Computer_Network _Security_1_9
docx
keyboard_arrow_up
School
California State University, Fullerton *
*We aren’t endorsed by this school
Course
1964
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
4
Uploaded by marttiatoo
1. Methods used by a particular group can be found by searching MITRE ATT&CK with that
group's name. Every known TTP for every known group is listed in ATT&CK. This paper
contains the companies cyberattack TTPs. It is possible to use command and control (C2)
communication, lateral network movement, data exfiltration, spear phishing, social
engineering, and software vulnerabilities. Professionals in security should pay attention to
MITRE ATT&CK Initial Access. If the attackers can't get in, they can't do any harm. During
the initial access step, an APT-based strategy must identify all potential threats. Anyone who
gains access can do anything they choose. The harmless ones included. Put, "Initial Access
Brokers" are bad guys wishing to sell your network access (Gwanghyun Ahn et al.,2021).
2. Understanding the inner workings of a corporation is crucial in many contexts. The first
benefit is that it sparks broader and more in-depth discussions regarding the group's activities
and the hazards they pose. You can better assess the group's capabilities and the results of
their actions if you are familiar with their tactics and procedures. The second benefit of this
training is that it may be applied to expanding the current body of literature. Experts in the
field can work together to create more effective strategies for detection, prevention, and
mitigation when they share their knowledge and thoughts on the methods used by the group.
APT28 used security holes in the SNMP protocol to target Cisco routers worldwide. It
harmed two-fifty people in Ukraine and spread across Europe and the United States. Network
management protocol abuse allows hackers to obtain private data and infiltrate systems with
weak hardware. SNMP was created to facilitate the remote monitoring and configuration of
network devices (Marican et al.,2019).
References
Gwanghyun Ahn, Kookjin Kim, Dongkyoo Shin, and Wonhyung Park. (2021). A method that
uses the MITRE ATT&CK Framework and machine learning to identify dangerous files.
Applied Sciences, 12(10761),10761. dio:10.3390/app122110761
Marican MNY, Selamat A, Othman SH, Razak SA (2019). An exhaustive review of the
literature. Access, IEEE, and The Cyber Security Maturity Assessment Framework for
Technology Start-Ups, 11, 5442–5452. doi:10.1109/ACCESS.2022.3229766
Sikha S. Dustin Mink, Subhash C. Bagui, and others (2018). The MITRE ATT&CK
Framework-Based Comprehensive Network Traffic Dataset is now accessible at UWF-
ZeekData22, 8(18), 18–20. doi:10.3390/data8010018 Reply:
Mitre ATT&CK is a free, international framework that may be downloaded now. It offers up-
to-the-minute details about cyber-threats that companies may utilize to strengthen their
defenses. The Russian military's eighty-fifth Main Special Service Center is a possible
APT28 entry point. This group has existed online since at least 2004. APT28 used brute-force
and password-cracking methods to gain access. The brute-force approach might make over
three-hundred authentication attempts per hour for each target account, but this could take
several hours or days to complete. The toolkit's password spray function was used to disperse
many credentials swiftly. Since APT28 was discovered to operate on a Kubernetes cluster,
massive password-guessing attacks are now possible. The Russian foreign intelligence
service SVR may be the threat actor APT29. Since at least 2008, they have attempted to
breach the computer systems of NATO nations, European governments, universities, and
think tanks. In June 2016, APT29 started hacking the Democratic National Committee.
Reply:
MITRE APTs investigate data collected by MITRE ATT&CK. Connecting CVE-based Big
Fix Patches with APT processes, procedures, and tactics is made more accessible in this way.
The Russian Foreign Intelligence Service is one probable actor behind APT29. They have
been trying to hack into NATO and European government networks, as well as those of
universities and think tanks, since at least 2008. Safeguarding must remain strict. Security
solutions like anti-virus and anti-malware software, firewalls, and intrusion detection systems
can help detect and prevent common malware attacks. If you are familiar with the group's
strategies and procedures, you will have a better basis for evaluating their effectiveness and
influence. The group's plan is more easily assessed. Second, acquiring these skills could
facilitate a deeper understanding of the material. By sharing the group's methods with other
specialists in the sector, they can collaborate to perfect detection, prevention, and mitigation
strategies. The sharing of procedural information facilitates this. In conclusion, a technology
manager needs to deeply understand technological processes and procedures to develop
effective preventative and remedial measures.
Reply:
The ATT&CK Enterprise Matrix is a helpful resource for doing just that. You may see a
massive grid on the Mitre ATT&CK website. Pick a method that will help you learn more
about it. MITRE’s defined language for describing threats allows businesses to use this
matrix to understand the aggressive behavior they must combat. APT29 sends infected emails
to their targets as part of their spear phishing attempts. A practical method of preventing
spear phishing is to implement a policy addressing the security of employee email accounts
and to provide training to staff. Attacks on watering holes can be reduced through constant
monitoring of content and safety and improvements to both. To curb the spread of zero-day
exploits, fixes, and updates must be installed immediately. To spot APT29 and similar
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
attacks, you can use intrusion detection and prevention systems (IDS/IPS) or conduct
frequent penetration tests. It is possible to mitigate APT29's effects using technical
countermeasures, employee training, and close surveillance.