bmit a written report on main findings about AutoDesk Software hack of 2020. Must write from perspective of hack/breach.(definitions provided below)
The first page of the report should provide some general coverage of the incident, while the reminder of the report should give very specific answers about the following:
1) Was this incident a hack or a breach? Justify your answer!
2) Who are the main ‘stakeholders’ in this incident (who is the adversary & who is the victim)? Note: In cases when there are multiple adversaries and/or victims, they all have to be clearly enlisted.
3) When did the incident happen? When was it discovered?
4) Which vulnerability in the target system was exploited by the adversary during the incident?
5) How, exactly, did the adversary exploit the vulnerability? What was the main attack vector? Note: For an exhaustive list of attack vectors see: https://www.upguard.com/blog/attack-vector
6) What did this breach/hack target in terms of CIA?
7) What has been the actual loss suffered by the victim due to the incident (monetary, functional, reputational, … )? Note: In most cases the victim suffers a combination of different types of loss, and they all should be enlisted. Also, if there are multiple victims, the losses of each particular victim should be specified.
8) How did/can the victim ensure that the same type of breach/hack does not happen again?
9) Was the adversary prosecuted, and if so what were the penalties (if known)?
10) What can other similar potential victims learn from this incident?
Three initial references for this project include:
https://www.infosecurity-magazine.com/news/mercenary-apt-group-targeting/
https://www.bitdefender.com/files/News/CaseStudies/study/365/Bitdefender-PR-Whitepaper-APTHackers-creat4740-en-EN-GenericUse.pdf
IMPORTANT:
The list of all researched references should be included in the report. The minimum acceptable number of references is 10!
Definitions to use:
Data Breach-
exposing of sensitive, confidential and/or protected data to someone who should not have access to that data
* could be deliberate or unintentional !
* common type of leaked information: 1. financial data (e.g., credit card numbers) 2. medical or personal health information 3. personally identifiable information (PII) 4. intellectual property
most common causes / actors:
* an accidental insider e.g., an employee using a co-worker’s computer & reading files without having proper authorization, NO information is leaked outside the company e.g., an employee fooled into disclosing data to a malicious actor – information leaked outside …
* a malicious insider e.g., an employee purposely accesses and/or shares data with the intent of causing harm to an individual or company – may have legitimate authorization
* a malicious outsider e.g., a hacker uses various attack vectors to gather information from a network or an individual
common costs / damages:
* direct, short term 1. operational disruption 2. cyber-security investigations 3. attorney fees 4. government fines 5. drop in stock price, …
* indirect, long term 1. damage to brand and reputation 2. loss of intellectual property 3. increased insurance premium, …
Hack-
identification & exploitation of weaknesses in a computer system or a network in order to achieve a nefarious objective
* an intentional attack typically conducted by a malicious outsider
* could, but does not have to, result in a data breach / leak (e.g., ransomware, DDoS)
* weaknesses commonly exploited in a hack:
1. weak or compromised credentials
2. careless / untrained employees (social engineering)
3. missing or poor encryption
4. misconfiguration
5. vulnerabilities
6. third- or fourth- party vendors,
**There could be overlap between Hack and Data Breach
The report will be evaluated for the following: 1) Clarity of communication (Does the provided information render a clear understanding of the incident? Are the report’s organization and grammar satisfactory?) 2) Completeness (Is all relevant information included in the report?) 3) Correctness (Is the information provided in the report actually correct?)
Do You Know That our Professional Writers are on Stand-by to Provide you with the Most Authentic Custom Paper. Order with us Today and Enjoy an Irresistible Discount!