Questions
docx
keyboard_arrow_up
School
Punjab University College Of Information Technology *
*We aren’t endorsed by this school
Course
241
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
6
Uploaded by SuperFlyPerson806
1.
Summarize the case study. (a short paragraph – around 100 word)
SolarWinds
is one of the major IT Company based in USA which is providing system
management tools for business management such as infrastructure monitoring. SolarWinds
provide services to thousands of companies around the world and their one of the best tool is
“Orion”. As per reports, the company was breached by hackers and they remain in their
systems for a very long time. Hackers used a type of supply chain attack to insert the malware
into their system. The Orion system has been used by thousands of companies around the
world. Therefore, more than 30 thousands of companies and businesses were get caught by the
attack[ CITATION SAM21 \l 1033 ].
2.
Identify the type of malware in the case study and how does it generally work?
The type of malware used in the breach was a Supply chain attack. The supply chain attack is
one of the most damaging attack as it is used to insert a malware or malicious code into the
target’s systems. The attack usually take control of the third party applications or systems
which are linked to the main systems instead of taking down the main systems or networks
directly.
In our case, this third party system or application was the “Orion” which is tool by
SolarWinds for infrastructure monitoring.
After the malicious code start executing its harmful
instruction, it made a way through the systematic link of Orion with the network of FireEye
which is a US cyber security firm.
A supply chain attack is harmful to the networks and other
online systems as they are very hard to deal with. This is because they act like they are a part of
the real system and made you trust them without verifying them. Such types of supply chain
attacks first demonstrated many years ago when Ken Thompson tried to hide a backdoor in the
log in function of UNIX.
From the below figure we can see how a Supply Chain Attack
Works.
Fig- Supply Chain Attack
3.
In the case study the purpose of this hack is still unknown. Discuss any five things
that you think generally motivates hackers.
From the case study we didn’t find any specific clue why hackers attacked on SolarWinds
Orion system. However, there are many possibilities or we can say intentions of the hackers for
which they breached the Orion’s security. Following are some reasons or motivations for
hackers to attack the SolarWinds.
To steal data.
The first and foremost motive for the hackers to initialize that attack was to steal
the data and then ask the company to pay ransom for not leaking their secret information.
To Monitor the companies:
Another motive of the attacker could be to steal the data of
different companies associated with the Orion system or gain access to them for monitoring
their day to day processes for seeking any important information.
To breach data and use for illegal purposes.
Most of the times, hackers breach a company’s
system just to steal their data and then use it for any illegal purpose. For example, they can use
the user ids and passwords to create other accounts on different online web services or they
can also use these account information to sell it on dark web or somewhere else.
Breach the data to sell secret information to other countries:
Another motive for hackers
to breach the Orion system could be to steal any relative information from the linked
companies and then sell that information to either other countries for their benefits or to the
different online service providers for data mining.
To locate secret plans of the Government.
Every country save its secret plans to somewhere
secure yet hard to find the source. Therefore, another motive of the hackers to breach the
Orion system could be stealing the secret plans of the US cyber security agencies in order to
leak out the secret strategies which may include war tactics, their details of secret agents in
other regions any many more.
4.
Experts agree that SolarWinds and all Organizations affected by the hack did not pay
proper attention to Risk Identification and Threat Assessment. Describe the
importance of risk assessment and threat assessment.
For every company which is providing online services or have some of their assets or important
information over online platforms, regardless of the size, should have strong cyber security
policies implemented. This is because when there is no security then there will be more chances
of getting breached by hacker. Apart from that, from the case we have seen that the effected
companies are not fully aware of the attack because of their poor risk assessment and threat
identification techniques [ CITATION Luc20 \l 1033 ]. It is very important for such organization
to keep updated risk and threat assessment policies for which they will be able to identify risks
and remove them in time to prevent any loss.
Risk assessment is a process of evaluating a potential risk which may be involved in a project or
an application. This assessment helps an organization to calculate the bad thing which may
occurs in your organization. The importance of risk assessment is that it help us in following
ways
It helps to protect organizations against breaches which may result in important data loss.
It also help by giving us the data in order to prioritize the improvements in our security.
Risk assessment also helps to guide security investment for maximum protection.
5.
Recommend the steps of risk assessment process that the affected organizations should
follow to improve its risk management process.
Risk assessment is a process of identifying potential risks or threats to an organization from
internal as well as external factors specifically the intruders or hackers. For the effected
organization, it would be recommended them to always stay up to date with their cyber security
policies and to implement the latest tools and techniques which are best for cyber security
[ CITATION Wha201 \l 1033 ]. However, following are some suggestions or recommendation
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
for the effected organization in order to improve their risk assessment process and to prevent any
future loss.
Risk Analysis (identify Potential Risks)
Evaluate and assess the consequences, impact and the probability of occurrence for each
threat or potential risk
Assign roles and responsibilities for each identified risk.
Plan mitigation strategies for each risk found
Measure the effect to stakeholders
Continue to measure each risk and adopt specific mitigation technique.
From all of the above risk assessment steps, any organization can improve its risk assessment
techniques and improve their day to day plans for mitigating the risk or any threat found. This is
important for all of the organizations as it will help them to stay one step ahead of what bad is
about to happen.
6.
Identify a risk estimation approach (qualitative or quantitative) that would you
recommend to the affected Organizations to proper manage risk.
Explain your
answer.
For any organization it is important to place highly strong cyber security policies in order to
protect its important assets and data from threats or hackers. Because for an organization which
is providing services online or having important assets online it is mandatory to have a risk
assessment plan to protect their assets and to mitigate any risk that may occur. Similarly, from
the case, we have seen that the major organizations which were breached specifically the
SolarWinds, FireEye and other organization lacked updated security protocols for which they
were unable to identify the source of the attack and were remain unaware of the attack even after
a long time. This also shows us that due to poor risk assessment plan and mitigation techniques,
it can be very easy for the attacker to breach the system. However, in order to prevent such
incidents in future it is recommended for those organizations to use the quantitative risk
assessment approach for their security purpose.
The quantitative risk estimation approach is one the three techniques by which an organization
can assess their potential risks and then act accordingly. In quantitative risk estimation, it has
been seen that the quantification of risk indicates that the probability of risk occurrence can be
the product of a hazardous situation and the likely hood of the occurrence of the harm.
The
quantitative method is most recommended for risk estimation because it force the management
or the risk assessors to consider the worst case scenario which may occur due to a possible threat
of attack on the organization.
However, there is a negative side of this method which is that it
distorts the risk management in order to find out the actual risk. An example of a quantitative
method is the BMX five-level risk computation method, which calculates risk in five classes of
harm severity: catastrophic, critical, serious, minor and negligible. This method considers the
entire spectrum of harm severities and identifies the highest risk regardless of the harm severity.
7.
Give five recommendation to the affected Organizations to protect against this type
of malware?
From the case we have seen that all of the organizations which were under the attack were poor
in managing their risks and other important cyber security policies [ CITATION SM21 \l
1033 ]. Therefore, hackers were able to get into their systems and then breach the data without
knowing them. Moreover, hackers did not stopped continuing their attack, they start moving to
more organizations to get more and more data from these affected organization. Hence it
proves that there was a need of proper cyber security plan which could have prevented such
attack to occur. Following are some recommendation to such organization in order to protect
against these types of malware.
Implement honeytoken or honeypots to fake important resources.
Secure privileged access management
Implement Zero trust Architecture
Always assume there may be a data breach to the system
Identify potential internal risks
Identify and protect vulnerable resources.
All of the above recommendations to the affected organizations are effective to be adopted.
Because each recommended technique will help the organization to protect their important
assets and information from being breached. However, different recommendations will have
different results depending upon the infrastructure and policies of the organization. Therefore,
it is also suggested that before applying any security policy it should be analyzed whether it
will be good for the selected organization or not.
8.
Using examples from your own online research describe five impacts of this attack
on all the affected organizations.
For the effected organizations it can be said that all of them faced a hard time during the attack.
However, it was never disclosed what kind of information the hackers have stolen or for how
much long they were trying to monitor the activities performed by these organizations.
Similarly, with the attack it has been seen that each organization have different effect of the
attack over their operations or the assets for which they were providing services to their
customers and other agencies epically for the SolarWinds and FireEye [ CITATION Chi21 \l
1033 ]. As each organization had different effect of the attack, following are some major as
well as minor affects which are may be common among all of the effected organizations.
Loss in public reputation for the organization
Leaked data put organization’s information at risk
Huge loss of customer’s satisfaction
Users moved to alternate companies
Companies also faced financial loss.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help