Assessment item 3 – Case Study: Incident Investigation and Mitigation
Osprey Cyber Corporation (OCC) is a cyber security company that provide both offensive and
defensive capabilities to customers including but not limited to private organisations, educational
institutions, and government.
Recently OCC has been engaged by RavenCorp; an organisation who develop drones and has
seen some suspicious outbound traffic on their firewall.
RavenCorp are headquartered in Sydney, Australia and also have presence in Munich, Germany.
Their environment comprises of both on-premise and cloud infrastructure.
Upon conducting the incident response engagement, the following high-level findings were
identified:
On January 16, 2022 a phishing e-mail had arrived where a user was tricked into
disclosing their credentials to a website at microsoft-account-validation.fakedomain.com
The next day, the user’s credentials were used to access a remote desktop server
The threat actor was able to run some software that allowed them to elevate their
privileges to administrator and created several additional accounts in their corporate
Active Directory with administrator rights
Over the next 6 months, the threat actor exfiltrated several terabytes of data. This
included:
o Customer information including names, addresses, e-mail addresses, phone
numbers, and credit card numbers
o Personal information about employees of the organisation
o Technical drawings for a prototype drone that has potential military applications
The threat actor remained in the environment for around 330 days
Using the information above answer the questions below. Ensure you justify your response and
including any supporting information:
What type of an attack has likely occurred?
What type of threat actor has likely conducted the attack?
Are there any legal or regulatory considerations that need to be considered?
What policies, controls, or procedures could be implemented to prevent such an attack
from occurring?
Rationale
x
This assessment task will assess the following learning outcome/s:
be able to analyse the main types of cyber attacks and the various tactics and strategies
used during attacks.
be able to propose security policy, procedural and technical controls to mitigate the
threats of different types of cyber attacks and the risks they present.
Presentation
x
Use a report format, with correct grammatical protocols and accurate spelling, punctuation and
word count.
Feel free to use headings and bullet-lists where you think this is appropriate.
APA referencing should be used unless students have made prior arrangements with the subject
mentor.
Criteria HD Marks
Analysis of the case. An in-depth critical
assessment of the case
has been conducted.
The type of attack and a
likely threat actor has
been identified and is
well-supported using
contemporary literature.
30
Identification of
legal or regulatory
considerations
Relevant legislation and
regulation has been
identified. Key
elements that tie the
relevance to the case
have been identified
and justify why it is
applicable.
20
Recommendations In-depth
recommendations have
been identified and are
linked to the analysis of
the case and how they
could help mitigate
further similar events.
Recommendations align
with industry best
practices and where
applicable support
relevant legislation and
regulation.
30
Presentation &
Referencing
Grammar and spelling
contains no errors.
Sentence and paragraph
structure is accurate and
cohesive, and the ideas
flow throughout the
essay.
CSU/IT Masters
20
formatting standards
are closely followed.
Overall presentation is
professional and
fastidiously edited, and
commensurate with a
master's level
submission.
Referencing and
citation are properly
and judiciously
implemented, and a
large amount of high-
quality literature has
been researched.