Abstract image of a woman sitting on books and studying on a laptop

Group assingment

Download as PPTX, PDF
J
Jeewanthi Fernando

A government department's critical application server became non-operational, causing service disruptions. The IT team was unable to resolve the issue using internal tools. External assistance was requested. It was discovered that the network was infected by the CME-24 worm due to lack of up-to-date antivirus software, no security policies, and a common password. The assistant analyzed information gathered from the victim site and detected the worm on the application server. They recommended security best practices like regular software updates, strong passwords, and access logs to prevent future attacks.

Education
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
Case Study: “The Worm – Episode 1” GROUP ASSINGMENT Group Members • Tanushini Bandara – MS18908084 • Jeewanthi Fernando - MS18901290 1
Contents 10/19/2020Case Study: “The Worm – Episode 1” 2
Main incident and motivation. • The Government Department had an Application Server running an extremely Critical Application, which processed hundreds of requests a day. • We were informed that the Critical Application had become non-operational a few days earlier, and that a large number of service recipients had begun to queue outside the Office as a result. 10/19/2020Case Study: “The Worm – Episode 1” 3
• The IT team of the Department had identified the situation several days earlier and had attempted to resolve the issue using internal resources. • As part of their response, they had used a virus removal tool on the Application Server to remove files which the Anti Virus software showed as being infected by a Virus, but the problem persisted. • The situation had continued to deteriorate, and the senior management had decided to ask for external assistance. 10/19/2020Case Study: “The Worm – Episode 1” 4
How they identified the real attacker ? • They initially collected some basic information over the phone and via E-mail from the official who contacted us to establish a background for the affected Department, so as to establish contacts and escalation and reporting points within the Department. 10/19/2020Case Study: “The Worm – Episode 1” 5
Other reasons • The Department’s network was not protected with up-to- date Antivirus software. • There was no documented Security Policy in place governing such security related procedures and actions. • Users were accessing the Application Server system using a common password. 10/19/2020Case Study: “The Worm – Episode 1” 6
The methods they used to carry out the attack • Verify that this was indeed an incident. • Initially collected some basic information over the phone and via E-mail • Ask four critical questions. • Gather there are own information's from the victim site 10/19/2020Case Study: “The Worm – Episode 1” 7
Steps they have taken to unmask the real attacker 8 • The presence of the CME-24 was detected on the Application Server, by the Department’s IT team, under the alias W32.Blackmal.E. • Gather there are own information from the victim site. Case Study: “The Worm – Episode 1” 10/19/2020
Steps they have taken to prove the real attacker's identity • Most of the client machines had detected a virus infection in the Shared folder of the Application Server. • Analysis of the gathered information began to give us a clear picture of the Department network setup, and the potential weaknesses that may have led to the incident. 10/19/2020Case Study: “The Worm – Episode 1” 9
The best security practices they can take to avoid future attacks 10 • Ensured that Anti Virus & Operating System software were regularly updated. • Access to critical systems was restricted using a strong password policy. • Clear audit trails were maintained using system access logs. Case Study: “The Worm – Episode 1” 10/19/2020
Thank You…. 10/19/2020Case Study: “The Worm – Episode 1” 11

More Related Content

PDF
Sensitive Data Exposure Incident Checklist
- Mark - Fullbright
 
PDF
Data Leak Protection Using Text Mining and Social Network Analysis
IJERD Editor
 
PDF
ARES Next-Gen Risk Management Platform
Tieu Luu
 
DOCX
Winchester Aquarium and Pet Center Incident Response Plan
R. Curtis Roth
 
PPTX
Incident response
Anshul Gupta
 
PPTX
ENISA - EU strategies for cyber incident response
Kevin Duffey
 
PDF
Incident Response
MichaelRodriguesdosS1
 
PDF
Incident Response: How To Prepare
Resilient Systems
 
Sensitive Data Exposure Incident Checklist
- Mark - Fullbright
 
Data Leak Protection Using Text Mining and Social Network Analysis
IJERD Editor
 
ARES Next-Gen Risk Management Platform
Tieu Luu
 
Winchester Aquarium and Pet Center Incident Response Plan
R. Curtis Roth
 
Incident response
Anshul Gupta
 
ENISA - EU strategies for cyber incident response
Kevin Duffey
 
Incident Response
MichaelRodriguesdosS1
 
Incident Response: How To Prepare
Resilient Systems
 

Similar to Group assingment (20)

PPTX
What's New In CompTIA Security+ - Course Technology Computing Conference
Cengage Learning
 
PDF
Current Conditions and Challenges of Cybersecurity in Taiwan
APNIC
 
PDF
Incident handling of cyber espionage
Marie Elisabeth Gaup Moe
 
PDF
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Citrin Cooperman
 
PPTX
IRP on a Budget
Sean D. Goodwin
 
PDF
Prosecuting Cybercrime and Regulating the Web
Darius Whelan
 
PPTX
The Ugly Cost of Cyber Crime
Rahul Neel Mani
 
PDF
A Breach Carol: 2013 Review, 2014 Predictions
Resilient Systems
 
PPT
Ransomware: Prevention, privacy and your options post-breach
Gowling WLG
 
PDF
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Accellis Technology Group
 
PPTX
Making Sense of Threat Reports
DLT Solutions
 
PDF
YUDU - Managing a Breach (LDSC Cyber Themed Evening)
Tom Lejava
 
PPTX
IoT DDoS Attacks: the stakes have changed
Great Bay Software
 
PDF
chapter 8- Management Information Systems Managing the Digital Firm
Mohamad Fathi
 
PPT
Security Manager - Slides - Module 1 Powerpoint Presentation
trevor501353
 
PPT
Security Manager - Slides - Module 1 Powerpoint Presentation
trevor501353
 
PPT
Security Manager - Slides - Module 1 Powerpoint Presentation
trevor501353
 
PDF
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC
 
PPTX
Police CyberAlarm introduction and overview
ptrduffy1
 
PPTX
cyber and digital forensics Case study.pptx
mcjaya2024
 
What's New In CompTIA Security+ - Course Technology Computing Conference
Cengage Learning
 
Current Conditions and Challenges of Cybersecurity in Taiwan
APNIC
 
Incident handling of cyber espionage
Marie Elisabeth Gaup Moe
 
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Citrin Cooperman
 
IRP on a Budget
Sean D. Goodwin
 
Prosecuting Cybercrime and Regulating the Web
Darius Whelan
 
The Ugly Cost of Cyber Crime
Rahul Neel Mani
 
A Breach Carol: 2013 Review, 2014 Predictions
Resilient Systems
 
Ransomware: Prevention, privacy and your options post-breach
Gowling WLG
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Accellis Technology Group
 
Making Sense of Threat Reports
DLT Solutions
 
YUDU - Managing a Breach (LDSC Cyber Themed Evening)
Tom Lejava
 
IoT DDoS Attacks: the stakes have changed
Great Bay Software
 
chapter 8- Management Information Systems Managing the Digital Firm
Mohamad Fathi
 
Security Manager - Slides - Module 1 Powerpoint Presentation
trevor501353
 
Security Manager - Slides - Module 1 Powerpoint Presentation
trevor501353
 
Security Manager - Slides - Module 1 Powerpoint Presentation
trevor501353
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC
 
Police CyberAlarm introduction and overview
ptrduffy1
 
cyber and digital forensics Case study.pptx
mcjaya2024
 
Ad

More from Jeewanthi Fernando (20)

PDF
Assingment 5 - ENSA
Jeewanthi Fernando
 
PDF
Assingment 4 - DDos
Jeewanthi Fernando
 
DOCX
Assingment 3 - Bug bounty
Jeewanthi Fernando
 
PDF
Assingment 2 - Law
Jeewanthi Fernando
 
PDF
Assingment 1 - Google haker
Jeewanthi Fernando
 
PPTX
Ob group presentation
Jeewanthi Fernando
 
PDF
OB group assignment
Jeewanthi Fernando
 
PPTX
Poster
Jeewanthi Fernando
 
PPTX
Assignment - Maliban
Jeewanthi Fernando
 
PDF
Assignment 1
Jeewanthi Fernando
 
PPTX
BPM presentation
Jeewanthi Fernando
 
PDF
Business Process Management Doc
Jeewanthi Fernando
 
PDF
Class activity 5
Jeewanthi Fernando
 
PDF
Class activity 4
Jeewanthi Fernando
 
PDF
Class activity 3
Jeewanthi Fernando
 
PPTX
Professional networking
Jeewanthi Fernando
 
PDF
Assignment 1
Jeewanthi Fernando
 
PDF
Tesco doc
Jeewanthi Fernando
 
PPTX
Tesco
Jeewanthi Fernando
 
PDF
ALSS Assingment 1
Jeewanthi Fernando
 
Assingment 5 - ENSA
Jeewanthi Fernando
 
Assingment 4 - DDos
Jeewanthi Fernando
 
Assingment 3 - Bug bounty
Jeewanthi Fernando
 
Assingment 2 - Law
Jeewanthi Fernando
 
Assingment 1 - Google haker
Jeewanthi Fernando
 
Ob group presentation
Jeewanthi Fernando
 
OB group assignment
Jeewanthi Fernando
 
Poster
Jeewanthi Fernando
 
Assignment - Maliban
Jeewanthi Fernando
 
Assignment 1
Jeewanthi Fernando
 
BPM presentation
Jeewanthi Fernando
 
Business Process Management Doc
Jeewanthi Fernando
 
Class activity 5
Jeewanthi Fernando
 
Class activity 4
Jeewanthi Fernando
 
Class activity 3
Jeewanthi Fernando
 
Professional networking
Jeewanthi Fernando
 
Assignment 1
Jeewanthi Fernando
 
Tesco doc
Jeewanthi Fernando
 
Tesco
Jeewanthi Fernando
 
ALSS Assingment 1
Jeewanthi Fernando
 
Ad

Recently uploaded (20)

PDF
Everyday Spelling and Grammar by Kathi Wyldeck
JohanaWulandari2
 
PPTX
Reproductive system-Human anatomy and physiology
ZenyTilwani1
 
PDF
Compact First Student's Book Cambridge Official
TunHng48
 
PDF
faiz-khans about Radiotherapy Physics-02.pdf
FrancisKazoba
 
PDF
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
PDF
M.Tech in Aerospace Engineering | BIT Mesra
BIT Mesra
 
PDF
Journal of Dental Science - UDMY (2020).pdf
Nay Aung
 
PDF
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2015).pdf
Nay Aung
 
PDF
PUBH1000 - Module 6: Global Health Tute Slides
Jonathan Hallett
 
PPTX
Thinking Routines and Learning Engagements.pptx
n646vnqyjz
 
PPTX
PLASMA AND ITS CONSTITUENTS 123.pptx
sweet2th18
 
PDF
Nurlina - Urban Planner Portfolio (english ver)
Nurlina Y.
 
PDF
1.Salivary gland disease.pdf 3.Bleeding and Clotting Disorders.pdf important
MichaelShawky5
 
PDF
Skin Care and Cosmetic Ingredients Dictionary ( PDFDrive ).pdf
SahianAlondraPichard
 
PDF
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
Nay Aung
 
PPTX
What’s under the hood: Parsing standardized learning content for AI
Rustici Software
 
PDF
Fun with Grammar (Communicative Activities for the Azar Grammar Series)
JohanaWulandari2
 
PDF
Solved Past paper of Pediatric Health Nursing PHN BS Nursing 5th Semester
shaukatkhan0798
 
PDF
LIFE & LIVING TRILOGY- PART (1) WHO ARE WE.pdf
sureshkumarsoni26
 
PDF
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 
Everyday Spelling and Grammar by Kathi Wyldeck
JohanaWulandari2
 
Reproductive system-Human anatomy and physiology
ZenyTilwani1
 
Compact First Student's Book Cambridge Official
TunHng48
 
faiz-khans about Radiotherapy Physics-02.pdf
FrancisKazoba
 
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
M.Tech in Aerospace Engineering | BIT Mesra
BIT Mesra
 
Journal of Dental Science - UDMY (2020).pdf
Nay Aung
 
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2015).pdf
Nay Aung
 
PUBH1000 - Module 6: Global Health Tute Slides
Jonathan Hallett
 
Thinking Routines and Learning Engagements.pptx
n646vnqyjz
 
PLASMA AND ITS CONSTITUENTS 123.pptx
sweet2th18
 
Nurlina - Urban Planner Portfolio (english ver)
Nurlina Y.
 
1.Salivary gland disease.pdf 3.Bleeding and Clotting Disorders.pdf important
MichaelShawky5
 
Skin Care and Cosmetic Ingredients Dictionary ( PDFDrive ).pdf
SahianAlondraPichard
 
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
Nay Aung
 
What’s under the hood: Parsing standardized learning content for AI
Rustici Software
 
Fun with Grammar (Communicative Activities for the Azar Grammar Series)
JohanaWulandari2
 
Solved Past paper of Pediatric Health Nursing PHN BS Nursing 5th Semester
shaukatkhan0798
 
LIFE & LIVING TRILOGY- PART (1) WHO ARE WE.pdf
sureshkumarsoni26
 
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 

Group assingment

  • 1. Case Study: “The Worm – Episode 1” GROUP ASSINGMENT Group Members • Tanushini Bandara – MS18908084 • Jeewanthi Fernando - MS18901290 1
  • 2. Contents 10/19/2020Case Study: “The Worm – Episode 1” 2
  • 3. Main incident and motivation. • The Government Department had an Application Server running an extremely Critical Application, which processed hundreds of requests a day. • We were informed that the Critical Application had become non-operational a few days earlier, and that a large number of service recipients had begun to queue outside the Office as a result. 10/19/2020Case Study: “The Worm – Episode 1” 3
  • 4. • The IT team of the Department had identified the situation several days earlier and had attempted to resolve the issue using internal resources. • As part of their response, they had used a virus removal tool on the Application Server to remove files which the Anti Virus software showed as being infected by a Virus, but the problem persisted. • The situation had continued to deteriorate, and the senior management had decided to ask for external assistance. 10/19/2020Case Study: “The Worm – Episode 1” 4
  • 5. How they identified the real attacker ? • They initially collected some basic information over the phone and via E-mail from the official who contacted us to establish a background for the affected Department, so as to establish contacts and escalation and reporting points within the Department. 10/19/2020Case Study: “The Worm – Episode 1” 5
  • 6. Other reasons • The Department’s network was not protected with up-to- date Antivirus software. • There was no documented Security Policy in place governing such security related procedures and actions. • Users were accessing the Application Server system using a common password. 10/19/2020Case Study: “The Worm – Episode 1” 6
  • 7. The methods they used to carry out the attack • Verify that this was indeed an incident. • Initially collected some basic information over the phone and via E-mail • Ask four critical questions. • Gather there are own information's from the victim site 10/19/2020Case Study: “The Worm – Episode 1” 7
  • 8. Steps they have taken to unmask the real attacker 8 • The presence of the CME-24 was detected on the Application Server, by the Department’s IT team, under the alias W32.Blackmal.E. • Gather there are own information from the victim site. Case Study: “The Worm – Episode 1” 10/19/2020
  • 9. Steps they have taken to prove the real attacker's identity • Most of the client machines had detected a virus infection in the Shared folder of the Application Server. • Analysis of the gathered information began to give us a clear picture of the Department network setup, and the potential weaknesses that may have led to the incident. 10/19/2020Case Study: “The Worm – Episode 1” 9
  • 10. The best security practices they can take to avoid future attacks 10 • Ensured that Anti Virus & Operating System software were regularly updated. • Access to critical systems was restricted using a strong password policy. • Clear audit trails were maintained using system access logs. Case Study: “The Worm – Episode 1” 10/19/2020
  • 11. Thank You…. 10/19/2020Case Study: “The Worm – Episode 1” 11