Answered

Question 3
Cyber Security Case Study
THE CASE SCENARIO
The victim: A bank with 400 networked windows 100 in a central office, with another 300 in a branch offices. Upon arrival of the incident response team, we identify that the client had no security security protection in place. The network administrators had no clue has to what is going on in the network, no security tool and the perimeter had no IPS/IDS system in place.
All the organization’s user systems are Windows 7 and Windows 10. Employees are using using Windows mail systems which operates on Office 365 and MS Outlook. Cyber Security team identified that the infection started with a phishing email.
THE MALWARE
The malware was identified has ETEY, specifically a newer variant that resisted efforts by utility programs such as Norton Anti-Virus to remove it. The bank admin also checked the registry settings as described by Malwarebytes, hoping to isolate the exact nature of the threat, but had no luck. ETEY has a nasty habit of deleting key files in its wake in order to confound attempts to stop it.
The bank decided to restart the server and see how things went. While the server was down, though, the firm had to write down new transactions on little slips of paper. It was chaos.
Each infected folder contained files: # DecryptReadMefile.txt. It encrypted any file on the target extension list, giving it a random filename with the .ETEY extension.
The malware infected all PCs at the central office and all the systems at branch offices. The damage to these infected machine was not serious since they could be reimaged. The 10 servers hosting critical banking information and databases was a big issue, since the bank admin found out the backups has been failing: the log files (.log) were all encrypted, config files, as well as group setting files.
THE DEMAND
The # DecryptReadMe file contained a message asking for 150 Bitcoins (about $1,734,000) to restore back the organization systems and data, including details on how to make payment. The bank's management decided that they have no other avenue but to pay the amount.
CyberSecurity experts first tried to recover files from the physical servers but had no luck, due most of the flies where corrupted. The team proceed with negotiation, and was able to bring down the negotiated amount to 300 bitcoins.
DISCUSS:
a) Identify the cause of the security issue above.
b) What are some advice you could offer to the firm that could have taken to prevent this incident?
c) Explain how is your business expose to this kind of attack.
d) Discuss ways on how are you going to reduce the risk.



Answer :

Other Questions