Submitted By：

Maira Saeed
Reg No：
INFT211101026
Section：
BS-IT(6A)
Submitted To：
SAHABZADA M. MAZHAR SHAHID
Subject：
INFORMATION SECURITY

1|Page
Table of Contents
Access Control ......................................................................................................................................................... 3

Case Study ............................................................................................................................................................... 4

Intellectual property theft by a departing employee at Yahoo ............................................................................. 4

Real Estate Wealth Network ............................................................................................................................ 5

Role of AI in cyber Security ................................................................................................................................... 6

Machine Learning ................................................................................................................................................ 6

Deep Learning .................................................................................................................................................. 6

Cyber Security risk management .......................................................................................................................... 7

The importance of risk management framework and methodologies .............................................................. 7

Malware Analysis .................................................................................................................................................... 8

Ransomware ..................................................................................................................................................... 8

Trojans ........................................................................................................................................................... 9

Advanced Persistent Threats (APTs) ................................................................................................................. 10

Characteristics of Advanced Persistent Threats .............................................................................................. 10

Tactics and techniques .............................................................................................................................. 10
Notable Apt Groups and their targets ................................................................................................... 11
References ............................................................................................................................................................. 11

2|Page
 Access Control:

In the context of network security, access control is a method for determining who or what can access certain
resources on the network. These resources can be sensitive information, machines, applications, or even physical
objects. The key to access control is the ability to grant or restrict access based on predefined criteria and
policies. In fact, access control works on the principle of minimum; this means it provides users and equipment
with the minimum amount they need to do their job. This method minimizes the possibility of site attack and
reduces the risk of inaccessibility or damage.

Administration has several elements, including:

1. Least Privilege:

This element specifies that users should be allowed to operate with the lowest level of access rights. By limiting
access to only what is needed, you can reduce harm caused by accidental or intentional abuse of rights. For
example, regular employees do not need access to sensitive financial information, so granting them access would
be a minimal violation of the law.

2. Preventing Unauthorized Access:

Access control is the first line of defense against unauthorized users, including criminals, who attempt to access
the network. It manages strong credentials and permissions, ensuring that only legitimate users and trusted
devices can access the network. In the real world, consider a financial institution that maintains large amounts of
customer information. Access control procedures will ensure that only authorized personnel (perhaps only
certain departments) can access this information, thus reducing the risk of information leakage and insider
threats.

3. Protect confidential information:

Many organizations maintain confidential information such as trade secrets, customer information, or proprietary
information. Access control plays an important role in protecting this important information by imposing strict
permissions and restricting access. A breach in access control could cause serious damage to these assets.

3|Page
 Case Studies:

Intellectual property theft by a departing employee at Yahoo

Yahoo alleges that their former research scientist Qian Sang, who worked as a research scientist at Yahoo, stole
the⠀company’s⠀intellectual⠀property⠀in⠀February⠀2022.⠀According⠀to⠀Yahoo’s⠀claim, the malicious
insider was going to use the stolen data for financial gain from Yahoo’s competitor, The Trade Desk, after Sang
had received a job offer from them.
The⠀company⠀also⠀claims⠀thatSang⠀stole⠀other⠀confidential⠀information⠀including⠀Yahoo’s⠀strategy⠀pl
ans and a competitive analysis of The Trade Desk.

⠀impacts⠀

 After conducting a detailed examination, yahoo found QianSang⠀supposedly⠀obtained⠀570,000⠀files

that included confidential data and the source code of AdLearn, Yahoo's platform for buying ads in real-
time.
 Yahoo took legal action against their former employee, alleging that the stolen intellectual property
could give their rival an edge in online advertising, potentially leading to financial harm for Yahoo.

Cause

 ⠀Sang allegedly transferred the sensitive data from his corporate laptop to two personal external storage

devices while he was still working at Yahoo. A⠀USB device management solution could also help
Yahoo’s security officers detect the connection of unknown external storage devices.⠀
 Yahoo’s forensic analysis also showed that the insider communicated with someone on WeChat about
using a cloud file backup system. Real time user activity alerts and keylogging cybersecurity capabilities
could have helped the company Qian Sang’s communications about this suspicious matter prior to the
incident.

Lesson learned:

 The case of intellectual property theft at Yahoo by a departing employee highlights the critical
needfor⠀companies⠀to⠀prioritize⠀safeguarding⠀sensitive⠀information.

 By⠀implementing⠀strong⠀security⠀measures⠀and⠀closely⠀monitoring⠀employee⠀activities,
organizations can better⠀protect⠀their⠀valuable⠀intellectual⠀property⠀from⠀insider⠀threats.

4|Page
 Real Estate Wealth Network

The accidental exposure of over 1.5 billion records from Real Estate Wealth Network's database, one of the
largest data breaches in US history, underscores the critical importance of robust cybersecurity measures. The
database had around 1.16 terabytes of data, and this data was vulnerable because the folders and system access
were not protected by passwords. This exposure lasted for an unspecified period of time.

Causes:

 Leaving folders and system access unprotected with passwords suggests a misconfiguration issue. This could be
due to human error during setup or a lack of awareness about security best practices.

Impact:

 Over 1.5 billion records containing personal information were accessible, potentially impacting a massive
number of people.
 The exposed information included sensitive details like names, addresses, phone numbers, email addresses, and
even Social Security numbers in some cases. This creates a high risk of identity theft and financial fraud for
those affected.
 The Real Estate Wealth Network suffered reputational damage due to the data breach, raising concerns about
their data security practices which also cause financial issues.

Lessons Learned:

 This incident highlights the critical need for strong data security measures. Implementing proper access controls,
encryption, and regular security audits are essential to prevent unauthorized access.
 The importance of password protection for all folders and systems cannot be overstated. A single unprotected
folder can be a gateway to a massive data breach.
 Organizations should only collect and store data essential for their operations. Having less data reduces the
potential impact if a breach occurs.

5|Page
 Role of AI in Cybersecurity:

Artificial intelligence (AI) greatly helps in keeping digital information safe. By using smart algorithms, AI can
quickly spot unusual behavior that might signal a cyberattack, like someone trying to access a system they
shouldn't. It can also learn from past attacks to better protect against future ones. If a threat is detected, AI can
even take action to stop it before any harm is done, like blocking a suspicious email or locking down a
compromised account. Essentially, AI acts as a smart guard, constantly watching for threats and taking action to
keep our digital world safe from harm.

Machine Learning:

 Threat Detection: Machine learning is excellent at identifying patterns in large amountsof data. It analyzes networ
k connections, user behavior, and operating systems to detect patterns associated with malware, phishing
attempts, and even new threats. This strategy helps you stay ahead of cybercriminals.
 Anomaly Detection: In anomaly detection, machine learning looks at historical datato understand natural behavior
If it sees something unusual, such as a sudden surge
in the traffic network it will sound the alarm because it is not following the normal pattern.
 Risk Assessment: In risk assessment, machine learning evaluates various factors to determine the likelihood and
impact of cyber threats. For example, it can analyze data from past security incidents to predict the likelihood of
similar incidents occurring in the future.

Deep Learning:

 ThreatDetection: Deep Learning goes one step further. It can understand many patterns in data. For example,it
can learn to identify malware by analyzing data patterns and identifying common characteristics that malware
shares.
 AnomalyDetection: Deeper learning leads to pattern recognition. It can analyze not only structured data (web log
s) but also unstructured data (emails, social media posts) to detect suspicious situations that may indicate a
possible attack. This provides a better understanding of the threat.
 Risk Assessment:
Deep learning improves risk assessment by identifying relationships between multiple factors. It can help organi
zations be more predictive of potential cyber threats by detecting hidden patterns in data that may not be obvious
through traditional analysis methods.

6|Page
 Cybersecurity Risk Management:

Cybersecurity risk management is a methodical way of determining which threats are most important to address.
Organizations use cybersecurity risk management to make sure that the most serious threats are dealt with
promptly. This method involves recognizing, examining, assessing, and resolving threats according to the
potential harm they could cause.

The importance of risk management framework and methodologies

 The NIST Cybersecurity Framework is a guide to help organizations protect themselves from cyber threats.
It has six steps to help manage risks to information security and privacy. It also provides guidelines for
meeting government regulations on cybersecurity.

 ISO 31000 is a set of rules to help organizations manage risks better. It gives them a plan to identify and deal
with things that could go wrong, so they can reach their goals more safely.

 COBIT is a framework developed by the Information Systems Audit and Control Association (ISACA).
COBIT 5 is a set of guidelines that helps organizations manage their IT systems effectively and align them
with their business goals. It provides best practices for governance, risk management, and performance
measurement in the IT environment.

 FAIR is a method that helps organizations measure and manage risks related to information security in a way
that focuses on numbers and data. It helps them see how much money they could lose from cyber threats and
decide where to invest resources to reduce those risks smartly.

 Cybersecurity risk management methodology helps protect sensitive information and data from unauthorized
access or theft. By identifying potential risks and vulnerabilities, organizations can proactively take steps to
prevent cyber-attacks before they happen.

7|Page
 Malware Analysis
Ransomware
Ransomware is a malware in your computer program. It can stop you from using your computer or seeing your files.
Sometimes, it even says it will show your private stuff to everyone online unless you give money to the person who made
the program. They usually ask for the money quickly. If you don't pay fast enough, they might delete your files or ask for
even more money.

Impacts:
 Ransomware encrypts files on a computer or network, making them inaccessible to use. If backups are not
available data can be permanently lost.
 Organizations that fall victim to ransomware attacks may suffer severe financial losses due to ransom
payments, downtime, and remediation costs.
 Ransomware attackers may steal sensitive information before encrypting it, potentially exposing intellectual
property or confidential data.
 Ransomware attacks pose significant risks to the integrity, availability, and confidentiality of information
systems

Detetction techniques:

Monitoring tools act as protectors for your computer. They keep an eye out for any unusual activities, such as
unauthorized access or malware attacks. If they detect anything suspicious, they can prevent it from causing
harm, such as encrypting your files with ransomware. Additionally, by maintaining a full backup of crucial
computer systems, you can swiftly restore everything to normal in case of mishaps like system crashes or file
encryption, minimizing disruptions to your work.

Prevention measures:
Preventing ransomware attacks usually involves implementing and testing backups, as well as using ransomware
protection in security tools. Security tools like email protection gateways serve as the first line of defense, with
endpoints serving as a secondary defense. Intrusion Detection Systems (IDSs) can identify ransomware
command-and-control activities to alert when a ransomware system communicates with a control server. User
training is important, but it is just one layer of defense against ransomware, typically coming into play after
ransomware is delivered through email phishing.

8|Page
 Mitigation techniques:
 The first step in responding to a ransomware infection is by disconnecting the infected endpoint from the
network, you can prevent the ransomware from spreading to other devices and systems within your network.
 For proper mitigation, you must track down the computer that was first infected and determine whether or not
the user clicked any suspicious emails or noticed any unusual behaviour on their computer.

Trojan
A Trojan ransomware is a kind of harmful software that pretends to be normal software or files to trick users into
downloading and using it on their computers. When it's turned on, it locks files on the infected computer and
asks the user to pay money to get them back.

Impacts on Information Systems (IS):

Ransomware can cause a lot of data to be lost if files are locked and not properly saved. Computers with
ransomware may become hard to use or slow down, which can affect how a business works. Paying the ransom
can cost a lot of money, and fixing the computer afterwards can also be expensive. Companies hit by
ransomware attacks might lose the trust of their customers and others, which can hurt their reputation.

Detection
New security systems for computers include old-fashioned antivirus, a newer kind called next-generation
antivirus (NGAV) that can stop even brand-new and unknown trojans, and smart analytics that notices strange
things happening on user computers. Putting all these together helps stop most trojans from causing harm.

A WAF (Web Application Firewall) sits at the entrance of a network and stops trojan infections by blocking the
downloading of trojan files from sketchy places.

9|Page
 Advanced Persistent Threats (APTs):

An advanced persistent threat (APT) is like a secret cyberattack on a computer network. The attacker sneaks in
and stays hidden for a long time without anyone noticing. While they're inside, they can spy on what's
happening, intercept messages, and steal important information without anyone knowing.

Characteristics of Advanced Persistent Threats

 The objective of an APT is to repeatedly gather sensitive data over an extended time frame, which
maximizes the potential for criminal earnings.
 APT attacks take a really long time, like months or even years, to finish what they want to do. They
spend a lot of time getting ready and planning carefully so they can succeed without anyone noticing.
 APT attacks are often costly and focus on specific organizations. The hackers behind them are willing to
take less risk to stay hidden for a long time until they reach their goal. They work to erase any signs of
their attack to avoid getting caught.
 Once an APT has entered in a network, it typically maintains several connections to its Command and
Control (C&C) Center. This is crucial because it might need to install additional malicious software or
malware on the target network.
 APTs follow a structured process with different steps: reconnaissance, gaining access, exploring,
capturing data, and finally, taking that data out of the system.

Tactics and techniques:

Social Engineering: It is a trick used by hackers to get people to give away important information or click on harmful
links. They might send fake emails, create fake websites, or pretend to be someone you trust to trick you into doing what
they want.

Watering Hole Attacks: It happen when hackers target websites that their victims often visit. When someone
visits these compromised sites, they unknowingly download malware onto their device.

Zero-Day Exploits: APT actors often exploit zero-day vulnerabilities in software or hardware that have been
recently found but not fixed yet. By taking advantage of these vulnerabilities before they're patched, threat actors
can easily get into target systems without permission.

10 | P a g e
Supply chain attacks: It focus on a particular organization's supply chain, where the attackers compromise
software or hardware before it reaches the intended recipient. This allows APT actors to access the victim's
network.

Spear phishing: It is a tactic where APT actors send highly targeted emails to trick people into giving away
personal information or clicking on dangerous links. These emails are carefully crafted to look real and specific
to the recipient.

Notable Apt Groups and their targets

APT29 (Russia): APT29, also referred to as "Ryuk Bread" or "Cozy Bear," is thought to be supported by
Russian intelligence services. This group has a track record of targeting government agencies, critical
infrastructure, and telecommunications companies, usually aiming for espionage or causing disruption.

APT24 (China): APT24, also known as "PittyTiger," is associated with state-sponsored activities from China.
They concentrate on cyberespionage campaigns, targeting various industries such as government, healthcare,
technology, and telecommunications.

APT30 (China):APT30, also called "HonorTruth," is another Chinese state-sponsored APT group. They have
been tied to attacks targeting aerospace, defense, and government entities, primarily focused on stealing
intellectual property.

APT33 (Iran): APT33, known as "Elfin," is an Iranian APT group recognized for its tailored malware and
assaults directed at the aerospace, aviation, and energy industries. Their targets include entities in the US, Saudi
Arabia, and South Korea.

References

https://www.proofpoint.com/us/threat-reference/ransomware

https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches

https://www.techtarget.com/searchsecurity/definition/advanced-persistent-threat-APT

https://www.imperva.com/learn/application-security/trojans/

11 | P a g e