Cybersecurity Threat Landscape Part 1: Crowdstrike 2021 Global Threat Report For Part 1 of your homework assignment, use the Crowdstrike 2021 Global Threat Report, along with independent research, to answer the following questions (remember to make a copy of this document to work on): 1. What was the dominant ransomware family that impacted the healthcare industry in 2020? Maze and Egregor 2. Describe three different pandemic-related eCrime Phishing themes. ● Financial assistance and government stimulus packages - Attackers were trying to get personal information such as credit card numbers, email, or phone numbers by offering financial assistance or government stimulus packages. ● Tailored attacks against employees working from home - Attackers were trying to target people working from home by tailoring attacks to their roles or companies. A tailored attack is difficult to recognize because it contains many specific details. Attackers tried to get sensitive personal or company data. ● Scams offering personal protective equipment (PPE) - During the pandemic, we experienced a shortage of PPE at some stages. Scammers offering OOPP tried to get paid and did not send you any equipment, defective or you could get the order after several months. Attackers took advantage of fear, lack of information and greed. 3. Which industry was targeted with the highest number of ransomware-associated data extortion operations? The highest Industrial and engineering sector, second Manufacturing 4. What is WICKED PANDA? Where do they originate from? Wicked Panda is a cyber threat formation run by the Chinese government. Its goal is to spy on other countries to gain advantages for Chinese companies or to the government itself. Those actions might be financial, technological, or political, and financial. 5. Which ransomware actor was the first observed using data extortion in a ransomware campaign? OUTLAW SPIDER 6. What is an access broker? Access brokers are entities that are able to get access to the backend of various organizations such as corporations or government structures. They resell this gained information to other criminal entities on the black market. 7. Explain a credential-based attack. Credential-based attack occurs when attackers steal credentials to access organizations' inner structures. They can change security controls, and steal important data. 8. Who is credited for the heavy adoption of data extortion in ransomware campaigns? TWISTED SPIDER 9. What is a DLS? A Dedicated Leak Site (DLS) is a website where criminals are selling, publishing or retrieving data of companies, which refused to pay the ransom. 10. According to Crowdstrike Falcon OverWatch, what percentage of intrusions came from eCrime intrusions in 2020? 79% 11. Who was the most reported criminal adversary of 2020? WIZARD SPIDER 12. Explain how SPRITE SPIDER and CARBON SPIDER impacted virtualization infrastructures. Sprite Spider enables SSH to allow persistent access to ESXi devices, and in some cases changes the root password or the host's SSH keys, after connecting to vCenter. Carbon Spider accesses vCenter using legitimate credentials but also logs in over SSH using the Plink tool to drop its Darkside ransomware.1 13. What role does an Enabler play in an eCrime ecosystem? Enablers play a crucial part in the eCrime ecosystem. While providing criminal actors access to structures that have no access to. These actors run malware as a service operation. They specialize in delivering mechanisms or they exploit networks. When they gain access they try to sell it to other criminal entities. 14. What are the three parts of the eCrime ecosystem that CrowdStrike highlighted in their report? Service, Distribution, Monetization 1 https://www.itpro.com/security/ransomware/358735/ransomware-operators-exploiting-vmware-esxi-flaws# :~:text=After%20connecting%20to%20vCenter%2C%20Sprite,to%20drop%20its%20Darkside%20ransom ware. 15. What is the name of the malicious code used to exploit a vulnerability in the SolarWinds Orion IT management software? SUNBURST Part 2: Akamai Security Year in Review 2020 In this part, you should primarily use the Akamai Security Year in Review 2020 and Akamai State of the Internet / Security, along with independent research, to answer the following questions. 1. What was the most vulnerable and targeted element of the gaming industry between October 2019 and September 2020? Players 2. From October 2019 to September 2020, in which month did the financial services industry have the most daily web application attacks? December 2019 3. What percentage of phishing kits monitored by Akamai were active for only 20 days or less? %60 4. What is credential stuffing? This is when attackers try to use the credentials that were exposed during the past breach. And they will reuse those credentials to try to log in to another website or application 5. Approximately how many of the gaming industry players have experienced their accounts being compromised? How many of them are worried about it? More than accounts being compromised - ⅕ are worried about it 6. What is a three-question quiz phishing attack? Three-question quiz phishing attack is an attack that forces users to fill out small quizzes for a chance to win something. These attacks often lead to personal information being stolen. 7. Explain how Prolexic Routed defends organizations against Distributed Denial of Service (DDoS) attacks. Prolexic Routed defends organizations by redistributing the network traffic through Akamai scrubbing centers. In addition, they allow only the checked traffic to go through. 8. Which day between October 2019 to September 2020 had the highest Daily Logins associated with Daily Credential Abuse Attempts? 08/02/2020 9. Which day between October 2019 to September 2020 had the highest gaming attacks associated with Daily Web Application Attacks? 11/07/2020 10. Which day between October 2019 to September 2020 had the highest media attacks associated with Daily Web Application Attacks? 20/08/2020 Part 3: Verizon Data Breaches Investigation Report In this part, use the Verizon Data Breaches Investigation Report plus independent research to answer the following questions. ______________________________________________________________________ 1. What is the difference between an incident and a breach? An incident is a failure which does not meet internal standards, processes, and procedures. Or it could be a problem aligning with the law, licenses, policies, or industry standards. A Breach is an incident usually provided from outside. Also, breach is done with a specific legal character and consequence. 2. What percentage of breaches were perpetrated by outside actors? What percentage were perpetrated by internal actors? External (87%), Internal (17%) 3. What percentage of breaches were perpetrated by organized crime? Around 82% 4. What percentage of breaches were financially motivated? Around 80% 5. Define the following (additional research may be required outside of the report): Denial of service:Attacks want to ruin the availability of networks and systems. It means that the networks and systems are not available for internal traffic and external as well. Command control:A command control server is a computer-controlled entity that is willing to send commands by malware. When they receive stolen data from a target network they try to use it against the provider or monetize it. Backdoor:Backdoor is a term in cyber security that means bypassing an existing security system. It is usually an alternative entrance to the system created by the original architect. You can use this entrance to get to the system without the owner's permission. Keylogger:A keylogger is a type of spyware that monitors and records user keys and typing. That allows cybercriminal entities to monitor and save anything that is typed into their victims' keyboards. This includes private data such as passwords, account numbers, and credit card numbers. 6. What remains one of the most sought-after data types for hackers? Credentials 7. What was the percentage of breaches that involved phishing? Around 37% © 2023 edX Boot Camps LLC. Confidential and Proprietary. All Rights Reserved.