Copy of _ Dylan T __ Security 101 Challenge_
pdf
School
University of Texas, San Antonio *
*We aren’t endorsed by this school
Course
MISC
Subject
Information Systems
Date
Dec 6, 2023
Type
Pages
6
Uploaded by DeanDangerWombat38
Cybersecurity Threat Landscape
Part 1: Crowdstrike 2021 Global Threat Report
For Part 1 of your homework assignment, use the
Crowdstrike 2021 Global Threat
Report
, along with independent research, to answer the following questions (remember
to make a copy of this document to work on):
1.
What was the dominant ransomware family that impacted the healthcare industry
in 2020?
[Maze]
2.
Describe three different pandemic-related eCrime Phishing themes.
[Misleading healthy and safety emails,
credential harvesting, and attacking employees who work at home.]
3.
Which industry was targeted with the highest number of ransomware-associated
data extortion operations?
[Industrial and Engineering Sector]
4.
What is WICKED PANDA? Where do they originate from?
[Wicked Panda is chinese based cyber group that operates a group for hire]
5.
Which ransomware actor was the first observed using data extortion in a
ransomware campaign?
[Outlaw Spider]
6.
What is an access broker?
[An Access Broker are actors that gain hack organizations and sells their
info through a private channel or criminal forms]
7.
Explain a credential-based attack.
[Credential-based attacks are people who hack and steal companies
credentials to have access to companies security and major info logs, once
the hacker has access, they steal info for that company.]
8.
Who is credited for the heavy adoption of data extortion in ransomware
campaigns?
[Twisted Spider]
9.
What is a DLS?
[DLS is a resource that can send out links to people who are on the
internet.]
10.According to Crowdstrike Falcon OverWatch, what percentage of intrusions came
from eCrime intrusions in 2020?
[79%]
11. Who was the most reported criminal adversary of 2020?
[Wizard Spider]
12.Explain how SPRITE SPIDER and CARBON SPIDER impacted virtualization
infrastructures.
[They both came together to develop a ransomware version of Linux that
affects ESXI hosts.]
13.What role does an Enabler play in an eCrime ecosystem?
[An Enabler provides criminals with resources they might not have. Run
malware as a service and?/or sell info they gained.
14.What are the three parts of the eCrime ecosystem that CrowdStrike highlighted in
their report?
[Monetization, Services, and Distributions.]
15.What is the name of the malicious code used to exploit a vulnerability in the
SolarWinds Orion IT management software?
[Sunburst.]
Part 2: Akamai Security Year in Review 2020
In this part, you should primarily use the
Akamai Security Year in Review 2020
and
Akamai State of the Internet / Security
, along with independent research, to answer the
following questions.
1.
What was the most vulnerable and targeted element of the gaming industry
between October 2019 and September 2020?
[The Gamers]
2.
From October 2019 to September 2020, in which month did the financial services
industry have the most daily web application attacks?
[December 2019]
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
3.
What percentage of phishing kits monitored by Akamai were active for only 20
days or less?
[60%]
4.
What is credential stuffing?
[stolen usernames and passwords to websites to gain access to the users
account]
5.
Approximately how many of the gaming industry players have experienced their
accounts being compromised? How many of them are worried about it?
[half of gamers accounts were compromised, and about
⅕
are worried.
6.
What is a three-question quiz phishing attack?
[People filling a quiz out and getting their info stolen.]
7.
Explain how Prolexic Routed defends organizations against Distributed Denial of
Service (DDoS) attacks.
[Redirecting network traffic through Akamai scrubbing centers while only
letting clean traffic to move on.]
8.
Which day between October 2019 to September 2020 had the highest Daily
Logins associated with Daily Credential Abuse Attempts?
[8/17/2020]
9.
Which day between October 2019 to September 2020 had the highest gaming
attacks associated with Daily Web Application Attacks?
[7/11/2020]
10. Which day between October 2019 to September 2020 had the highest media
attacks associated with Daily Web Application Attacks?
[8/20/2020]
Part 3: Verizon Data Breaches Investigation Report
In this part, use the
Verizon Data Breaches Investigation Report
plus independent
research to answer the following questions.
______________________________________________________________________
1.
What is the difference between an incident and a breach?
[An incident is when a security event compromises integrity,
confidentiality, or availability of info assets. A breach is when an
incident results in protected data confirmed to have been accessed by
individuals that would abuse the info.]
2.
What percentage of breaches were perpetrated by outside actors? What
percentage were perpetrated by internal actors?
[80% are outside actors, and 20% are inside actors]
3.
What percentage of breaches were perpetrated by organized crime?
[Around 80%]
4.
In 2020, what percent of breaches were financially motivated?
[70%]
5.
Define the following (additional research may be required outside of the report):
Denial of service
:attacks that are meant to shut down a computer or network.
Also, making it inaccessible to the user.
Command control
: attacker or cybercriminal controlling a computer by sending
commands to the system that is affected by malware.
Backdoor
:A way individuals are able to gain access to a computer, network,
or software by bypassing a computer or network securities.
Keylogger
:Tools that are used to record what individuals type on a computer.
6.
What remains one of the most sought-after data types for hackers?
[Credentials]
7.
What was the percentage of breaches that involved phishing?
[36%]
© 2023 edX Boot Camps LLC. Confidential and Proprietary. All Rights Reserved.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help