Intelligence Debriefing Your nation’s technical staff expects you to report on all summit events once you return to your nation’s capital. The CISO has requested that each analyst work independently to create an Intelligence Debriefing for technical staff. Intelligence Brief Intelligence Brief This debriefing is a comprehensive report and is comprised of your BCP, SITREP 1, SITREP 2, and SITREP 3 which are attached. Write a 2-page Intelligence debriefing Resources: BCP SITREP 3 SITREP 2 SITREP 1

Intelligence Brief

According to the security incident reports, on 13 November, the information technology department reported the Raveton Ransomware infection. Due to the conference’s security implementation’s failure, there was an incident that intentionally violated ISO 27000, making use of personally identifiable information with malicious intentions. Through a Denial of Service (DoS), the attacker maliciously intended to interrupt authorized user access to the computer network. The attacker gained unauthorized access to the network to alter information, injected malicious ransomware, and now demanding a ransom in the form of bitcoins.

The ransomware attack on the nation’s summit systems led to a loss of system and data confidentiality, integrity, and availability. The attack was perpetrated through the Reveton ransomware, which denied attendees conference data access. Since ransomware attacks evolve quickly, there has not been a specific framework for combating new attacks. The’re only two options to follow when such an attack occurs, first, pay the ransom demanded (with system restoration not assured) or roll back the system from the point of backup recovery. This makes recovery mechanisms the best fallback option in the event of a ransomware attack.

Identifying critical systems will be the initial plan to prevent further financial losses. This can be achieved through various steps, including identifying the various information types; in this step, the specific data types fed into the system, stored, and processed are noted (Norberg, 2020). Important aspects of this step will include the specific data sets, support, and management information that are mission dependent. This is the necessary information required for optimal summit functioning and support. The next step will involve determining the impact levels associated with the system and its respective integrity and confidentiality (Gallegos-Segovia et al., 2017).

This is followed by assessing provisional impact levels where each part of the systems, functions, and elements are evaluated. Finally, an assignment of system security categorizations for the information and information systems is conducted (Hanks, 2016). The Security categorization will categorize requirements and specifications for security measures in the risk management process. It identifies threats such as ransomware and malware programs that inherently encrypt files and services on systems preventing their access—for instance, the nation summit hack (Chen et al. 2018). Perpetrators of such attacks are driven by monetary exploitation and demand payment through untraceable payment avenues, with the nation summit hack culprits demanding payment through bitcoins. The infection vectors for such attacks range from compromised websites to clicking malicious links, emails, and phishing attacks (“Ransomware: Facts, Threats, and Countermeasures”, n.d.). The infection vector can be classified as a targeted attack in the specific instance of the nation’s summit attack.

Ransomware attacks are generally dependent on the network and security infrastructure in place. It is important for management to have an incidence response plan and various data back-ups, internet access restrictions, regularly updated software systems, which are also in conjunction with frequent training of users, and compliance with the latest federal guidelines on cybersecurity policies. The absence of the stipulated requirements and the conditions mentioned will provide a loophole for a ransom attack, which is the usual pathway for attackers (Monrat et al., 2019).

Data systems are very critical systems carrying high-risk levels, and if not well protected, computing resources such as servers that primarily facilitate network connections, local storage, memory processing, and storage are susceptible to attacks. In the event of an attack, valuable information, such as user credentials, system files, documentation, incidence response, and network infrastructure, can fall into the attacker’s hands, exposing both the system and the users to exploitation.

References

Chen, H., Cho, J. H., & Xu, S. (2018, April). Quantifying the security effectiveness of firewalls and DMZs. In Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security (pp. 1-11).

Gallegos-Segovia, P. L., Bravo-Torres, J. F., Larios-Rosillo, V. M., Vintimilla-Tapia, P. E.,Yuquilima-Albarado, I. F., & Jara-Saltos, J. D. (2017, October). Social engineering as an attack vector for ransomware. In 2017 CHILEAN Conference on Electrical, Electronics   Engineering, Information and Communication Technologies (CHILECON) (pp. 1-6).IEEE.