In recent years, threat actors using ransomware have become extremely sophisticated. They have adopted business intelligence capabilities alongside their more malicious hacking activities. They routinely use publicly available financial statements filed with regulatory bodies such as the United States Securities and Exchange Commission (SEC). During actual penetration of target organization, they exfiltrate detailed financial information which is neither required in SEC filings nor available even to most internal stakeholders. This allows them to conduct detailed financial analysis and determine a targeted amount for a ransom that the target organization will be demanded to pay. The use of internal information to develop the ransom amount makes it extremely difficult for victim organizations to negotiate the ransom downward to a lower amount. Audits are exceptionally important to identify vulnerabilities and misconfigurations that result in the loss of such sensitive data.
A recent audit has found considerable security risks within the finance and accounting function of your organization. Your organization uses Red Hat Enterprise Linux 8 as the operating system for internal servers which provide application and data to the finance and accounting branch. Windows Server 2022 for controlling the domain and performing Active Directory functions. End users are all on Windows 10 and 11. Existing policy limits mobile devices to Apple iOS/iPadOS 16. Your organization uses the CIS Critical Security Controls version 8.1 to aid in defining its security control baseline. Secure system configurations are based upon the appropriate CIS Benchmark documents. The MITRE ATT&CK framework is used to inform your threat intelligence activities.
Your supervisor has selected you to serve as a cybersecurity representative to the cross-functional team tasked to identify and improve the security posture of the finance function within your organization. The individual responsible for threat intelligence has identified the threat actor groups FIN8 and Scattered Spider as representative of the actors potentially targeting your organization. After reviewing the audit results and the techniques used by FIN8 and Scattered Spider the group has determined that MITRE ATT&CK Technique T1068, Exploitation for Privilege Escalation needs to be the first item addressed.
Your task is to create a PowerPoint presentation which will be used to gain support from leadership for the changes needed to the organization’s systems. Using the CIS Critical Security Controls, Red Hat Linux and Windows Server CIS Benchmarks, the MITRE ATT&CK framework, and any outside research as reference materials create and submit a presentation which addresses the following topics:
• Cover slide with your course number/section, name, and date
• Purpose of the presentation
• Summarize the threat actor technique you are recommending mitigations for
o From the summary above this is MITRE ATT&CK technique T1068
o Information on this technique is available on the attack.mitre.org site, search for T1068
• Summarize the representative threat actor groups
o These were identified by your threat intelligence representative in the above summary
o Information to draw from resides in the MITRE ATT&CK and online
o How have those groups used this technique?
• MITRE ATT&CK lists five mitigations for this technique
o Provide the name and brief description of each mitigation
o Using the resources below and knowledge you have gained in this course explain why the mitigation should be implemented in your organization
o Using the Red Hat Linux and Windows Server Benchmarks and your experiences from this course, what are some specific procedures that could be taken to implement these mitigations (describe at least two procedures)
o The Red Hat Linux Benchmark does cross reference some of the ATT&CK mitigation ID numbers directly. For other mitigations and for the Windows Benchmark you will need to research approate actions in the benchmark or online.
Links to Use
https://cyberactive.bellevue.edu/bbcswebdav/xid-107224184_4
https://cyberactive.bellevue.edu/bbcswebdav/xid-107224186_4
https://cyberactive.bellevue.edu/bbcswebdav/xid-107224185_4
https://attack.mitre.org/
Do you need help with this assignment or any other? We got you! Place your order and leave the rest to our experts.