Name: Sebastian Haller
Role: Cybersecurity Incident Response Team Leader
Organization: Sifers-Grayson
Email Address: [email protected]
Phone Contact: 1-551-764-2030
Location: 1555 Pine Knob Trail, Pine Knob, KY 42721.
Timeline: The security break transpired on August 30th, 2020, at 9:00 a.m EST. The incident was identified on August 30th at 9:45 a.m. The security operations center was notified of the breach on August 30th at 9:50 a.m. The incident was solved on August 30th, 10:10 a.m.
Physical Location: 1555 Pine Knob Trail, Pine Knob, KY 42721.
Scottsdale, AZ 8505
Building 3710, Test Range
Scottsdale, AP 86051
Current Status: Every resource has been physically disconnected and taken offline. Users that may not have modified their passwords in the last hour face the risk of stolen files. There are higher chances the breach is in progress. However, if other hosts are affected, the situation will be contained and repeat the detection and analysis stage.
Source of the Incident: The origin of the breach is the IP address of 00-01-02-5F-42. The utilized internet protocol address by the hacker is 10.10.135.17, using the host tag Amanda Brines.
Development of Incident: Chris Davis, a technology professional in the R&D lab, established the failing response to his controls by the test vehicle. After investigating further, he identified that the test range vehicle (10.10.145.0/24) was controlled by another individual docking the AX10 drone close to the bay. After notifying the R&D principal professional, he established that the test vehicle was regulated by other entities and also established that radio broadcastings to the test location remained minimal. Subsequently, informing the IT division and operators at the test range established that the file servers also disappeared. This exhibited proof that they were either erroneously or deliberately erased and repositioned files. Users stated that their computer units were performing irregularly and executing software programs devoid of authorization.
Description of Affected Resources- R&D server files were pilfered and may be tainted with viruses from a remote device. Even though the system was hacked, it seems suitable and does not exhibit a decelerated network connections to remote devices. AX10 test vehicle displays no mark of destruction but will be evaluated for potential malware.
Vectors of Attack: The Red Team could manipulate susceptibilities, gain network accessibility to the network, and use a universal serial bus with key logger software. Red Team members exploited the susceptible personnel by trying to ride along insecure zones. Red Team associates observed that several personnel gaining access PII and extra documentation had no utility passwords in their machines (Ayofe & Irwin, 2010). This certified Red Team members to surf and regain delicate data and use the information to instigate assaults. For instance, most employees used their birth dates as a login password.
Prioritization Factors: Affected nodes were verified and are running routinely. Each device is operationally equipped to continue utilizing network resources. The business presently suffers no functional influence. Users have restricted accessibility to transfer materials from servers as well, as read or writing authorizations are being observed prudently by SIEM mechanisms.
Mitigation Factors: PROM burner linked to numerous workplaces pose a trivial risk. Workplaces have been repossessed and analyzed for any fragments on the hard drive that may offer a susceptibility.
Response Actions: After the attack notification, nodes were instantly disconnected for further exploration. Servers were cordoned off for in-depth scrutiny to ascertain the risk levels the company may face. Blue Team members instantly proceeded to probe the malware attacks and utilized appropriate Business Impact Investigation to establish how they must advance their processes. The Blue Team utilized a Chain of Custody to distribute hard drive duplicates with other employees in the subdivision to scrutinize information.
Cause of the Incident
The Red Team utilized three filched login credentials to propel Phishing Emails to personnel. These electronic phishing mail seemed to come from colleagues and had a link to one of the three videos. Every video was interconnected to a server that traced the workstation’s electronic mail and IP address in accessing the video. The Red Team stated that approximately 80% of the receivers accessed the link containing cute kittens.
Cost of the Incident
The incident may result in an expense amounting to approximately $3,600. The firm will have to offer operations on a 24hour basis until every system back up, and analysis is complete. This means have IT personnel at the site for an overtime period, 6 p.m to 6 a.m. At $100 per hour, it amounts to $1200 each day. The personnel project that the repair and back up cost may take up three days. Nonetheless, the firm may accrue significant losses due to the inability to offer services.
Business Impact of the Incident
Sifers-Grayson experienced no grave damage. The business was rationally able to continue the execution of tasks. However, due to a poor BCP strategy, personnel dashed to communicate with significant investors to progress the operations. Poor system safety presented grave damage as hackers may have a broader opportunity to unleash a distressing spasm and striking deals to regain the source program.
General comments
Sifers-Grayson has different and unoriginal needs in line with the agreement projected and retained by interested groups. The pact’s advantages are founded on elementary strategies delivered by the National Institute of Standards and Technology (NIST) and Defense Federal Acquisition Regulation Supplement (DFARS). NIST generates principles to aid federal organizations to attain the Federal Information Security Management Act requirements (Program, 2020). Sifers-Grayson and Nofsinger Consultancy jointly settled on an invoicing development, confirmation of duties, and other revelations that should not be documented.
