Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by matejkathomas

TOMAS MATEJKA Security 101 Challenge .docx

advertisement 
Cybersecurity Threat Landscape
Part 1: Crowdstrike 2021 Global Threat Report
For Part 1 of your homework assignment, use the Crowdstrike 2021 Global Threat
Report, along with independent research, to answer the following questions (remember
to make a copy of this document to work on):
1. What was the dominant ransomware family that impacted the healthcare industry
in 2020?
Maze and Egregor
2. Describe three different pandemic-related eCrime Phishing themes.
● Financial assistance and government stimulus packages - Attackers were
trying to get personal information such as credit card numbers, email,
or phone numbers by offering financial assistance or government
stimulus packages.
● Tailored attacks against employees working from home - Attackers were
trying to target people working from home by tailoring attacks to
their roles or companies. A tailored attack is difficult to recognize
because it contains many specific details. Attackers tried to get
sensitive personal or company data.
● Scams offering personal protective equipment (PPE) - During the
pandemic, we experienced a shortage of PPE at some stages. Scammers
offering OOPP tried to get paid and did not send you any equipment,
defective or you could get the order after several months. Attackers
took advantage of fear, lack of information and greed.
3. Which industry was targeted with the highest number of ransomware-associated
data extortion operations?
The highest Industrial and engineering sector, second Manufacturing
4. What is WICKED PANDA? Where do they originate from?
Wicked Panda is a cyber threat formation run by the Chinese government. Its
goal is to spy on other countries to gain advantages for Chinese companies
or to the government itself. Those actions might be financial,
technological, or political, and financial.
5. Which ransomware actor was the first observed using data extortion in a
ransomware campaign?
OUTLAW SPIDER
6. What is an access broker?
Access brokers are entities that are able to get access to the backend of
various organizations such as corporations or government structures. They
resell this gained information to other criminal entities on the black
market.
7. Explain a credential-based attack.
Credential-based attack occurs when attackers steal credentials to access
organizations' inner structures. They can change security controls, and
steal important data.
8. Who is credited for the heavy adoption of data extortion in ransomware
campaigns?
TWISTED SPIDER
9. What is a DLS?
A Dedicated Leak Site (DLS) is a website where criminals are selling,
publishing or retrieving data of companies, which refused to pay the ransom.
10. According to Crowdstrike Falcon OverWatch, what percentage of intrusions came
from eCrime intrusions in 2020?
79%
11. Who was the most reported criminal adversary of 2020?
WIZARD SPIDER
12. Explain how SPRITE SPIDER and CARBON SPIDER impacted virtualization
infrastructures.
Sprite Spider enables SSH to allow persistent access to ESXi devices, and in
some cases changes the root password or the host's SSH keys, after
connecting to vCenter. Carbon Spider accesses vCenter using legitimate
credentials but also logs in over SSH using the Plink tool to drop its
Darkside ransomware.1
13. What role does an Enabler play in an eCrime ecosystem?
Enablers play a crucial part in the eCrime ecosystem. While providing
criminal actors access to structures that have no access to. These actors
run malware as a service operation. They specialize in delivering mechanisms
or they exploit networks. When they gain access they try to sell it to other
criminal entities.
14. What are the three parts of the eCrime ecosystem that CrowdStrike highlighted in
their report?
Service, Distribution, Monetization
1
https://www.itpro.com/security/ransomware/358735/ransomware-operators-exploiting-vmware-esxi-flaws#
:~:text=After%20connecting%20to%20vCenter%2C%20Sprite,to%20drop%20its%20Darkside%20ransom
ware.
15. What is the name of the malicious code used to exploit a vulnerability in the
SolarWinds Orion IT management software?
SUNBURST
Part 2: Akamai Security Year in Review 2020
In this part, you should primarily use the Akamai Security Year in Review 2020 and
Akamai State of the Internet / Security, along with independent research, to answer the
following questions.
1. What was the most vulnerable and targeted element of the gaming industry
between October 2019 and September 2020?
Players
2. From October 2019 to September 2020, in which month did the financial services
industry have the most daily web application attacks?
December 2019
3. What percentage of phishing kits monitored by Akamai were active for only 20
days or less?
%60
4. What is credential stuffing?
This is when attackers try to use the credentials that were exposed during
the past breach. And they will reuse those credentials to try to log in to
another website or application
5. Approximately how many of the gaming industry players have experienced their
accounts being compromised? How many of them are worried about it?
More than accounts being compromised - ⅕ are worried about it
6. What is a three-question quiz phishing attack?
Three-question quiz phishing attack is an attack that forces users to fill
out small quizzes for a chance to win something. These attacks often lead to
personal information being stolen.
7. Explain how Prolexic Routed defends organizations against Distributed Denial of
Service (DDoS) attacks.
Prolexic Routed defends organizations by redistributing the network traffic
through Akamai scrubbing centers. In addition, they allow only the checked
traffic to go through.
8. Which day between October 2019 to September 2020 had the highest Daily
Logins associated with Daily Credential Abuse Attempts?
08/02/2020
9. Which day between October 2019 to September 2020 had the highest gaming
attacks associated with Daily Web Application Attacks?
11/07/2020
10. Which day between October 2019 to September 2020 had the highest media
attacks associated with Daily Web Application Attacks?
20/08/2020
Part 3: Verizon Data Breaches Investigation Report
In this part, use the Verizon Data Breaches Investigation Report plus independent
research to answer the following questions.
______________________________________________________________________
1. What is the difference between an incident and a breach?
An incident is a failure which does not meet internal standards, processes,
and procedures. Or it could be a problem aligning with the law, licenses,
policies, or industry standards.
A Breach is an incident usually provided from outside. Also, breach is done
with a specific legal character and consequence.
2. What percentage of breaches were perpetrated by outside actors? What
percentage were perpetrated by internal actors?
External (87%), Internal (17%)
3. What percentage of breaches were perpetrated by organized crime?
Around 82%
4. What percentage of breaches were financially motivated?
Around 80%
5. Define the following (additional research may be required outside of the report):
Denial of service:Attacks want to ruin the availability of networks and
systems. It means that the networks and systems are not available for
internal traffic and external as well.
Command control:A command control server is a computer-controlled entity
that is willing to send commands by malware. When they receive stolen data
from a target network they try to use it against the provider or monetize
it.
Backdoor:Backdoor is a term in cyber security that means bypassing an
existing security system. It is usually an alternative entrance to the
system created by the original architect. You can use this entrance to get
to the system without the owner's permission.
Keylogger:A keylogger is a type of spyware that monitors and records user
keys and typing. That allows cybercriminal entities to monitor and save
anything that is typed into their victims' keyboards. This includes private
data such as passwords, account numbers, and credit card numbers.
6. What remains one of the most sought-after data types for hackers?
Credentials
7. What was the percentage of breaches that involved phishing?
Around 37%
© 2023 edX Boot Camps LLC. Confidential and Proprietary. All Rights Reserved.
Related documents
TOMAS MATEJKA Security 101 Challenge .docx
TOMAS MATEJKA Security 101 Challenge .docx
Security 101 Challenge
Security 101 Challenge
doms mail
doms mail
SUST POSTER GROUP 6
SUST POSTER GROUP 6
Jeffrey yaw OWUSU RESUME
Jeffrey yaw OWUSU RESUME
BSBWOR301 Task 1
BSBWOR301 Task 1
idme-recovery-code-2020-06-15
idme-recovery-code-2020-06-15
planning a fair test
planning a fair test
101 Challege
101 Challege
6-periodic table
6-periodic table
ASSIGNMENT 1
ASSIGNMENT 1
Download
advertisement