus on what worked well and needs improvement, if another such specific incident were to occur. Feel free to use your SAR and AARP material interchangeably, as is or modified.]

 

1. BACKGROUND

1.1 The Financial Services Threat – Jeremy McGary

[Select and describe a specific, real, recent attack/network breach, “The Threat,” on a target financial institution or part of the financial services Critical Infrastructure (CI). The attack(s) could include distributed denial-of-service (DDOS) attacks, web defacements, sensitive data exfiltration, and/or other attack vectors typical of a nation-state actor per the given scenario in “Start.” This is your starting point and reason driving the Security Assessment Report (SAR) and is the specific focus of the After Action Report (AAR).]

1. Describe the specific threat and impact on the specific financial institution or part of the financial services CI.

2. Then describe the impact that the threat would generally have on the financial services sector.

3. Provide relevant submissions from the Information Sharing Analysis Council related to the financial sector.

1.2 Financial Services Critical Infrastructure (Step 3)

1. General Description of Financial Services Critical Infrastructure (CI) (include diagrams). Where or how does the target financial institution or part of the financial services CI fit into this?

2. The importance and impact of Industrial Control Systems on the financial services CI.

3. Other CIs which may be affected by attacks on the financial services CI (include diagrams).

1.3 Scope Covered in the After Action Report (include why)

 

2. ASSESSING SUSPICIOUS ACTIVITY IN THE SPECIFIC EVENT(S) (Step 2) – All Team Members

1. What were the critical information systems in the specific financial institution or part of the financial services Critical Infrastructure (CI) in your incident/event(s)?

2. What cyberthreats and vulnerabilities were involved?

3. What port scanning, network scanning and traffic analyzation tools and data were used to assess the suspicious network activity and network vulnerabilities? How were they used? (Use your lab experiences and lab data from your 600 and 610 courses to identify the tools and methods here and actual data throughout the report.)

 

3. LAW ENFORCEMENT (Step 4) – Marcy Swan

1. Describe the impact, if any, that the specific event(s) had on the law enforcement sector.

2. How might this be mitigated or prevented?

 

4. THE INTELLIGENCE COMMUNITY (Step 5) – Charlotte Olaniyi

[Identify the nation-state actors involved in the specific event(s) and explain the different threat vectors they used.]

4.1 Threat Actor Identification and Rationale

1. What nation-state or other threat actors were involved in the incident?

2. What were their reasons for attacking the U.S. and its financial services institution or CI in the incident?

4.2 Cyberthreat Lifecycle – All Team Members

1. Provide an overview of the life cycle of the specific cyberthreats in your incident.

2. What specific threat behaviors were observed in each part?

3. What was in place or missing to defend and protect against the threat in each part?

4. What methods were used to detect the threat, identify the threat, and perform threat response and recovery in each part? How successful were they? What was deficient?

4.3 Tools, Techniques and Procedures Used by the Threat Actors

1. What threat vectors did the cyber actors use in your specific event(s)?

2. What cyber tools, techniques, and procedures did the nation state actors use in your specific event?

3. What social engineering attacks may have been used in your specific event(s)?

4.4 Threat Actors Lessons Learned

1. What was learned from successful attacks by the threat actors in your specific event(s)?

2. What was learned from attacks by the threat actors that were successfully stopped in your specific event(s)

4.5 Recommendations

[Remember that there may be multiple methods of addressing any one threat actor or in different parts of the lifecycle. You should point these out select which method you recommend and justify why.]

5. EXPLOITATION METHODS (HOMELAND SECURITY) (Step 6) – Tyler Twaddell

[Use the US-CERT and similar resources to discuss the vulnerabilities and exploits that might have been used by the attackers in your incident.]

5.1 Threats and Exploits in the Incident

1. What threats and exploits to web applications were used in your specific event(s)?

2. How successful were the potential exploits in your specific event?

5.2 Vulnerabilities in the Incident

1. What web financial services application vulnerabilities were present in your specific event?

2. How well were other potential web financial services application vulnerabilities addressed to secure the financial institution or financial services CI in your specific event?

5.3 Risks and Impact – All Team Members

(Identify risks created by threats exploiting vulnerabilities in your incident.)

1. Provide the risks and impacts to the financial institution or financial services CI in your specific event?

2. Provide a risk-threat matrix and the security posture snapshot for the incident in which the financial institution or part of the financial services CI was attacked.)

5.4 Countermeasures Taken in the Incident

1. What responses and risk mitigation steps were taken in your specific event? Include your assessment of those responses and risk mitigation steps? What was missing and what should be changed for the future?

2. What security tools were used in your specific event? What was missing and what should be changed for the future?

5.5 Exploitation Methods Lessons Learned

1. What was learned from successful exploitation of the financial institution or part of the financial services CI in your specific event(s)?

5.6 Recommendations

[Remember that there may be multiple methods of addressing any one exploit. You should point these out, select which method(s) you recommend and justify why.]

6. Summary of Recommendations All Team Members

[What are your specific recommendations to the Financial Sector regarding the specific event(s), mitigation and prevention measures, and tools which should be used to address the future threats and vulnerabilities as in the incident? Base these on risk and impact, as well as the resources and time required to implement. Use of a table with discussion of key aspects can be effective.]

 

7. SUMMARY OF REFERENCES – All Team Members

[Provide your summary list of references using proper APA format. (Remember: You must also use in-line citations with proper APA format throughout the report.)]

Page 5 of 6

 

SOLUTION

The purpose of this Security Assessment Report (SAR) is to provide an overview of the security status of the financial institution CST 610 Team 1, specifically its critical infrastructure. This report covers the period of 1 February to 14 March 2023 and provides an assessment of potential threats, vulnerabilities, and risks faced by the organization. The financial services industry is a high-value target for threat actors due to the sensitive information it holds and the potential for financial gain. Threats to the industry include cybercriminals, hacktivists, insiders, and nation-state actors. These threat actors may use a range of tools and techniques, including malware, social engineering, and advanced persistent threats, to gain access to financial institutions’ critical infrastructure.

Expert paper writers are just a few clicks away

Place an order in 3 easy steps. Takes less than 5 mins.

Calculate the price of your order

You will get a personal manager and a discount.
We'll send you the first draft for approval by at
Total price:
$0.00