Documente Academic
Documente Profesional
Documente Cultură
The website had been targeted by hacktivists. The initial breach was made through a
social engineering attack, with a threat actor posing as company staff. Identify the real
or potential damage of the incident.
The immediate damage was the defacement of a company site. There had been DDoS
attempts; one of these could have been successful in the future. Individuals whose
information was obtained were at risk for personal attacks or fraud.
Integrity, because account payments had been misdirected. State the main cause or
causes of the incident.
A call center employee used photos of system screens to capture information. Using
that data, the employee’s cousin would create a fraudulent account. Identify the real or
potential damage of the incident.
Refunds had been sidetracked to fraudulent accounts. This could have continued,
leading to more losses.
Integrity, as the employee used his administrative access to take over accounts.
Confidentiality,by downloading company information. State the main cause or causes of
the incident.
The disgruntled employee used his access to steal files and set delete commands for
future dates. Investigators also found a USB plug extension that was sending keyboard
input to a Romanian server (unrelated to the employee’s actions). Identify the real or
potential damage of the incident.
Both threats were discovered before real damage to occur. The information stolen by
the employee, as well as the future commands he set in systems, could have caused
major disruptions to the business. Information gained through the key logger could
have provided information of another threat agent to get into the company’s system
and cause different kinds of harm, depending on their motivation.
Availability, since the overloaded system was slowing down all activity on campus. State
the main cause or causes of the incident.
An unknown actor set up a botnet causing the many IoT devices on campus to flood the
server with requests. Identify the real or potential damage of the incident.
The immediate problem was slow internet service for users. The attacker could have
potentially begun directly affecting lights, heating systems, and other connected
systems on campus.
Availability, trying to launch a DDoS targeted toward busy times. State the main cause
or causes of the incident.
The attacker was using several types of attacks aimed at routers running old firmware
with UPnP enabled; odds were that many of these were “NYP’d” (not yet patched).
Identify the real or potential damage of the incident.
The attack was discovered before the problem got too bad. If it the DDoS hit as
planned, the company faced the potential of angry customers and possibly lost
customers, as well as a public relations problem. This could cause long-term losses of
business and reputation.
A threat agent—or threat actor—is anything that can possibly damage or disrupt the
system’s ability to perform as it needs to. This isn’t limited to malicious actors like
hackers.