Introduction
This is phase one of a multifaceted attack. In this assignment you
Introduction
This is phase one of a multifaceted attack. In this assignment you will learn during this exercise to actively respond to the scenario as if it were an actual attack and to interact with other functional areas that would also be impacted by the security incident. You will be provided with an IR plan, and you will leverage the plan to successfully navigate the incident and answer questions pertaining to the scenario and how it interacts with the IR plan.
OZCO Data Breach of International Operational Data from within North America You work in cybersecurity for OZCO, a Fortune 500 biomedical company.
One Saturday morning another OZCO logs into the VPN utilizing their personal PC from home located in Wilmington, Delaware. The employee logs in utilizing their ADMIN rights into the HRIS Oracle database, which is a system that houses some of the most sensitive data in the company and provides a critical hub located in Canada that supports international operations from central locations around the world covering Japan, Mexico, Germany, Europe, and North Korea.
The employee notices a suspicious IP that was generated from a Nmap scan that they recently ran. The IP is identified as 81.169.181.179.
Several popups begin automatically opening on the employee’s laptop, and the system starts running slow.
The day before, the employee responded to an email that stated their Amazon Prime account was about to expire and they needed to renew their subscriiption via a link. The employee unknowingly was redirected to a mock Amazon site that resembled the actual Amazon site where the site downloaded malicious software onto their system creating a backdoor into the laptop.
The employee uses single sign-on for access to all OZCO systems.
The employee’s home PC has been infected with a key logger and a zero-day hack. Now the attacker has the employee’s login information as well as logins for several ADMIN accounts.
The attacker logs onto OZCO’s HRIS Oracle’s database and downloads international, operational, and sensitive data as well as North American customer PII. This action stops some critical services for all users.
The employee quickly disconnects the system from the network and unplugs the system losing all power. Canada, Japan, Mexico, Germany, Europe, and North Korea incident handlers from within OZCO are notified.
Instructions
Please download the following Word document listing the questions that you should answer in this assignment. The questions are divided into the following:
Understand the Incident’s Background
Define Communication Parameters
Assess the Incident’s Scope
Prepare for Next Incident Response Steps