ABs__Security 101 Challenge_
docx
keyboard_arrow_up
School
University of Texas, San Antonio *
*We aren’t endorsed by this school
Course
UTSA-VIRT-
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
6
Uploaded by AmbassadorIbex3880
Cybersecurity Threat Landscape
Part 1: Crowdstrike 2021 Global Threat Report
For Part 1 of your homework assignment, use the
Crowdstrike 2021 Global Threat
Report
,
along with independent research, to answer the following questions (remember
to make a copy of this document to work on):
1.
What was the dominant ransomware family that impacted the healthcare industry
in 2020?
WIZARD SPIDER
2.
Describe three different pandemic-related eCrime Phishing themes.
-
Impersonation of medical bodies, including the World Health
Organization (WHO) and U.S.Centers for Disease Control and Prevention
(CDC)
-
phishing domains that spoofed pharmaceutical companies leading efforts
on COVID-19 research
-
Financial assistance and government stimulus packages
3.
Which industry was targeted with the highest number of ransomware-associated
data extortion operations?
Industrial and Engineering
4.
What is WICKED PANDA? Where do they originate from?
Cybersecurity Boot Camp
Security 101 Challenge
WICKED PANDA originates from CHINA (People’s Republic of China) and was the
most prolific adversary from China as well as one of the most tracked by
CrowdStrike Intelligence. They are a for-profit/for-hire cyber operation and
for many years before the pandemic they were known for targeting video game
companies. During 2020 they were known to exploit vulnerabilities in their
victims and deploy malware payloads, Cobalt Strike and Meterpreter as well
as others.
5.
Which ransomware actor was the first observed using data extortion in a
ransomware campaign?
OUTLAW SPIDER was first observed employing this tactic in May 2019
6.
What is an access broker?
Threat Actors that gain backend access to an organization and sell the
access to criminals.
7.
Explain a credential-based attack.
A credential-based attack is an attack where criminals steal login
credentials to gain access to an organization's network or bypass security
to achieve their goal. It starts with credential theft, the act of first
stealing the credentials, moves to credential abuse where the credentials
are actually being used and in the end can be sold to other criminals.
8.
Who is credited for the heavy adoption of data extortion in ransomware
campaigns?
TWISTED SPIDER
9.
What is a DLS?
Dedicated Leak Site, this is where data that was held for ransom is either
sold or posted if the victim does not pay to get it back or the criminal
decides to post it anyway
10.According to Crowdstrike Falcon OverWatch, what percentage of intrusions came
from eCrime intrusions in 2020?
400%
11.Who was the most reported criminal adversary of 2020?
WIZARD SPIDER
12.Explain how SPRITE SPIDER and CARBON SPIDER impacted virtualization
infrastructures.
SPRITE SPIDER and CARBON SPIDER unconventionally used Linux versions of
their ransomware to target EXSi hosts to target BGH operations. EXSi manages
virtual machines and with more companies moving to virtualization for their
IT systems it makes sense for ransomware operators to target them here.
Targeting these hosts allows ransomware operators to encrypt multiple
systems with few ransomware deployments. Encrypting one EXSi server inflicts
the same damage to each VM hosted on the server.
13.What role does an Enabler play in an eCrime ecosystem?
Enablers provide criminals with capabilities they may otherwise not have
been able to have. For example an access broker is an Enabler.
14.What are the three parts of the eCrime ecosystem that CrowdStrike highlighted in
their report?
1. Services
2. Distribution
3. Monetization
15.What is the name of the malicious code used to exploit a vulnerability in the
SolarWinds Orion IT management software?
SUNBURST
Part 2: Akamai Security Year in Review 2020
In this part, you should primarily use the
Akamai Security Year in Review 2020
and
Akamai State of the Internet / Security
,
along with independent research, to answer the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
following questions.
1.
What was the most vulnerable and targeted element of the gaming industry
between October 2019 and September 2020?
Its players
2.
From October 2019 to September 2020, in which month did the financial services
industry have the most daily web application attacks?
December 2019
3.
What percentage of phishing kits monitored by Akamai were active for only 20
days or less?
60%
4.
What is credential stuffing?
Is a type of attack where attackers use a list of compromised credentials to
breach access into a system, usually automatically injecting them into a web
login until access is gained
5.
Approximately how many of the gaming industry players have experienced their
accounts being compromised?
How many of them are worried about it?
More than half have experienced their accounts being compromised but only
20% are worried about it
6.
What is a three-question quiz phishing attack?
A type of phishing attack where the victim is asked 3 questions and will
always win a fake prize at the end that then requires them to provide
sensitive information
7.
Explain how Prolexic Routed defends organizations against Distributed Denial of
Service (DDoS) attacks.
By redirecting network traffic through Akami scrubbing centers and only
allowing the clean traffic forward
8.
Which day between October 2019 to September 2020 had the highest Daily
Logins associated with Daily Credential Abuse Attempts?
Aug 17, 2020 - 365,181,101 attacks
9.
Which day between October 2019 to September 2020 had the highest gaming
attacks associated with Daily Web Application Attacks?
Jul 11, 2020 - 14,631,618 attacks
10.
Which day between October 2019 to September 2020 had the highest media
attacks associated with Daily Web Application Attacks?
Aug 20, 2020 - 51,150,760 attacks
Part 3: Verizon Data Breaches Investigation Report
In this part, use the
Verizon Data Breaches Investigation Report
plus independent
research to answer the following questions.
______________________________________________________________________
1.
What is the difference between an incident and a breach?
An incident is an occurrence that occurs that compromises the
confidentiality, integrity, and availability (CIA) of an asset.
A breach is an incident where it is confirmed that the data has been
compromised to an unauthorized party.
2.
What percentage of breaches were perpetrated by outside actors? What
percentage were perpetrated by internal actors?
In 2020 - 80% external, 20% internal
3.
What percentage of breaches were perpetrated by organized crime?
80%
4.
What percentage of breaches were financially motivated?
100%
5.
Define the following (additional research may be required outside of the report):
Denial of service
: A DoS is a malicious attack to overwhelm a machine,
service, or network to make it unavailable to users.
Command control
: a type of attack that involves an attacker installing
malware that then allows them to command and control an infected network or
machine remotely.
Backdoor
: refers to any method that attackers are able to get around normal
security measures to gain access to a system.
Keylogger
: a program that records every keystroke made by a user on a
computer, attackers use this to try and find login credentials.
6.
What remains one of the most sought-after data types for hackers?
Bank
7.
What was the percentage of breaches that involved phishing?
36% of breaches
© 2023 edX Boot Camps LLC. Confidential and Proprietary.
All Rights Reserved.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help