Analyze the infamous worldwide Wanna Cry ransomware attack from an incident response perspective

CSI3351Group Assignment to Establish Security Monitoring and Respond to Cybersecurity IncidentsContentsDetails…………………………..…………………………..…………………………..…………………………..…………………1Background…………………………..…………………………..…………………………..…………………………..………….1Task…………………………..…………………………..…………………………..…………………………..…………………….1Suggested Report Structure…………………………..…………………………..…………………………..………………..2Additional Task Information…………………………..…………………………..…………………………..……………….2Assignment Submission…………………………..…………………………..…………………………..……………………..2Marking Key…………………………..…………………………..…………………………..…………………………..…………3DetailsTitle:

Wanna cry Analysis/ Purple TeamingValue:40% of the final mark for the unit Length: max. 20A4 pages Background Ransomware attacks are on the rise. The Wannacry ransomware attack was a worldwide cyberattack in 2017, affecting hundreds of thousands of Windows computers within a day globally.On the infected systems, Wannacry displayed a ransom note (see Figure 1).The ransomware was propagated through the Eternal Blue exploit. Eventually, the discovery of a kill switch prevented the further spread of the ransomware.Task You need to analyse the infamous worldwide WannaCry ransomware attack from an incident response perspective, with a focus on the attack from the technical perspective and the security measures that could not prevent it.

You also need to explain what security measures could have prevented it, and what can be done in general to prevent similar attacks.Figure 1A Wannacryransom note. Imagefrom https://upload.wikimedia.org/wikipedia/en/1/18/Wana_Decrypt0r_screenshot.png

Suggested Report StructureCover Page: unit code and title, assignment title, your name, student number, campus, tutor’s name

Table of Contents:anaccurate reflection ofthe content within the document, generated automatically.InDepth AnalysisAttack Summary:

describe, explain, and visualise the attack using the MITRE framework and the Lockheed Martin Cyber Kill Chain.Attack Explanation:

What made the attack possible? Which computing environment factors and vulnerabilities?Effective Countermeasures:

How could it have been prevented?Fighting Ransomware:Which SOC/SIEM tools could be used for opreventingodetectingomitigatingransomware attacksin generaland why?

Similar Attacks:Provide a technical description of similar/derivative attacks, and how they were possible.Incident Responseo

Explain how purple teaming (aligned red and blue teams) can help set up an information security infrastructure in the enterprise that can be effective against ransomware.oSet up/join a blue team or a red team (applies only to those who attend the class on campus). Describe the actions from the chosen team’s point of view. AdditionalTask InformationEach report will be unique and presented in its own way(for groups, this is per group).Scrutinise the marking key, and ask any questions you may haveearly!Focus on the important events of the realworld attack described.This task covers the understanding of both the technical complexity of the attack and the realworld factors.Assignment SubmissionThe submission must be a Microsoft Word document.You are only submitting onedocument through Blackboard. You do notneed an ECU assignment cover sheet. Do not submit more than onedocument, because these will notbe assessed.

Marking Key

Analyse the infamous worldwide WannaCry ransomware attack from an incident response perspective and write a document with the following structure:

  1. Describe, explain, and visualise the attack using the MITRE framework and the Lockheed Martin Cyber Kill Chain.
  2. What made the attack possible? Which computing environment factors and vulnerabilities?
  3. How could it have been prevented?
  4. Which SOC/SIEM tools could be used for
    1. preventing
    2. detecting
    3. mitigating
      ransomware attacks and why?
  5. Provide a technical description of similar/derivative attacks, and how they were possible.
  6. Explain how purple teaming (aligned red and blue teams) can help set up an information security infrastructure in the enterprise that can be effective against ransomware.
    If you attend the class, set up/join a blue team or a red team (applies only to those who attend the class on campus). Describe the actions from the chosen team’s point of view.
Buy Now

Answer Excerpt

CSI3351Group Assignment to Establish Security Monitoring and Respond to Cybersecurity IncidentsContentsDetails…………………………..…………………………..…………………………..…………………………..…………………1Background…………………………..…………………………..…………………………..…………………………..………….1Task…………………………..…………………………..…………………………..…………………………..…………………….1Suggested Report Structure…………………………..…………………………..…………………………..………………..2Additional Task Information…………………………..…………………………..…………………………..……………….2Assignment Submission…………………………..…………………………..…………………………..……………………..2Marking Key…………………………..…………………………..…………………………..…………………………..…………3DetailsTitle: Wanna cry Analysis/ Purple TeamingValue:40% of the final mark for the unit Length: max. 20A4 pages Background Ransomware attacks are on the rise. The Wannacry ransomware attack was a worldwide cyberattack in 2017, affecting hundreds of thousands of […]



Buy Now