Your nation’s technical staff expects you to report on all summit events once you return to your nation’s capital. The CISO has requested that each analyst work independently to create an Intelligence Debriefing for technical staff. This debriefing is a comprehensive report and is comprised of your BCP, SITREP 1, SITREP 2, and SITREP 3.
Each team member should develop his or her own briefing and submit independently. You may, however, use your team’s discussion area to share your findings with your peers.
Step 11: Develop the Intelligence Debriefing
our nation’s technical staff expects you to report on all summit events once you return to your nation’s capital. The CISO has requested that each analyst work independently to create an Intelligence Debriefing for technical staff. This debriefing is a comprehensive report and is comprised of your BCP, SITREP 1, SITREP 2, and SITREP 3.
Each team member should develop his or her own briefing and submit independently. You may, however, use your team’s discussion area to share your findings with your peers.
Refer to the CISO Deliverable Overview for a full list of requirements for the debriefing.
When you have completed your Intelligence Debriefing, submit it for feedback. The next step will be one of reflection, in which you will create a presentation on what you and your team members have learned from the ransomware attack and the mitigation and recovery activities that followed.
2. Intelligence Debriefing
Using the Business Continuity Plan and Situation Reports you created throughout the project, you will create an Intelligence Debriefing and a Lessons Learned Video Presentation to share with your CISO.
This report will be from all information from all events that occurred during the summit. In the report, it will detail all technical information that was derived and any linkage to impacted systems identified in the BCP, possible methods of intrusion, and if events can be linked to one another. Write eight to 10 pages describing the events throughout the summit and all indicators shared by fellow nations. Determine what the malware types were and how they can be discovered in the future, and how they can be mitigated whether by detection systems or simply by having end users take awareness training.
Items below are required in the report for technical staff.
· current system standings
· modifications that can be made to stop this style of threat until a patch is created
· reputation and brand damage
· lost productivity due to downtime or system performance
· system availability problems
· determining root causes
· technical support to restore systems
· compliance and regulatory failure costs
2
Team United Kingdom: Michael Arizieh, Julian Chandler, Justin Basagic, Ayman Gismalla Mohammed,
Oluwasegun “Saji” Ijiyemi
University of Maryland Global Campus
CMP 670 9047 Capstone in Cybersecurity (2231)
Prof. Thaddeus Janicki
Mar 9, 2023
Table of contents
Table of contents……………………………………………………………………………………………………………………2
Introduction…………………………………………………………………………………………………………………………..3
Security Incident Report – SITREP #3………………………………………………………………………………………4
Summary..……………………………………………………………………………………………………………………………..5
Introduction
Malware known as ransomware keeps users from being able to utilize their machines (or recover information). After the attacker acquires illegal access by introducing malware into the victim’s system, ransomware attacks are typically used to encrypt or destroy crucial data. In most cases, even if the ransom is turned over, the files are rarely unlocked, and access returned. To mitigate this situation, the most important files and data should always be kept in a current offline backup because of these reasons.
Security Incident Report – SITREP #3
Our UK team will discuss the early findings and lay out the steps our organization plans to take considering the mentioned indications in this study. In order to communicate incident data and obtain this report, the Five Eyes (FVEY) Alliance institutions can access US-CERT databases for more intricate details. Also, our UK team will describe any indicators, such as file system alterations, the timing of the occurrence, services, IP addresses, and other actions, that could be used by affected parties to search within their networks for the ransomware.
|
Security Incident Report / SITREP #2017-Month-Report# |
||||
|
Incident Detector’s Information |
||||
|
Date/Time of Report |
3/10/2023/Time:0100 UTC |
|||
|
First Name |
Team |
|||
|
Last Name |
UK |
|||
|
OPDIV |
United Kingdom |
|||
|
Title/Position |
Cyber Analyst |
|||
|
Work Email Address |
[email protected] |
|||
|
Contact Phone Numbers |
Work 425-434-7986 |
Government Pager |
Other |
|
|
Reported Incident Information |
||||
|
Initial Report Filed With (Name, Organization) |
Global Economic Summit CISO |
|||
|
Start Date/Time |
3/9/2023 1200 UTC |
|||
|
Incident Location |
Global Economic Summit United Kingdom |
|||
|
Incident Point of Contact (if different than above) |
N/A |
|||
|
Priority |
Level 1 |
|||
|
Possible Violation of ISO/IEC 27002:2013 |
Control A.12.2.1 (Controls against Malware) YES- Improper security awareness & system controls, as well as a Failure to Implement a Security Policy |
|||
|
Privacy Information – ISO 27000 (Country Privacy Act Law) |
Was the incident a violation of ISO 27000? No Did the target suffer an adverse effect? / As a result, was the OPDIV the direct or proximate cause of the adverse effect? – No Was the violation intentional or willful? – Willful / Was the personally identifiable information used maliciously? -No |
|||
|
Incident Type |
Dos Attack resulted in lockdown of the system until ransom was paid (Reveton Attack) |
|||
|
US-CERT Category |
Category 2- DoS attack Category 3 Ransomware |
|||
|
CERT Submission Number, where it exists |
Identify and document CERT that represented nation would report to, where it exists; otherwise relevant organization (ncsc.gov.uk/report-an-incident (monitored 24 hours) or, for urgent assistance, call 03000 200 973) |
|||
|
Description |
– Identity of attacker/group responsible for the attack remains unknown. – A USB devices were found in the server rack with multiple partitions that wasn’t issued by the organization. – A list of URL’s has been provided from the compromised account that is in question – A single machine was used by multiple people in an open setting with a password list attached |
|||
|
Additional Support Action Requested |
||||
|
Method Detected |
Wireshark, IPS, Log Review, Summit computers |
|||
|
Number of Hosts Affected |
Numerous |
|||
|
OPDIV / Department Impact |
N/A |
|||
|
Information Sharing |
Entities within the Five Eyes (FVEY) Alliance US-CERT can share incident data. |
|||
|
System |
Human Resources Server and other possible nodes |
|||
|
Status |
Ongoing |
|||
|
Attacking Computer(s) Information |
||||
|
IP Address / Range |
Host Name |
Operating System |
Ports Targeted |
System Purpose |
|
192.168.10.112 |
NIXRCC01 |
CENTOS |
49810 |
Attacking Platform |
|
Victim’s Computer(s) Information |
||||
|
IP Address / Range |
Host Name |
Operating System |
Ports Targeted |
System Purpose |
|
192.168.10.211 |
Internal.nationstate.cyb670/r/n |
Windows 10 |
80 |
HR Computer |
|
Action Plan |
||||
|
Action Description |
Per CISO’s directions, continue to monitor for possible data exfiltration; SLA is in place and approved for network monitoring. |
|||
|
Requestor |
Summit CISO |
|||
|
Assignee |
Team United Kingdom |
|||
|
Time Frame |
Immediately |
|||
|
Status |
Urgent |
|||
|
Conclusion / Summary |
||||
|
Entities Notified |
All FVEY Summit Members |
|||
|
Resolution |
Identify the insider threat, multiple actors; Assist officials with the investigation with expert analysis related to this event. (see the questions answered below) |
Summary Questions:
· What actually happened? What do you know as fact?
An employee’s laptop was left in public areas unattended, with the passwords taped to the computer and only visible when it was opened.
· What was said in the letter of resignation? Can this document be trusted as representing the true intentions of Ms. Grascholtz? Why or why not?
No. Even though the letter was password secured, there is no way to prove Ms. Grascholtz typed it. The resignation letter seemed dubious, while there isn’t a set pattern or flow for this kind of paper.
From worries about a terrible sickness to complaining to management about being extorted and experiencing her family threatened with “germ warfare packages,” the letter cuts back and forth quickly. The information in the letter is not specific nor accurate according to online searches. The order and convenience of the list of URLs visited for the acts conducted during the ransomware attack seem appropriate.
· Several staff have commented that the USB devices found in Ms. Grascholtz’s work area are of the same type and brand as the USB found inside the server cabinet. Is this significant? Why or why not?
Actually, it is impossible to determine the USB device’s genuine source. It does, however, cast a doubtful shadow over everyone who has access to the server cabinet. With the precise knowledge of the tool a business utilizes, this may be an inside job.
· What is the significance of the list of passwords found taped to the laptop?
The fact that the list was visible indicates that several people have the authorization needed to use the device and access the network. The account was formed in accordance with the rules, as stated in the report, but without higher rights. This strengthens the idea that someone with admin rights created the account because no supporting evidence was provided.
· What is the significance of a multipartition USB storage device?
This can indicate the purpose for which the USB was intended to be used. Although it is not unusual, the multipartition was designed to conceal information due to the nature and seriousness of the circumstance.
· What conclusions can be drawn from your analysis of the browsing history?
It was a feeble effort to leave a digital trail. This trail was intended to be misleading, but failed in its attempt.
· Is there sufficient evidence to show a link between the Reveton malware and Ms. Grascholtz?
While there may be a fair amount of circumstantial evidence to suggest that Ms. Grascholtz was involved, there is no way to determine, definitively that she had a hand in the attack(s).
· Is there evidence supporting the supposition that an insider other than Ms. Grascholtz may have been responsible for the Reveton malware’s entry onto the organization’s networks?
Yes, but determining that individual would require other methods of investigation and reporting.
· What other conclusions can be drawn from the information you have at hand?
It is reasonable to conclude that this attack was a planned, multi-faceted, and multi-actor inside job.
· What are the next steps that the CISO and staff should take to further this investigation into the Reveton malware?
I advise utilizing CCTV footage to compare network activity time stamps with employee movements within the facility. There is only one device under consideration (at this moment), and it was used to determine who was around, particularly those who had no need to be there.
,
2
Team United Kingdom: Michael Arizieh, Julian Chandler, Justin Basagic, Ayman Gismalla Mohammed,
Oluwasegun “Saji” Ijiyemi
University of Maryland Global Campus
CMP 670 9047 Capstone in Cybersecurity (2231)
Prof. Thaddeus Janicki
Mar 9, 2023
Table of contents
Table of contents……………………………………………………………………………………………………………………2
<p
Sortmyessay.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we\’ll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Why Hire Sortmyessay.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
SortMyEssay.com is an online academic writing platform that provides customers with high-quality papers, regardless of their academic level or the country they come from. Founded in 2012, SortMyEssay.com has quickly become one of the leading providers of quality academic writing services across the globe. It is well known for its exceptional customer service and its dedication to providing only top-notch content to its customers.
At SortMyEssay.com, we understand that not all students are on the same academic level – some may be just starting out, while others may have already completed a number of degrees in various disciplines – so our team strives to provide essays that meet each student’s individual needs. Our writers have been specially trained to write according to different levels of students and also customize each essay according to the client’s specific requirements and instructions given by their professor/teacher/lecturer etc., thus ensuring accuracy and quality at all times.
When it comes to undergraduate (UG) essays, our writers focus on topics such as Accounting, Biology, Computer Science, Economics, English Literature and Language Arts among many others; Masters’ (MA) essays usually require profound knowledge about a particular subject matter or topic with respect to which our experts are well versed; Doctoral (PhD) essays call for original research work based on primary sources; Postgraduate (PG certificate/diploma) essays are more focused on extensive secondary source review focusing on areas such as Business Administration or Human Resource Management; And finally Professional Certification courses requires up-to-date knowledge about current developments & trends within a particular field like Project Management or Quality Assurance etc.. Such broad range allows us to accommodate almost any request made by our esteemed customers who can rest assured knowing their essay will be written perfectly tailored towards their current educational goals & aspirations!
Our commitment towards excellence doesn’t stop at just meeting your individual needs but extends even further when it comes countries served – SortMyEssay covers nearly every country around the world including USA , UK , Canada , Australia , Germany , France among other countries making sure there’s nothing stopping you from achieving success! Our staff consists of professional writers committed towards delivering top notch content while keeping prices affordable enough so everyone can benefit from them no matter what part of world they live in !
Furthermore we ensure strict adherence towards deadlines set forth by clients so you don’t miss any important milestones along your way . We believe time is valuable & should not be wasted trying to figure out how produce high quality paper without breaking bank – which is exactly why we turn impossible into possible & always deliver ahead schedule !
All in all we strive hard everyday make sure none our clients ever disappointed with services provided here at sortmyessay . With expert assistance available round clock guarantees fast turnaround time helping them secure good grades . As one biggest players industry today you can rely us full confidence knowing your assignment safe hands . So go ahead contact now get started journey success !
At SortMyEssay.com, we understand that quality is the key to successful academic writing and this is why all of our papers are written by experienced professionals who have extensive knowledge in their respective fields. We also ensure that each paper goes through multiple levels of review before being delivered to the customer, which includes a rigorous plagiarism check as well as editing for grammar mistakes & typos. This guarantees that only the best-written papers make it into your hands!
Although essays are our specialty, we do not limit ourselves to just this service – our writers can assist with any type of academic writing you may require such as term papers, research papers, coursework assignments & even dissertations so don’t hesitate contact us if you need help completing more complex tasks!
We take pride in delivering quality services to all clients at an affordable price and believe that everyone deserves access to high-quality content regardless of their location or budget. Our commitment towards excellence has earned us accolades from customers around world making us one best online academic writing platforms available today !
So what are you waiting for ? Get started now and experience the power behind sortmyessay ! You won’t regret it
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
