Threat Analysis and Exploitation

Table of Figures and Tables

No table of figures entries found.

According to our Project 3 assignment, Distributed Denial of Service attacks (DDoS), web defacements, sensitive data exfiltration and other attack vectors typical of nation state actor(s) on the U.S. financial network. The Team 1 collaborative efforts have found:

· The financial services sector discovered the network breach and the cyber-attacks.

· The law enforcement sector provided additional evidence of network attacks found using network defense tools.

· The intelligence agency identified the nation state actor from numerous public and government provided threat intelligence reports.

· The Department of Homeland Security provided the risk, response, and recovery actions taken as a result of this cyber threat.

Our goal according to our Project 3 assignment is to provide education and security awareness to the financial services sector about the threats, vulnerabilities, risks, and risk mitigation and remediation procedures to be implemented to maintain a robust security posture, and take the lessons learned from this cyber incident and share that knowledge with the rest of the cyber threat analysis community using:

· Data and resources brought by each Team 1 representative.

· Test results from any prior lab testing done which is relevant to the financial institution. For example, leveraging network security skills by using past port scans, network scanning tools, and analyzing Wireshark files to assess any suspicious network activity and network vulnerabilities.

· Describe the specific threat and impact on the specific financial institution or part of the financial services CI.

· Then describe the impact that the threat would generally have on the financial services sector.

· Provide relevant submissions from the Information Sharing Analysis Council related to the financial sector.

· The importance and impact of Industrial Control Systems on the financial services CI.

· Other CIs which may be affected by attacks on the financial services CI (include diagrams)

· Include Why?

· What were the critical information systems in the specific financial institution or part of the financial services Critical Infrastructure (CI) in your incident/event(s)?

· What cyberthreats and vulnerabilities were involved?

· What port scanning, network scanning and traffic analyzation tools and data were used to assess the suspicious network activity and network vulnerabilities? How were they used? (Use your lab experiences and lab data from your 600 and 610 courses to identify the tools and methods here and actual data throughout the report.)

· Describe the impact, if any, that the specific event(s) had on the law enforcement sector.

· How might this be mitigated or prevented?

Threat Actor Definition and Rationale

· What were their reasons for attacking the U.S. and its financial services institution or CI in the incident?

Tools, Techniques and Procedures Used By The Threat Actors

· What cyber tools, techniques, and procedures did the nation state actors use in your specific event?

· What social engineering attacks may have been used in your specific event(s)?

Threat Actors Lessons Learned

· What was learned from attacks by the threat actors that were successfully stopped in your specific event(s)

The Intelligence Community Recommendations

[Remember that there may be multiple methods of addressing any one threat actor or in different parts of the lifecycle. You should point these out select which method you recommend and justify why.]

· Provide an overview of the life cycle of the specific cyberthreats in your incident.

· What specific threat behaviors were observed in each part?

· What was in place or missing to defend and protect against the threat in each part?

· What methods were used to detect the threat, identify the threat, and perform threat response and recovery in each part? How successful were they? What was deficient?

Threats and Exploits In The Incident

· What web financial services application vulnerabilities were present in your specific event?

· How well were other potential web financial services application vulnerabilities addressed to secure the financial institution or financial services CI in your specific event?

· What responses and risk mitigation steps were taken in your specific event? Include your assessment of those responses and risk mitigation steps? What was missing and what should be changed for the future?

· What security tools were used in your specific event? What was missing and what should be changed for the future?

· What was learned from successful exploitation of the financial institution or part of the financial services CI in your specific event(s)?

(Identify risks created by threats exploiting vulnerabilities in your incident.)

· Provide the risks and impacts to the financial institution or financial services CI in your specific event?

[What are your specific recommendations to the Financial Sector regarding the specific event(s), mitigation and prevention measures, and tools which should be used to address the future threats and vulnerabilities as in the incident? Base these on risk and impact, as well as the resources and time required to implement. Use of a table with discussion of key aspects can be effective.]