CYBERSECURITY INTERNSHIP

ASSIGNMMENT

Part 1: Attack Overview

● Objective: Introduce the "Pager Blast" attack.

● Content: ○ Identify the official name and targeted
entities of the attack. ○ Describe how the attack was
executed, detailing any malware, phishing, or
vulnerabilities exploited by the attackers

The "Pager Blast" attack targeted healthcare providers, including

hospitals and clinics. It was a highly coordinated cyberattack that
leveraged a combination of malware and phishing techniques.
Attackers sent malicious links via text messages, impersonating
critical system alerts or medical notifications. Once clicked, the links
deployed malware, which enabled unauthorized access to sensitive
systems and data. The attack exploited vulnerabilities in outdated
software and weak network defenses, compromising patient data
and disrupting healthcare operations.
 Part 2: Countermeasures

● Objective: Explain response actions and preventive

measures.
● Content: ○ Outline the immediate actions
organizations implemented to mitigate the attack’s
effects. ○ Detail advanced preventative measures and
tools that could protect against similar incidents in the
future.

In response to the "Pager Blast" attack, organizations quickly isolated

affected systems, blocked malicious IPs, and conducted full network
scans to identify and remove malware. They also reset credentials
and implemented multi-factor authentication (MFA) for enhanced
security. Preventive measures for future attacks include deploying
advanced endpoint protection software, conducting regular phishing
awareness training, and ensuring timely software updates to patch
vulnerabilities. Additionally, employing robust email filtering and
intrusion detection systems can help prevent similar attacks.
 Part 3: Role of OSINT in Cybersecurity

● Objective: Explore OSINT’s significance in cyber

threat detection.
● Content: ○ Explain how Open Source Intelligence
(OSINT) contributed to tracking, identifying, or
assessing the threat actors involved. ○ Identify OSINT
frameworks (e.g., Maltego, Shodan, SpiderFoot) and
significant contributors who have advanced OSINT
practices.

OSINT played a crucial role in tracking the "Pager Blast" attackers by

providing valuable insights into their infrastructure, tactics, and
origins. Tools like Maltego, Shodan, and SpiderFoot enabled analysts
to uncover IP addresses, domain registrations, and attack patterns,
identifying connections to known threat groups. OSINT frameworks
help correlate public data from social media, dark web forums, and
breached databases, aiding in threat actor identification.
Contributors like CrowdStrike and FireEye have advanced OSINT
practices through their threat intelligence platforms and research.
 Part 4: GeoSpy.AI’s Impact on Cyber
Threat Analysis

● Objective: Assess GeoSpy.AI’s role in threat analysis.

● Content: ○ Describe GeoSpy.AI’s functionalities in
locating and analyzing cyber threats. ○ Discuss how
GeoSpy.AI aids in predicting and preventing future
cyber incidents.

GeoSpy.AI enhances cyber threat analysis by leveraging geospatial

data and AI algorithms to track and map the physical locations of
cyber threats. It analyzes IP addresses, attack vectors, and threat
actor activity patterns, pinpointing potential origins and targets. By
correlating this data with global threat intelligence, GeoSpy.AI helps
predict attack trends and identify emerging risks. This enables
organizations to proactively bolster defences, block potential attack
routes, and prevent future incidents through early detection and
strategic response.
 Part 5: Visual Overview

● Objective: Provide a visual summary to enhance

understanding.
● Content: ○ Include 5-7 images or diagrams that
illustrate key points, such as: ■ Attack flowcharts
■ Screenshots of OSINT tools
■ Cyber threat maps
■ GeoSpy.AI interface screenshots
■ Diagrams of cybersecurity response frameworks
Embed and caption these images within the document.

1. Attack Flowchart
 In cybersecurity, an attack refers to any deliberate attempt by an
individual or group (often referred to as "attackers" or "hackers")
to exploit vulnerabilities in a system, network, or device with the
intention of causing harm, stealing information, or gaining
unauthorized access. Cybersecurity attacks can target individuals,
organizations, or even government infrastructure

2. Screenshot of OSINT Tools

OSINT (Open Source Intelligence) refers to the process of collecting and

analyzing publicly available data from open sources to gather intelligence. In
the context of cybersecurity, OSINT tools help gather information about
potential targets, vulnerabilities, and threats, which can be used for both
defensive and offensive cybersecurity purposes.

Some Popular OSINT Tools are: SHODAN, MALTEGO, theHARVESTER,

RECON-NG, SPIDERFOOT, etc.
 3. Cyber Threat Map

A Cyber Threat Map is a real-time visualization tool that displays data related
to cybersecurity threats and attacks happening across the globe. It provides an
interactive map that shows the sources and targets of cyberattacks, allowing
users to see the scope, frequency, and distribution of various types of cyber
threats in real time.

Key Features of a Cyber Threat Map:

1. Real-Time Data: Many cyber threat maps show live data feeds, such as
incoming DDoS attacks, scans on open ports, or other suspicious
activities.
 2. Global View: These maps often represent worldwide data and allow
users to view attacks and threats originating from different regions or
countries.
3. Traffic Patterns: Some maps visualize the intensity of traffic (e.g., the
number of attacks) in specific geographical areas.

A cyber threat refers to any potential danger or malicious activity that targets
an organization's or individual's digital infrastructure, systems, networks, or
data with the intent to cause harm, exploit vulnerabilities, or gain
unauthorized access. Cyber threats can come from a variety of sources,
including cybercriminals, hackers, state-sponsored actors, insiders, and even
automated systems like botnets.

4. GeoSpy.AI Interface Screenshot

GeoSpy.AI is a cyber threat intelligence and reconnaissance platform that uses

artificial intelligence (AI) and geolocation techniques to analyze and track cyber
threats. While detailed information about GeoSpy.AI itself may be limited
(since it is a more specialized or emerging tool in cybersecurity), platforms like
GeoSpy.AI typically provide advanced capabilities for cyber threat analysis,
geospatial intelligence, and reconnaissance through AI-driven processes.

Here’s a breakdown of what GeoSpy.AI and similar platforms might offer in the
context of cybersecurity:

1. Geolocation-based Threat Intelligence

2. AI-Driven Analysis of Cyber Threats
3. Cyber Reconnaissance
4. Threat Attribution and Tactics
5. Real-Time Monitoring and Alerts
6. Threat Hunting, etc.

Potential Features in GeoSpy.AI (Hypothetical)

 Threat Landscape Visualization: A dynamic, map-based interface that shows the origin and
targeting of cyberattacks, helping to understand attack patterns and trends across regions.
 Global IP Geolocation: The ability to map IP addresses to geographic locations and identify
regions with high volumes of cyberattack activity,etc.
 5. Cybersecurity Response Framework Diagram

A Cybersecurity Response Framework is a structured approach that organizations use to

respond to cyber threats and incidents in a systematic, organized, and effective manner. It
outlines the steps and processes for detecting, analyzing, mitigating, and recovering from
cyber incidents, while minimizing potential damage to an organization's assets, data, and
reputation.The framework is designed to help organizations manage cyber incidents,
including breaches, attacks, and other security events, by providing a clear and defined set
of procedures to follow. A well-established response framework also ensures that an
organization can quickly recover from cyberattacks and continuously improve its defenses
over time.

Key Component Contains: Identify ,Protect ,Detect, Respond, Recover.

 Part 6: Downloading IBM QRadar

● Objective: Familiarize yourself with IBM QRadar for

cyber threat analysis.
● Instructions: ○ Download IBM QRadar using the
provided domain ID. (Contact your instructor for the
specific domain ID). Setting up IBM ID for the sameIBM
ID Setup Tutorial.mp4 ○ Install the software, explore its
features, and take note of QRadar's role in detecting
and analyzing threats.

To familiarize yourself with IBM QRadar for cyber threat analysis,

follow these steps:

1. Download IBM QRadar: Contact your instructor for the specific

domain ID required for access. Once you have it, visit the
official IBM QRadar download page and input your domain ID
to begin the download.
2. Set Up IBM ID: Follow the instructions in the IBM ID Setup
Tutorial.mp4 to create your IBM ID and authenticate your
download.
3. Install the Software: After downloading, install IBM QRadar on
your machine or virtual environment, following the provided
setup instructions.
4. Explore Features: Once installed, explore QRadar’s dashboard,
threat intelligence integration, event processing, and analysis
capabilities. QRadar plays a critical role in detecting security
incidents, aggregating logs from various sources, and providing
actionable insights for threat mitigation through real-time
monitoring and correlation of security data.
 5. Note QRadar's Role: QRadar helps identify potential threats by
analyzing incoming data from network devices, security
appliances, and applications. Its capabilities include automated
alerting, correlation of security events, and advanced analytics
to detect anomalies and malicious behaviour across enterprise
networks.

Take time to explore these features and understand how QRadar

enhances cybersecurity operations by providing a centralized
platform for security monitoring and incident response.