Cyber Warfare Study (Interlude C, P&P;: p652 Describe in detail (in a brief pape

Question

Cyber Warfare Study (Interlude C, P&P;: p652 Describe in detail (in a brief paper 5-7 pages excluding Works Cited submitted to Assignment Dropbox) how you, as a corporate officer or government security consultant, would respond to a security breach from a persistent threat, terrorist group, hacktivist organization, or Country. Imagine details about the discovery and outline first responses to this set of events. The more clearly you detail the events, the easier it will be to recommend a response This activity will be graded on the basis of the Cyber Warfare Study Rubric

Explanation / Answer

Cyberwarfare often referred to as the fifth form of weaponry after Sea,air, space and Land. Weapons required are programs with malicious code with intention to harm or unauthorized access or creating a massive loss in the economy of the country.

Type of Attack Experienced:
Distributed Denial of Service (DDoS)

The attack attempted to exhaust all the resourcse including bandwidth of the network, availability and the computing power.
The attack was attempted on the host sites of all the countries leading financial services websites.
The websites were discovered to be vulnerable and it was easy for a group of hackers to gain access to the host of the network.
The hackers took up this opportunity and installed various new programs and tools on the compromised server to perform the attack.

Once the attacker is able to find the vulnerable system and installs its program on one particular host it becomes easy for him to circulate the attack within the network and try to infect all the systems in that particular network.
In this case many machines are compromised simulatenously as the infected program is parallely installed on all the hosts.

The motive of the attack was to ruin the image of the running government, which was funded by some opposition parties business man and executed by tech savvy professional in return for a huge economical benefit.

Security procedures used in this Situation:

Monitor the traffic 24x7 to look for suspected IPs from different geographies. Suspect everything which is unexplained.
keep an eye on everything around you which can hint you about the coming attack
Always use a third party assessment to penetrate into your network and check for the vulnerabilities and possible exploits. Always use the test result to deploy all the suggested controls and take proper actions required.
Keep a response team in place to reduce the impact of an attack.

After the Attack:

Collect the logs and each and every minute details in the course of attack.
Review the logs thoroughly to check from where the traffic was directed.
List down all the IPs found and check the geographical details and other details of the IP
Check and review each host in your network to check whether the functionality is as per expected or still something is their which can be compromised. Change the security settings/passwords for everything - each hardware and software, user accounts within the network.Gather reponse from the Response team and work on their results.
Your startegy should be:
Re-establish your BGP Connections -> restart firewalls -> Due to extra bandwidth consumed your ISP will immediately block you. Hence, contact your ISP. -> Recover all the applications as the clients and customer wont be able to get access and it will be a long downtime they will face.

The cost of DDoS attacks are beyond expectations.

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.