Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Defining and Mitigating Insider Threats, Exams of Computer Networks

Insider threats are individuals with authorized access who can intentionally or unintentionally compromise an organization. Mitigation involves understanding unintentional and intentional threats, including negligence, accidents, and malicious actions. The document also discusses collusive threats and third-party threats, as well as threats from state-sponsored actors. It provides a comprehensive overview of insider threats and strategies for effective mitigation.

Typology: Exams

2024/2025

Available from 09/18/2024

dennis-mburu
dennis-mburu 🇺🇸

14 documents

1 / 14

Toggle sidebar

Related documents


Partial preview of the text

Download Defining and Mitigating Insider Threats and more Exams Computer Networks in PDF only on Docsity! Emily Carson February 9, 2024 Midterm One Q1: Review the following case study where they discussed an old Malware. Generate an STIX structure based on the information provided in the article. { “type”: “malware” , “spec_version”: “3.0” , “id”: “aids – trojans – ransomware” , “created”: “1989-12-01T00:00:00Z” , “modified”: “1989-12-01T00:00:00Z” , “name”: “AIDS Trojan (PC Cyborg) ” , “description": “AIDS Trojan is the first Ransomware attack that was launched in December 1989, and it was called PC Cyborg or AIDS Trojan. The attack was distributed by Dr. Joseph L. Popp. ” , “labels”: [“ransomware”] , “is_family”: false , “kill_chain_phases”: [ { “kill_chain_name”: “cyber-attack_lifecycle” , “phase_name”: “delivery” } , { “kill_chain_name”: “cyber-attack_lifecycle” , “phase_name”: “exploitation” } , { “kill_chain_name”: “cyber-attack_lifecycle” , “phase_name”: “isntallation” } , { “kill_chain_name”: “cyber-attack_lifecycle” , “phase_name”: “impact” } ] , “malware_types”: [ “Trojan” ] , “delivery_methods”: [ { “name”: “physical” “description”: “Infected floppy disks labeled as AID Information Introductory Diskette were mailed to victims.” } ] } Description: This guide, co-authored by U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and other agencies, addresses living off the land (LOTL) techniques and cyber defense gaps. It emphasizes threats posed by malicious actors, including state-sponsored ones, employing LOTL to compromise critical infrastructure. The document highlights LOTL's effectiveness in discreet operations due to its use of native tools, making detection challenging. It provides best practices and detection guidance for network defenders, focusing on logging, baselines, automation, and behavioral analytics. The guide also offers hardening practices and recommends reporting identified LOTL activities to relevant agencies. Additionally, it encourages software manufacturers to adopt secure-by-design principles to mitigate LOTL vulnerabilities. Media Source 1: Threat post – Starlink Successfully Hacked Using $25 Modchip https://threatpost.com/starlink-hack/180389/ Title: Starlink Successfully Hacked Using $25 Modchip Description: Belgian security researcher Lennert Wouters revealed at the Black Hat conference that he successfully hacked into SpaceX's Starlink satellite-based internet system using a homemade circuit board costing around $25. The attack involved a voltage fault injection on a Starlink User Terminal (UT), allowing Wouters to break into the dish and explore the Starlink network. He developed a modchip using a Raspberry Pi microcontroller, flash storage, electronic switches, and a voltage regulator. The attack resulted in an "unfixable compromise" of the Starlink UT, granting root access and the ability to execute arbitrary code. Wouters responsibly disclosed the vulnerability to SpaceX through its bug bounty program before presenting it publicly. SpaceX responded with a six-page paper acknowledging the research's technical impressiveness and emphasizing its defense-in-depth approach to security. Media Source 2: The Hacker News – Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation https://thehackernews.com/2024/02/recently-disclosed-ssrf-flaw-in-ivanti.html Title: Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation Description: A recently disclosed server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure and Policy Secure products is witnessing mass exploitation, with the Shadowserver Foundation observing attempts from over 170 unique IP addresses seeking to establish a reverse shell. The attacks leverage CVE-2024-21893, an SSRF flaw in the SAML component, allowing unauthorized access to restricted resources. Ivanti had acknowledged limited exploitation before public disclosure, but the situation has intensified post-disclosure, particularly with the release of a proof-of-concept (PoC) exploit by Rapid7. The PoC combines CVE-2024-21893 with CVE-2024-21887 for unauthenticated remote code execution. Security researcher Will Dormann highlighted additional outdated open-source components in Ivanti VPN appliances, and despite initial mitigation attempts, threat actors are finding ways to bypass defenses, prompting Ivanti to release a second mitigation file and official patches. The ongoing exploitation has led to a joint advisory by the European Union, CERT-EU, ENISA, and Europol, urging organizations to follow Ivanti's guidance for risk mitigation. Media Source 3: CYBERSCOOP – Hackers leak huge cache of data from evangelical organization that supports Dobbs decision. https://cyberscoop.com/evangelical-wmtek-liberty-counsel-hack-donors-operation- jane/ Title: Hackers leak huge cache of data from evangelical organization that supports Dobbs decision. Description: Pro-choice hacktivists have leaked over 74 gigabytes of data linked to evangelical organizations as a form of protest against groups supporting the Dobbs v. Jackson ruling, which reversed Roe v. Wade. The data was posted on Enlace Hacktivista, along with a message calling out the conservative religious organization Liberty Counsel and exposing the donors' list. The hacktivists claim to have obtained the files by hacking WMTEK, a Florida company offering web design, development, and donor management services. The leaked data comprises over 120 databases connected to various WMTEK clients. Liberty Counsel has not responded to requests for comment, and WMTEK CEO Dan Pennell stated they are currently investigating the security incident. The attack aligns with the pro-choice movement's efforts to utilize the internet in opposing anti-abortion organizations following legislative changes. Social Media 1: Twitter – Cybernews live https://twitter.com/cybernewslive Title: Cyber news live Description: The thread provides various methods to remove malware from a Chrome browser. The first set of instructions recommends updating Chrome to the latest version through the Chrome menu. Another user suggests resetting browser settings, removing unwanted programs, and installing browser protection software as effective ways to eliminate malware. A third user distinguishes between a free manual method and a paid, automated method involving browser protection software. Additional responses emphasize running a full antivirus scan, checking for malicious extensions, and using specialized programs like AdwCleaner and Malwarebytes. The discussion underscores the importance of staying vigilant against malware and employing a combination of methods for effective protection. Forum Source 2: Disboards.com https://www.disboards.com/threads/cyber-attacks.3930058/#post-65051437 Title: Cyber Attacks Description: The forum discusses recent cyber attacks on companies like Caesars and MGM, involving a significant amount of personal information. While these incidents did not affect the forum users directly, some members share experiences of receiving letters from financial institutions hit by attacks. The discussion touches on the increasing vulnerability of personal data online and the potential for future issues. Users express concerns about the rise in cybercrime, emphasizing the need for vigilance and proper security measures. The thread also delves into the methods employed by hackers, including attacks on hospital systems and the role of employee training in preventing such incidents. Members highlight the challenges faced by entities dealing with ransom demands and the prevailing risks in the digital age. The conversation reveals a mixture of personal experiences, insights, and concerns regarding the ongoing and future threats posed by cyber-attacks. Forum Source 3: Reddit – Hacker Collective Anonymous https://www.reddit.com/r/technology/comments/t0y163/ hacker_collective_anonymous_declares_cyber_war/ Title: Hacker Collective Anonymous declares ‘Cyber war’ against Russia, disables state news website Description: The Reddit post discusses a declaration of cyber war by the hacker collective Anonymous. The group has reportedly targeted various entities in response to perceived injustices and corruption, intending to expose and disrupt their operations. The post highlights Anonymous' announcement of their cyber activities and encourages others to join their cause. However, the specific targets and outcomes of the declared cyber war are not detailed in the summary, and for accurate information, one would need to refer to the actual Reddit thread. Dark Web Source 1: Cisco Talos Blog https://blog.talosintelligence.com/threat-source-newsletter-april-13-2023/ Title: Threat source newsletter – Dark Web Forum Whac-a-mole Description: Law enforcement agencies globally achieved significant successes against cybercriminal forums recently. The FBI disrupted BreachForums, an online marketplace for stolen user information, and arrested a suspected founder. In "Operation Cookie Monster," international agencies collaborated to take down Genesis Market, arresting numerous users and administrators. These actions targeted forums associated with the sale of sensitive information by cybercriminals. While the disruptions are noteworthy, concerns arise about the potential emergence of new forums to cater to cybercriminals. The arrests and network operations affected platforms with substantial user bases, emphasizing the challenge of addressing the widespread nature of cybercrime. Additionally, the article highlights the recurrent nature of such disruptions and the resilience of certain cyber threats, referencing past instances like the Emotet botnet's resurgence. The piece concludes with a focus on a critical zero-day vulnerability in the Windows Common Log File System Driver (CVE-2023-28252), actively exploited by Nokoyawa ransomware, urging users to promptly apply Microsoft's patch. Other headlines include the leak of classified military documents related to Russia's invasion of Ukraine and China's military plans, Apple's release of patches for zero-day vulnerabilities in iOS and macOS, and the FBI warning against using public charging stations due to potential security risks. Dark Web Source 2: Cybereason.com – About the dark web https://www.cybereason.com/blog/what-is-the-dark-web-ransomware-marketplace Title: What is the Dark Web Ransomware Marketplace? Description: This article discusses the role of the dark web in facilitating ransomware activities. It provides an overview of the dark web, differentiating it from the surface and deep web. The dark web, accessible through special browsers like TOR, serves various purposes, including legitimate ones like private communication and nefarious activities