WHITE HOUSE NATIONAL CYBER SECURITY TEAM

computer science

Description

Overview – Summary of Events


From 1-5 February 2017, various U.S. financial infrastructures reported network

disruptions and data breaches. The plaintiff corporations were the Experian and Transunion

credit report agencies as well as sects of financial

automated clearinghouses. Each entity’s public

webpage was defaced. The web defacement was the

same across all plaintiff’s websites (see figure 1);

this strongly suggests the same threat actor was

behind each cyberattack. During this same

timeframe, the above-mentioned financial companies also reported distributed denial of service

(DDoS) attacks against their private servers. A DDoS attack makes an online service unavailable

by overwhelming the web application’s servers from multiple sources.

The cyberattack also included sensitive data exfiltration. Experian, Transunion, and areas

of the financial automated clearinghouses detected unauthorized activity in customer accounts

and sensitive company files. We can only assume the threat actor obtained at least 30,000

individual’s credit scores and private information as well as sensitive files and information from

the financial entities themselves. Law enforcement representatives later discovered the threat

actor had extensive knowledge of network defense tools – particularly in zero-day attacks. The

targeted servers had not been updated with the latest network defense tool software, making it

possible for the threat actor to infiltrate the various networks.


How the Cyber Incident was Identified and Resolved


The financial infrastructure cyber incident was resolved in five days due to timely and

critical thinking. A 4-step systematic methodology was used to respond to the cyberattack -


FOR OFFICIAL USE ONLY (FOUO)

WHITE HOUSE NATIONAL CYBER SECURITY TEAM


AFTER ACTION REPORT


1


identify the problem, contain the breach, eradicate the threat, and recovery. Critical thinking was

incorporated in an organic process by identifying the problem, gathering information, and

choosing and implementing the best course of action (Guffey, 1998). They first needed to

establish what happened by identifying the problem. Why had financial infrastructure servers

crashed? The specialists opened a command prompt window and typed “netstat-an” to view the

list of ports in use (Marsh, 2016). The results revealed thousands of contiguous ports with their

connections timing out, ergo DDoS attack. Cyber specialists than reasoned the threat actor may

have elicited further harm in addition to the denial of service attack, so they thought to examine

the security of the data.

Preview Solution
Price $15
Buy Ready Solution
(600 times downloaded)
OR
Get Same Assignment Done From Scratch

Get instant assignment help service

Related Questions in computer science category

Disclaimer
The ready solutions purchased from Library are already used solutions. Please do not submit them directly as it may lead to plagiarism. Once paid, the solution file download link will be sent to your provided email. Please either use them for learning purpose or re-write them in your own language. In case if you haven't get the email, do let us know via chat support.