4.3.7 Lab – Recommend Threat Mitigation Measures Answers

Aug 15, 2024 Last Updated: Aug 15, 2024 Endpoint Security No Comments
Tweet Share Pin it

4.3.7 Lab – Recommend Threat Mitigation Measures

Objectives

  • Part 1: Review an Incident at a Video Production Company
  • Part 2: Review an Incident at a Retail Company

Background / Scenario

Knowledge of network vulnerabilities and attacks is only part of the fight. Threat mitigation is the ultimate goal of network security personnel.

In this lab, you will read two case studies that describe network security incidents. It is your job to recommend threat mitigation measures to address each incident.

Required Resources

  • Internet access

Instructions

Part 1: Review an Incident at a Video Production Company

All Time Video Inc. is a company that produces video for a number of clients. They use digital video production methods and store their content on specialized content management servers. They are very proud of their content libraries that include a wide range of stock footage that can be used in videos on many subjects.

Company management has received an email from a group of threat actors. In the email, the threat actors claim that they have been able to steal several terabytes of video assets and projects from the content management servers. The threat actors threaten to upload the video assets to various servers on the internet unless the company pays a sum of money. All Time Video management is concerned that they will lose competitive advantage if their assets are made public.

The company has brought in an outside security team to investigate the incident. The investigation discovered that a batch of free USB drives that were available at a recent video trade fair were infected with malware. The malware infected several hosts on the All Time Video network and also spread across the network to other machines. The malware scanned the network for several types of content management software and determined the version of the software. The malware then exploited vulnerabilities in an unpatched older version of the software to gain access. Once access was gained, the malware notified the hackers who were then able to install software that uses DNS tunnelling to gradually steal data from the servers. This was used to evade detection. Over several months, the threat actors store terabytes of video assets.

Step 1: Analyze the attack.

As a member of the All Time Video security team, you will need to contribute your ideas about how an attack like this can be mitigated. Begin by identifying the conditions that lead to the attack.

What had to happen in order for this attack to occur?

Answers will vary.

  1. The infected USB drives were used on computers that are attached to the network.
  2. Malware scanned the network to identify the IP addresses of servers that are running the content management software.
  3. The malware targeted known server software vulnerabilities to gain privileged access to the server.
  4. Threat actors accessed the server from outside the network and installed software that sent files out of the network.

Step 2: Recommend Mitigation Techniques.

For each event that occurred during this incident, use your internet access to investigate possible mitigation techniques. You are free to use any information sources that you can find in order to recommend actionable threat mitigation techniques.

Answers may vary.

  1. Educate users about the dangers of bringing potentially unsafe media into the workplace. Configure virus checking software to scan external media.
  2. Monitor the network for unusual traffic such as scanning activity from internal sources that are not used for network management.
  3. Keep enterprise software up to date with newest versions and patches.
  4. Control network access with firewalls or IPS, protect internal assets from external access.

Part 2: Review an Incident at a Retail Company

A medium-sized retail company specializes in custom guitar components. A customer called to inform the company that his personal details and credit card information are on the internet. An investigation shows that threat actors were able to infiltrate the company network through an equipment supplier’s network connection. The purpose of the connection is to monitor a computer-controlled wood working tool that is used to create guitar necks and bodies. Weak security at the supplier enabled threat actors to exploit this connection. The threat actors were able to locate and access the server that is used to accept payments for products over the internet. The treat actors exploited a user account and weak password to access the customer database. All of the customer details were there in an easy-to-read file. The file was uploaded to a server that is used by hackers and the information was sold to other hackers.

Step 1: Analyze the Attack

Read the description of the incident and list the steps in the attack.

Answers may vary.

  1. Access to the internal network was gained through a third-party network.
  2. Scan for payment server.
  3. Used weak credentials for access.
  4. Customer information easy to identify.
  5. Customer data file stolen.

Step 2: Recommend Mitigation

For each event that occurred during this incident, recommend measures that could mitigate the event.

Answers may vary.

  1. Investigate the security of third-parties that will be granted access to the network. Selected certified secure partners only.
  2. Prevent network scanning from outside networks. Isolate confidential data from general network access.
  3. Establish a password policy and configure measures that ensure that people obey the policy. Limit the number of users that have access to confidential information.
  4. Encrypt confidential information for transmission and storage.
  5. Monitor the network for suspicious traffic including file uploads from sensitive locations.

Reflection

1. What specific resources did you find on the web that helped you to recommend mitigation measures?

Answers will vary. There are many resources available on the web that can contribute to your knowledge of cybersecurity. You should record the sites that you find most useful in a file or saved in your browser under folders that will help you revisit them as necessary. Saving the URLs in a file allows annotations to help identify the specifics about the sites.

2. Search the web for the top 5 cybersecurity threats that face Small to Medium-sized businesses (SMB) or enterprises (SME). List the threats in the table and suggest mitigation techniques that can help to counter each. Answers will vary, with different websites listing different threats. That is not a problem. Just be sure that information is recent and briefly investigate the source of the information to verify its quality.

a. Where did you find your information? Copy and paste the URL below.

https://securityboulevard.com/2020/12/top-10-cybersecurity-threats-in-2021-and-how-to-protect-your-business/

b. What is the name of the organization that provided the information?

It is a publisher of information from the 400-member Security Bloggers Network and other sources.

What is the name of the organization that provided the information?
Security Boulevard

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments