MN604- Research in Information Security Management

Assignment Description

Computer Network attacks have resulted in the loss of sensitive data and significant network downtime. When a network or the resources within it are inaccessible, worker productivity can suffer, and business income may be lost. Attackers have developed many tools over the years to attack and compromise the networks of organizations. These attacks take many forms, but in most cases, they seek to obtain sensitive information, destroy resources, or deny legitimate users access to resources.

To understand how to defend a network against attacks, an administrator must first identify network vulnerabilities. Specialized security audit software developed by equipment and software manufacturers can be used to help identify potential weaknesses. In addition, the same tools used by attackers can be used to test the ability of a network to mitigate an attack. After the vulnerabilities are known, steps can be taken to help mitigate the network attacks.

This Assignment gives a planned research project that is separated into three parts: Researching Network Attacks, computer Security y Tools, current attack and case study.

In Part 1, you research various network attacks that have actually occurred. You select one of these and describe how the attack was perpetrated and how extensive the network outage or damage was. You also investigate how the attack could have been mitigated or what mitigation techniques might have been implemented to prevent future attacks. In part 2, you research about the WannaCry ransomware and answer the questions that are related with part. In part 3, you need to write a technical report about the given case study, which is about social engineer attack.

Part 1- Researching Network Attacks (13 Marks)

In Part 1 of this Assignment, you research various computer system attacks that have recently occurred and select one on which to report. Fill in the form below based on your findings.

Q1) List one of the computer attacks you identified in your search? The below table can be used.

Name of attack:
Type of attack:
Dates of attacks:
Computers / Organizations affected:
How it works and what it did:
Mitigation options:
References:

Part 2- Researching about WannaCry Ransomware Attack (24 Marks)

WannaCry ransomware attack is malicious software designed to block access to a computer system until a sum of money is paid. This attack started on Friday, 12 May 2017, infecting more than 230,000 computers in 150 countries. Research about this attack is required while answering to the below questions. At least three different resources should be used.

Q1) How it works and what it did? (3 Marks)

Q2) How this attack is propagated? (3 Marks)

Q3) Discuss the impact of this attack on the operation of an organization? What are some key steps organizations can take to help protect their networks and resources? (3 Marks)

Q4) Give an example of a duty of the Incident response planning, Disaster recovery planning and Business continuity planning when having an unexpected event like this attack. (3 Marks)

Q5) What steps can you take to protect your own PC or laptop computer from this attack and other attacks? (4 Marks)

Q6) Briefly describe the lessons learned from this malware incident. (4 Marks)

Q7) If any Australian organization or Australian businesses is infected with attack, who is the main point of contact for this cyber security issues affecting? (4 Marks)

Part 3- Case Study (1): Victim of Social Engineering (13 Marks)

Throughout the process, the auditor found countless examples of lax information security throughout the organization. There was a lack of a coordinated security policy, and the policies in place were not being followed. While reviewing the notes, the auditor noticed that a contractor requested the TMS server address over the phone. Further follow up revealed that a system administrator gave out the server address to a contractor because the contractors were in the middle of upgrading servers. The administrator also mentioned that the contractor requested the password, but the administrator didn’t feel comfortable sharing the password on the phone and asked the contractor to stop by the office – but the contractor was a no show. From the description of the events, the auditor felt it was a social engineering attempt. Social engineering is when a hacker attempts to gain access to sensitive information by tricking a person into giving it to them. The immediate recommendation of the auditor was to focus on the contractor’s activity in the organization.

Over the next few weeks the story unfolded and all the pieces of the puzzle were put together. It was eventually proven that the contractor stole the information. The contractor was hired to oversee the upgrade of servers on the storage network. While doing this, she learned about the transaction management system. She knew PII could be sold on the black market and thought the lax security at TKU would enable her to get away with stealing data without any repercussions. Her only obstacle was access. Since she only had access to the storage network, she needed a way to get access to the transaction management server. That’s when she called the system administrator and got the IP address and tried to get his login credentials. Once she got the IP address, she was able to utilize the free tools available on the Internet to scan the system and get the username and password with administrative access. It took her only a matter of minutes to get this information.

The password was only three characters long and didn’t use any numbers or special characters. With her new administrative permissions, she was able to export the PII.

Write a Memo that discusses the serious of the situation and highlight key breaches, including ITSec recommendations.