CYB 250 Stepping Stone One

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

250

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

Uploaded by SuperKoala931

1 3-3 Stepping Stone: Introduction to Threat Modeling Chris Lawton Southern New Hampshire University CYB 250: Cyber Defense Prof. Nancy McDonnell 7/16/2023

2 CYB 250 Stepping Stone One Template I. Threat Modeling Howard Threat Model Incident Target Breach Sony Breach OPM Breach Attackers Professional criminals that are still unknown. Sellers who sold the credit card information were called Rescator. Guardians of the Peace (GOP). X1 & X2. Hackers who were state-sponsored attackers working for the Chinese government. Tools Script or program: Citadel Trojan & BlackPOS malware. Script or program: Destover or WIPER. Script or program: PlugX, the backdoor tool installed on OPM’s network. Active Directory privilege escalation technique. Sakula. Vulnerability Design, implementation, and configuration all play a role.  Fazio Mechanical is a third-party that was initially attacked with the Citadel Trojan. This was due to a phishing attack so there was not proper security training.  Target’s infrastructure and system admins. Target did not properly segment their Exact vulnerabilities were not publicly specified but it is believed to be due to poorly managed access and privilege controls so this would be a configuration vulnerability. Failure to fix issues after the X1 attack that helped facilitate the X2 attack. As well as not enabling important security measures such as two-factor authentication.

3 systems and isolate their sensitive networks from easily accessed networks allowing easier access to their entire system. Action Probe, scan, read, bypass, and steal. Compromised Fazio by phishing and Citadel Trojan. Gained access to Targets system and installed BlackPOS to export credit card data. Probe, scan, read, bypass, and steal. While exact details of how the attack happened – malware is involved so that they were able to gain access to sensitive employee information through the malware. Probe, scan, read, bypass, and steal. It is not clear how X1 was able to infiltrate the network, but they were able to steal information about OPM’s network that was able to assist X2 in their attack. X2 was able to steal a valid username and password to execute an Active Directory privilege escalation technique to obtain root access. Here they were able to install PlugX to exfiltrate data from OPM servers such as SF-86 forms that contain highly personal information gathered in background checks for people that are trying to get government security clearances. Target Gaining access to Target’s customer’s credit card information through their POS system. Employee personal information. Which included banking information, passport, social security numbers, and medical records. Company IT system architecture information. As well as two contractors USIS, and KeyPoint. These contractors conducted background checks

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

4 documents that included thousands of passwords to numerous services and substantial amounts of emails were also stolen. on government employees. Unauthorized Result Increased access, disclosure of information, and theft of resources. Hackers were able to gain financial information from Target by escalating access. Increased access, disclosure of information, and theft of resources. Hackers were able to install malware to increase their access and gain disclosure of information. Increased access, disclosure of information, and theft of resources. Hackers were able to gain access to root and increase privileges to exploit sensitive data. Objective Financial gain. Financial gain and Damage. Political gain and damage. II. Incident Analysis One of the incidents above that I would like to further explore is the Target breach. Utilizing the CIA triad, this breach would fall under confidentiality. The IT and security team did not make efforts to ensure that the organization kept their data private. An example of this would be that they did not investigate security warnings that came up from multiple security tools they utilized. Another example would be that they did not take proper measures to keep their networks segmented. All the attackers had to do was gain access to Target’s business section and they were able to navigate their way around the rest of the network – this included parts that contained sensitive data.

5 Utilizing an adversarial mindset is pivotal for anyone working in network security. Knowing how an attacker might think can help to further assist in preventing attacks. This can be done by knowing loopholes that an attacker might try to exploit in your network so that you can plug those holes and prevent attacks. This can help to keep you one step ahead as you will constantly need to stay up to date on current attack types and how your system may fall into the same situation. It can also help you to make an effective response plan if an attack were to occur. If I worked for Target and used a threat model proactively, the first major change I would implement would be proper training. The fact that multiple warnings were ignored from security tools that were utilized to help prevent attacks is unacceptable. This shows that there was a lack of training and awareness of the dangers that could come and ultimately did come. Another thing I would want to implement is proper network segmentation. Having proper a network properly segmented and isolating a network with sensitive data can help to prevent the attackers from having free reign of the network after gaining access to one sector of it. III. Threat Modeling Extension Threat models are one of the most important techniques an organization can utilize to protect against and prevent cyberattacks. Threat models are used to create a roadmap of various attackers and potential vulnerabilities within the network that could pose a threat to company data that could be exploited. The use of threat modeling is extremely important for many reasons. They can help to provide a proper road map for the entire organization to be on the same page if an attack were to arise. It helps to outline proper

6 measures to take to prevent escalation of the attack. It can also help to prioritize the cybersecurity needs of the organization by outlining which threats would require the most attention and budget requirements. It can also help with compliance of data privacy and security laws and regulations that an organization would be required to understand and follow. Threat modeling can look quite different for each role that engages in IT. Each role requires them to know their focus and priorities. Penetration testers (pen testers), as the name would imply, map out threats and vulnerabilities within the system that an attacker could use to penetrate the system. Three questions a pen tester should consider are: “Where am I most vulnerable to attack?” “What are the most relevant threats?” “What do I need to do to safeguard against these threats?” (Johnson, 2019). Threat analysis can help the developers to create proper security measures to help to prevent threats.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

7 References Adam Meyer, Chief Security Strategist, SurfWatch Labs, a cyber risk intelligence company & By Adam Meyer, Chief Security Strategist, SurfWatch Labs, a cyber risk intelligence company Network World. (2015, January 9). Lessons from the Sony breach in risk management and business resiliency . Network World. https://www.networkworld.com/article/2867313/lessons-from-the-sony-breach-in-risk-management-and-business- resiliency.html Banu. (2023). What is threat modeling & What are its advantages? (ECIH) | EC-COUNCIL. Cybersecurity Exchange . https://www.eccouncil.org/cybersecurity-exchange/incident-handling/what-is-threat-modeling-what-are-its-advantages-ecih- ec-council/ Fruhlinger, J. (2020). The OPM hack explained: Bad security practices meet China’s Captain America. CSO Online . https://www.csoonline.com/article/566509/the-opm-hack-explained-bad-security-practices-meet-chinas-captain-america.html Shu, X., Tian, K., Ciambrone, A., & Yao, D. (2017). Breaking the Target: An analysis of target data breach and lessons learned. arXiv (Cornell University) . https://doi.org/10.48550/arxiv.1701.04940

Related Documents

CYB 260 Module Three Worksheet.docx

3-3 Project Two Stepping Stone - Preliminary Report.docx

CYB 240 Module One Lab Worksheet.docx

CYB 240 Module Five Lab Worksheet.docx

CYB 230 Module Two Lab Worksheet.docx

CYB 250 Stepping Stone Two.docx

CYB 240 Module Three Lab Worksheet.docx

First OYSTER Run.docx

1.1.12 Practice Questions.docx

Lab Assignment 1.docx

Hw8_Fall_2023.ipynb - Colaboratory.pdf

Fall-2023-Midterm.ipynb - Colaboratory.pdf

Recommended textbooks for you

Principles of Information Security (MindTap Cours...

Computer Science

ISBN:9781337102063

Author:Michael E. Whitman, Herbert J. Mattord

Publisher:Cengage Learning

Management Of Information Security

Computer Science

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:Cengage Learning,

Principles of Information Systems (MindTap Course...

Computer Science

ISBN:9781305971776

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Fundamentals of Information Systems

Computer Science

ISBN:9781337097536

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Fundamentals of Information Systems

Computer Science

ISBN:9781305082168

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

SEE MORE TEXTBOOKS

Recommended textbooks for you

Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning