Description
Different types of adversaries pose different types of threats depending on their capabilities, intentions, and the assets they are targeting. For example, organized crime might target a financial institution for financial gain while a hacktivist might target organizations with differing ideologies. In addition, companies react to the loss of assets differently. There is a difference in the mitigation tactics that would be used depending on whether there is a loss of one asset or of an entire category of assets.
For your initial post, identify a recent cybersecurity incident (within the last two years). Briefly summarize the incident, and post a link to an article on the incident if possible. Ensure your summary identifies the threat actor(s) involved, at least one characteristic of the threat actor (capability, intent, target), and why the threat actor may have attacked what they did. If your article does not identify the “why,” hypothesize what you think may be the “why” based on the known information.
Note: Try not to post the same example as your peers.
In responding to your peers, identify a potential mitigation tactic (other than those identified in the article) for the threat actors they have identified. Also identify potential legal and ethical considerations that influence your choice of tactic given the information.
Reply:
Brett Levasseur posted Sep 27, 2021 8:13 AM
Subscribe
Adjust automatic marking as read setting
A very recent case involves the Colonial Pipeline, a pipeline that supplies gasoline to about fifty million Americans. This pipeline supplies 45% of the fuel used by the 50 million Americans that use the fuel from the pipeline.
In May 2021, the pipeline was subjected to a ransomware attack that forced a shutdown of all pipeline operations (1). This attack was noted as one of the most serious ransomware incidents to date, impacting tens of millions of people. It is a major national security incident, and it highlights the vulnerability of the nations infrastructure to these sorts of attacks. (1).
In the article, there is no discussion as to why this was a target. It is said to be the work of a group called DarkSide, a so-called “ransomware-as-a-service” group that develops ransomware used by other cybercriminals and receives a share of the proceeds (2). There were rumors it was initiated by a foreign government but there are no details to corroborate this claim.
If this was done on behalf of a foreign government, this would have given them an advantage for oil/fuel sales with the United States and created a dependency for their product.
REFERENCES:
2. https://www.cnn.com/2021/05/22/politics/colonial-d…
Repy:
Ryan Taylor posted Sep 28, 2021 9:56 AM
Subscribe
Adjust automatic marking as read setting
Howdy,
A recent cybersecurity incident that I would like to explore would be the Canva data breach that happen in May 2019. Canva is a graphic design website company that had an attack that exposed email addresses, names, city of residence, passwords, and usernames of 139 million users. Hackers were also able to view files, but not steal, that included partial payments and credit card data. The hacker group know as Gnostic Players, claimed to have obtained the users open authorizations (OAuth) login tokens which are used for login via Google to the website. Canva confirmed the attack and notified its users and told them to update their passwords and reset their OAuth tokens.
The article didn’t say what the intent was with Gnostic Players, however they did say that they later released the information on the dark web. So if I had to venture a guess I would say personal financial gain and bragging rights. I based this on the other attacks known by Gnostic Players and their intent of malicious attacks for personal financial gain.
Cheers,
Ryan
Works cited:
Barth, B. (2019, May 28). Hacker has designs on Canva data, steals info belonging to 139M users. SC Media. https://www.scmagazine.com/news/security-news/data-breach/hacker-has-designs-on-canva-data-steals-info-belonging-to-139m-users
