Recent leakage of Padgett-Beale’s architectural drawings and design
plans for a new type of resort on recently acquired island. Intellectual
property theft poses serious damage, Padgett-Beale’s profitability,
decrease business growth, and compromise competitive edge in the
industry. According to Federal Bureau of Investigation (2016), IP theft
is, but not limited to, robbing of people or companies of their ideas,
inventions, and creative expressions. This can be everything from trade
secrets and propriety products and classified plans. The IP is suspected
to be stolen through Advanced Persistent Threat mechanism, an attack
in which the intruder established a long-term presence in Padgett-
Beale networks (Johnston et al., 2019). ATP requires expert hacking
skills and need to be well funded. The IP theft is likely to be sponsored
by competitors engaging in corporate espionage and potentially state
sponsored espionage. Given that competitors have sworn that they are
not part of the espionage, it is possible that this IP theft was state
sponsored. In effort in avoiding future information leakage and IP theft,
Padgett-Beale needs to strengthen the perimeter defenses of its
network, invest in network intrusion detection and techniques, as well
as corporate training to mitigate and contain IP theft.
ATP attacks are much more complex than the traditional malware
attacks. The intruder can infiltrate and evade detection, roam around
the networks for weeks or months. ATP starts with infiltration of the
target network. This can be achieved through social engineering and
remote file inclusion and SQL injections, application vulnerabilities that
have been overlooked. Attacker, once infiltrated through a vector, can
establish many backdoors to evade detection and persist on the
network even after detection of discovery. The intruder can now start
connecting to command and control server, gather intelligence such as
username and passwords to further escalate their privilege within the
compromised network. The attacker will be free to roam around the
network with a legitimate credential and have access sensitive files,
which can also be sent back to the attacker. Even detected and
removed form the compromised network, the attacker can persist
through many back doors that was opened (FireEye, n.d.). Cyber
security analysts will have to actively close the backdoors on
compromised application and systems on the network as attacks
persist. Padgett-Beale’s IP thief could still be on the network after its
removal. It is best that potentially compromised systems with
vulnerable applications to be isolated and off the intranet of the
organization.
To mitigate such incidents in the future, Padgett-Beale must regularly
monitor for unusual activities within the network. Unauthorized open
ports on the network should be closed, and traffic on authorized
network ports and packets be monitored. Investing in a tool such as
firewall appliance, and intrusion detection system to monitor all traffic
that is coming and going from Padgett-Beale’s network is a must. This
is only part of the solution, as network monitoring can only prevent
uninvited traffic. All administrators should be aware of vulnerabilities
that exists in organization’s systems and applications.
Patching and securing operating systems and applications are vital in
mitigating future attacks and reducing attack vectors. Unpatched web
servers are especially vulnerable, and often scoring the highest ratings
for vulnerabilities. Maintaining security patch levels is critical and
should be one of the biggest priorities for administrators. End of life
applications and operating systems such as Windows XP should not be
connected to the network. System administrators should also be
vigilant of zero-day attack vulnerabilities that may exist in applications,
and coordinate with network security team in sandboxing systems
running new software for precaution. System administrators have
important role in securing Padgett-Beale’s information system.
Finally, employees should also receive access control and training in
mitigating social engineering attacks. Reducing access to sensitive and
proprietary information to need to know basis, should limit the
information leakage through day-to-day chatter. Employees will need
to understand and recognize social engineering attacks such as
dumpster diving, phishing, and or pretexting. Privileged access to
organization’s intellectual properties should only be granted to those
who demonstrate the ability to maintain confidentiality of the
organization.
With network monitoring, patching of critical infrastructure, and
training, Padgett-Beale will reduce the likely hood of another
information leakage. It is important that the organization, stay vigilant
to the changing landscape of cyber-attacks.
References
Awake Security. (2021, May 12).
Intellectual Property (IP) Theft
Definition & Examples
.
https://awakesecurity.com/glossary/intellectual-property-
theft/#:%7E:text=Intellectual%20property%20theft%20(IP%20theft,tra
demarks%2C%20copyrights%2C%20and%20patents.
Federal Bureau of Investigation. (2016, November 15).
Intellectual
Property Theft/Piracy
. https://www.fbi.gov/investigate/white-collar-
crime/piracy-ip-theft
FireEye. (n.d.).
Anatomy of an APT (Advanced Persistent Threat)
Attack
. https://www.fireeye.com/current-threats/anatomy-of-a-cyber-
attack.html
Johnston, D., Lynch, B., Lowing, S., Klepfish, N., Hasson, E., Lynch, B.,
Lynch, B., & McKeever, G. (2019, December 29).
What is APT
(Advanced Persistent Threat) | APT Security | Imperva
. Learning Center.
https://www.imperva.com/learn/application-security/apt-advanced-
persistent-threat/