Cyber Security Security Strategy Implementation Recommendations document 5-8 pages

04/12/2020

Overview:

Sifers-Grayson hired an external contractor to conduct a Network penetration test. The Red Team contractors successfully breached Sifers-Grayson's network via an insecure network link, being able to obtain access to the servers of the R&D department. The red team managed to steal passwords for 20% of employee logins using a key logger built on USB keys left on the lunch table in the employee lounge headquarters, which gave them access to restricted areas. Lastly, the employees carelessly gave the Red Team access to the faculties via RFID-controlled doors, thereby allowing them to obtain 100% of the design documents and source code for the AX10 Drone Network in turn gain control of the AX10-a test vehicle and install malware across the network.

Sifers-Grayson recently secured a contract with the Department of Defense (DoD) and Homeland Security has ordered the introduction of new information protection measures in the R&D center and the SCADA laboratories. They will now have to abide by NIST guidelines and the rules of the Defense Federal Acquisition Regulations (DFARS). Such new rules are needed to ensure the federal government's confidential information is adequately secured against unauthorized users.

Analysis:

Sifers-Grayson's network currently consists of both wireless and wired links to the network. The wired link is not completely secured since a firewall only has one access point. The firewall is built between the internet source data center and leaves the R&D center and corporate offices vulnerable to malicious attacks. When they are going to defend the organization from cyber threats, the network must be secured at all access points, having one point unsecured is enough to sabotage the entire network. The unsecured network made it possible for the Red Team to gain access to the engineer’s center and at this point, someone with limited hacking ability would be able to access the unsecured network and display or gather sensitive data. It is a direct violation of the recent NIST and DFARS legislation requiring Sifers-Grayson to ensure the federal government's classified information is adequately protected from unauthorized users.

Lessons Learned:

Keylogging software was installed in the Corporate Headquarters, using a free USB left on a lunch table. The hacker was able to access user credentials including logins for employees. A key logger can be quickly identified on the user's computer if the right program is pre-installed.

The malware was installed by the Red Team with the stolen password on a workstation that was connected to the PROM burner in the R&D DevOps laboratory over an unsecured network. “Unfortunately, identifying all infected hosts is often complicated by the dynamic nature of computing (NIST.SP.800-83r1. Guide to Malware Incident Prevention and Handling for Desktops and Laptops ,2020)”. Malware is malicious software that is created by hackers with the goal of gaining access or wreaking havoc on a computer system or an entire network without the user have any knowledge of it. There are a different range of malware like trojans, spyware, ransomware, worms, and key loggers (Palmer, 2020).

Recommendations:

To help prevent or mitigate this attack from happening again in the future an anti-keylogger tool is recommended to help identify and remove any form of suspicious behavior or any suspicious software installed in the background. Another way to remove tools like key logger is to have staff machines programmed to require applications to seek approval before receiving or submitting data, so it would be useless when an unauthorized application tries to send data like keystroke logs. There are many other methods like disabling extra USB ports that are currently not being used, using a two-step verification which requires a pin even if the hacker knows your username and password, installing key encryption software that prevents a keylogging attack by encrypting the keys you type on the keyboard and plenty more. ("Hardware Keylogger | How to Prevent Keylogger Attack?", 2020)

With Windows Operating Systems (OS) being installed in their computers Sifers Grayson could easily implement Microsoft’s System Restore Utility Tool that can automatically create restore points and repairs the Windows system files and settings by reverting back to its previous state (Microsoft, 2018). This tool is useful to restore the system to a certain point before a bug affects the system, ensuring that before the malware is installed the tool will return the system to a previous good state of your choice. Sifers-Grayson will regularly check any application the user opens or installs to detect malware and other advanced cyber-attacks using their Windows Defender Antivirus solution. For Windows Defender Sifers-Grayson, its firewall and network security features will block unauthorized access to the network.

Sifers-Grayson employees opened the RFID managed doors which permitted red team access through the secured area. Sifer-Grayson's didn't inspect their credentials properly and the red team noticed they were talkative and polite and exploited it. An intrusion detection system (IDS) can be used as a passive security solution. It will monitor all inbound and outbound network traffic and identify suspicious patterns that might indicate a network or system attack from someone trying to gain access to compromise the system. IDS looks for any suspicious activity and events that might result in worms, viruses or hackers. It does this by looking for known intrusion signatures or attack signatures that characterize different worms or viruses and tracks variances that differ from regular system activity. An IDS would provide notifications of known attacks ("Intrusion Detection (IDS) and Prevention (IPS) Systems - Webopedia.com", 2020).

Cybersecurity training is recommended, this training will discuss the best practices for cybersecurity which will drastically decrease the chance of an attack from happening. If this training occurred previously the chances of an employee carelessly allowing people to gain access of restricted areas without any proper source of identification would be low as would the USB keylogging attack. It is expected for any company that withholds high level classified data to implement on staff cybersecurity training.

Ultimately, in order to help secure the network, Sifers-Grayson needs to have a lesson learned conference with the IT workers as well as the employee review the incident and introduce a new solution.

References

Hardware Keylogger | How to Prevent Keylogger Attack?. (2020). Retrieved 12 April 2020,