Scribd
Upload
87 views4 pages

Cyber Security Assignment 2

The document outlines potential attack vectors used in a cybersecurity breach at SecureBank, including phishing emails, unpatched software vulnerabilities, compromised third-party vendors, and credential stuffing. It assesses the effectiveness of SecureBank's security controls, noting that while the Security Operations Center was alerted to unusual activity and an incident response was initiated, there were significant failures in preventive measures, access management, and data protection. The analysis highlights the need for improved endpoint protection, network segmentation, multi-factor authentication, and data encryption.

Uploaded by

thakurajay8865
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
87 views4 pages

Cyber Security Assignment 2

The document outlines potential attack vectors used in a cybersecurity breach at SecureBank, including phishing emails, unpatched software vulnerabilities, compromised third-party vendors, and credential stuffing. It assesses the effectiveness of SecureBank's security controls, noting that while the Security Operations Center was alerted to unusual activity and an incident response was initiated, there were significant failures in preventive measures, access management, and data protection. The analysis highlights the need for improved endpoint protection, network segmentation, multi-factor authentication, and data encryption.

Uploaded by

thakurajay8865
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Cyber SeCurity ASSignment 1

NAME: Ajay Chauhan


ROLL NO. : 2400290119001

1. Attack Vector and Initial Compromise


a. Likely Attack Vector Used
Based on common trends and the nature of the breach, here
are the most likely attack vectors the attackers could have
used:
1. Phishing Email with Malware Payload
• Scenario: An employee at SecureBank may have received
a well-crafted phishing email with a malicious
attachment or link.
• Result: Clicking the link or opening the attachment could
have installed malware (e.g., Remote Access Trojan -
RAT) that gave the attacker initial access to the internal
network.
• Reason for Likelihood: Phishing remains one of the top
initial access methods in financial sector attacks due to
human error.
2. Exploiting Unpatched Software Vulnerabilities
• Scenario: Attackers exploited a known vulnerability in
one of SecureBank’s exposed applications or systems
(e.g., a web server or VPN appliance).
• Example: Exploitation of a vulnerability like Log4Shell or
ProxyShell could allow remote code execution.
• Result: Gained administrative privileges or lateral
movement within the network.
3. Compromised Third-Party Vendor (Supply Chain
Attack)
• Scenario: Attackers gained access through a thirdparty
vendor or service provider that had legitimate access to
SecureBank’s systems.
• Reason: Financial institutions often work with various
external service providers, which increases attack
surfaces.
4. Credential Stuffing or Brute Force
• Scenario: Attackers used leaked credentials or weak
passwords to access employee or system accounts via
exposed login portals.

b. Assessment of SecureBank’s Security Controls Effective


Controls (What Worked):
• Security Operations Center (SOC) Alert:
o The SOC was alerted to unusual activity, indicating
that some form of anomaly detection or SIEM
(Security Information and Event Management)
system was in place and functioning.
• Incident Response Process Initiated:
o The prompt investigation shows an existing incident
response process, which is crucial for damage
control.
Ineffective Controls (What Failed):
• Preventive Measures:
o Despite being a “leading bank known for its robust
security,” the attackers still gained unauthorized
access, indicating:
▪ Possible failure in endpoint protection or
email filtering systems.
▪ Lack of proper network segmentation,
allowing lateral movement post-breach.
▪ Insufficient patch management if the attack
involved an unpatched vulnerability.
• Access Management:
o Inadequate use of Multi-Factor Authentication
(MFA) for critical internal systems might have
enabled the attacker to escalate privileges.
• Data Protection:
o Access to sensitive customer data indicates: ▪ Poor
encryption at rest or in transit.
▪ Lack of data loss prevention (DLP)
mechanisms.
▪ Overly permissive access control policies (e.g.,
too many employees with access to sensitive
data).

You might also like