Threats attacks and vulnerability assessment

CMGT/400v7

Threats, Attacks, and Vulnerability Assessment Template

CMGT/400 v7

Page 3 of 4

C:\Users\djshirey\OneDrive - University of Phoenix\F_Drive\Style Guides\UPX Logos\Horizontal format\UOPX_Sig_Hor_Black_Medium.pngThreats, Attacks, and Vulnerability Assessment Template

Instructions: Replace the information in brackets [ ] with information relevant to your project.

A Cyber Security Threat Analyst conducts analysis, digital forensics, and targeting to identify, monitor, assess, and counter cyber-attack threats against information systems, critical infrastructure, and cyber-related interests. Take on the role of a Cyber Security Threat Analyst for the approved organization you chose. Research the following information about the organization you chose and complete the Threats, Attacks, and Vulnerability Assessment template.

[Amazon constitutes a multinational corporation focusing on technology products including e-commerce, artificial intelligence, and cloud-computing (Amazon, 2019). Amazon appears at the eighth position of Fortune’s fasters growing companies in the World and is described as the most significant digital retailer in the United States (Fortune, 2019). The company’s Amazon Web Services has also grown to be the leading online storage and service process in the US market (Fortune, 2019). The magnitude of the company makes it appropriate for the threat and vulnerability assessment of information systems security.]

Assessment Scope

What are the tangible assets included? (Must include virtualization, cloud, database, network, mobile, information systems.) Identify all information systems, critical infrastructure, and cyber-related interests and combinations that will be assessed. Also, describe information systems, critical infrastructure, and cyber-related interests which will not be assessed and explain why.

[ Amazon has a broad technical infrastructure that includes persons, tangible assets, and end-to-end security systems. The primary tangible assets for the company’s e-commerce and web services include the cloud, database, virtualization, network, information, and mobile systems. The scope of the cyber security threat analysis on the Amazon Web Services will consist of the database, network, and information systems. The company’s primary information systems include organizational, marketing, inventory, human resource, accounting, and financial information systems. Cyber-related interests associated with Amazon e-commerce and AWS platforms include mining of Big Data that the firm produces, economic data, and consumer data. Moreover, users might use the platform to advertise black market products. The organizational and inventory information systems will not be assessed as they do not present much risk for the company’s digital systems.]

System Model

A diagram and descriptions of each asset included in the assessment scope.

[ Fig 1: An example of an e-commerce system model.]

[The human resource information systems acquires the information of the merchants. They also hire customer service and product support employees who advertise and take care of customer issues. These involves massive data gathering given the magnitude of the company. The cloud information system comprises the stored online data for Amazon subscribers and registered users which is mostly acquired during order entry.The information could be a target for some attackers. The database system stores all the necessary data for analysis and transformation to information. It is associated with product presentation and order entry where the preferences of the customers can be accessed. Information is processed from the analysis of the data and is used by the management for decision making purposes. It is important to protect customer data and the analyzed information.]

Existing Countermeasures

Describe existing countermeasure already in place.

[ The Amazon technology department uses various countermeasures for protecting their cyber-systems. The AWS provides the cloud computing clients with data centers and custom network architectures to protect the end of their system’s environment. Network firewall, web application firewalls, encryption, and private enabled connectivity options include other countermeasures used by the company to protect its critical infrastructure. Also, Amazon protects its data through varying data encryption capabilities including SQL Server RDS, EBS, Oracle RDS, and Glacier. The Amazon web platform uses the server-side encryption (SSE) for the transmission of sensitive data by encrypting the message queues. Another method used to prevent cyber threats and attacks includes hardware-based cryptographic key storage that facilitates the achieve compliance requirements.]

Threat Agents and Possible Attacks

Define 12 to 15 threat agents and possible attacks.

[ Numerous agents of cyber threat and cyber-attack exist in Amazon’s information systems and critical infrastructure environment. Additionally, more possible cyber-attacks can be aimed at Amazon given its market-leading position and amount of data it possesses. Some of the attacks include phishing and spear phishing attack, birthday attack, password attack, malware attack, denial of service (DoS), SQL injection attack, man-in-the-middle (MitM) attack, eavesdropping, attack, cross-site scripting (XSS) attack, and distributed denial-of-service (DDoS) attacks(Jang-Jaccard & Nepal, 2014np). Phishing is defined as the process of sending emails that look like they are from trusted sources with the aim of accessing private information or inducing the system users to act. Conversely, spear phishing involves an evolved form of phishing where the attacker targets a specific individual and conducts research on them and develop personal and relevant messages making it harder to detect and defend against. The birthday attack defines the probability of establishing two random words that generate the same message digest when a hash algorithm is made against the digital signature, software, or message.

The SQL injection attack is majorly used on database-driven websites such as the Amazon e-commerce website making it a possible attack. It includes the execution of a SQL query by the malefactor into the database through the input data from the client to the server. Drive-by attacks happen when hackers search for insecure websites and place malicious scripts into the HTTP or PHP code on either of the pages where the text may redirect the victim to a site that is affiliated to the hackers(Jang-Jaccard& Nepal, 2014np). Additionally, the malware may install immediately onto the computer of the user who browses the site. A DoS attack overpowers the resources of a system so that it can react to service requests whereby the DDoS attack involves the control of a large number of the systems host machines by an attacker who launches it by infecting them with malicious software (Jang-Jaccard & Nepal, 2014np). Examples of the Dos and DDoS attacks include botnets, smurf attack teardrop attack, and ping-of-death attacks. Conversely, the Man-in-the-middle attack happens when the infiltrator inserts themselves between the path of a client and server (Jang-Jaccard & Nepal, 2014np). Some of the MitM attacks include session hijacking, replay, and IP spoofing.

Password attacks include attacks on the authentication process of a specific user or system and can be achieved through social engineering, accessing a password database, and guessing(Jang-Jaccard & Nepal, 2014np). Brute-force and dictionary attacks include the two types of password attacks that can be used on the Amazon information system. Finally, eavesdropping attacks occur when an attacker intercepts the network traffic and is usually used to obtain passwords and credit card numbers that a user may transmit over the network.]

Exploitable Vulnerabilities

Identify 7 to 9 exploitable vulnerabilities.

[ Exploitable vulnerabilities include system weakness that an attacker can utilize to perform their illegal actions within the digital system of an organization. Malware constitutes a conventional method of intruding a system, and while the Amazon systems can be deemed secure, new malware is created everyday implying that it is exploitable. The employees can be another exploitable vulnerability when approached through social engineering and spear phishing attacks (Jang-Jaccard & Nepal, 2014np). Internet of Things (IoT) devices that are used in the work environment such as smart printers, smart coffee makers, smart refrigerators, and manufacturing robots can be used by attackers to create slave networks of compromised appliances to perform more attacks(Jang-Jaccard & Nepal, 2014np). The fourth exploitable vulnerability includes the failure to patch security vulnerabilities once they are found out using the latest updates. Employees can also be considered as exploitable vulnerabilities when they attack the system intentionally, rather than external influence. The sixth exploitable vulnerability includes the company’s e-commerce point-of-sale which may be breached by stealing third-party vendor credentials such as data on the payment card (Jang-Jaccard & Nepal, 2014np). The last exploitable vulnerability is the source code of various website pages that may be infiltrated by use of malware.]

Threat History/Business Impact

Threat History Events

Duration

Business Impact

Threat Resolution

[Data breach due to a technical error (Smith 2018 np)}

[]

[Data for 60 million users]

[Malware protection]

[DDoS attack on Prime DaySmith 2018 np)]

[Hour]

[$75 million]

[Malware Protection]

[Response]

[Response]

[Response]

[Response]

[Response]

[Response]

[Response]

[Response]

Risks and Contingencies Matrix

Risk

Probability

Priority

Owner

Countermeasures/Contingencies/Mitigation Approach

[Malware attack]

[Low]

[Low]

[User]

[Security policies restricting extensive use of corporate internet resources]

[Phishing attack]

[High]

[High]

[User]

[Training on system vulnerability]

[Response]

[Response]

[Response]

[Response]

[Response]

[Response]

[Response]

[Response]

[Response]

[Response]

References

Amazon. (2019). About Us. Amazon. Retrieved January 18, 2019 from https://www.aboutamazon.com/?utm_source=gateway&utm_medium=footer

Fortune. (2019). Amazon. Fortune 500. Retrieved January 18, 2019 from http://fortune.com/fortune500/amazon-com/

Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80(5), 973-993. doi: 10.1016/j.jcss.2014.02.005

Smith, A. (2018). Amazon ‘technical error’ exposes undisclosed number of customer names and emails. CSO. Retrieved January 18, 2019 fromhttps://www.csoonline.com/article/3322973/security/amazon-technical-error-exposes-undisclosed-number-of-customer-names-and-emails.html

Copyright© 2018 by University of Phoenix. All rights reserved.

Copyright© 2018 by University of Phoenix. All rights reserved.