Assessment item 3 – Case Study: Incident Investigation and Mitigation
Osprey Cyber Corporation (OCC) is a cyber security company that provide both offensive and defensive capabilities to customers including but not limited to private organisations, educational institutions, and government.
Recently OCC has been engaged by RavenCorp; an organisation who develop drones and has seen some suspicious outbound traffic on their firewall.
RavenCorp are headquartered in Sydney, Australia and also have presence in Munich, Germany. Their environment comprises of both on-premise and cloud infrastructure.
Upon conducting the incident response engagement, the following high-level findings were identified:
• On January 16, 2022 a phishing e-mail had arrived where a user was tricked into disclosing their credentials to a website at microsoft-account-validation.fakedomain.com
• The next day, the user’s credentials were used to access a remote desktop server
• The threat actor was able to run some software that allowed them to elevate their privileges to administrator and created several additional accounts in their corporate Active Directory with administrator rights
• Over the next 6 months, the threat actor exfiltrated several terabytes of data. This included:
o Customer information including names, addresses, e-mail addresses, phone numbers, and credit card numbers
o Personal information about employees of the organisation
o Technical drawings for a prototype drone that has potential military applications
• The threat actor remained in the environment for around 330 days
Using the information above answer the questions below. Ensure you justify your response and including any supporting information:
• What type of an attack has likely occurred?
• What type of threat actor has likely conducted the attack?
• Are there any legal or regulatory considerations that need to be considered?
• What policies, controls, or procedures could be implemented to prevent such an attack from occurring?
This assessment task will assess the following learning outcome/s:
• be able to analyse the main types of cyber attacks and the various tactics and strategies used during attacks.
• be able to propose security policy, procedural and technical controls to mitigate the threats of different types of cyber attacks and the risks they present.
Use a report format, with correct grammatical protocols and accurate spelling, punctuation and word count.
Feel free to use headings and bullet-lists where you think this is appropriate.
APA referencing should be used unless students have made prior arrangements with the subject mentor.
Criteria HD Marks
Analysis of the case. An in-depth critical assessment of the case has been conducted. The type of attack and a likely threat actor has been identified and is well-supported using contemporary literature. 30
Identification of legal or regulatory considerations Relevant legislation and regulation has been identified. Key elements that tie the relevance to the case have been identified and justify why it is applicable. 20
Recommendations In-depth recommendations have been identified and are linked to the analysis of the case and how they could help mitigate further similar events. Recommendations align with industry best practices and where applicable support relevant legislation and regulation. 30
Presentation & Referencing Grammar and spelling contains no errors.
Sentence and paragraph structure is accurate and cohesive, and the ideas flow throughout the essay.
CSU/IT Masters formatting standards are closely followed.
Overall presentation is professional and fastidiously edited, and commensurate with a master’s level submission.
Referencing and citation are properly and judiciously implemented, and a large amount of high-quality literature has been researched. 20