MIS607 Cybersecurity Mitigation Plan for Threat Report
ASSESSMENT 3 BRIEF
This report is about improving the security of the Peters Excellent Packers (PEP). Peter excellent Packers is the service of meatpacking and delivery that is located in western Sydney. Their enterprise is from small to medium and previous year their turnover was approximately $15 million. They also hire some employees and utilize their software system, established in-house. This entire system will be used for all the inventory as well as accounting purposes and huge reporting of the tax. They are concerned about the attacks that had been done with JBS Foods. The PEP has a website that takes the orders for their services and problems invoices. In this report, the mitigation project with some suggestions for ongoing security management had been designed. This is extremely significant to have accurate security management in the system therefore all the system resources could be secured from the malicious and dangerous users or attackers accessing illegally. The system integrity requirement had to be handled and controlled.
Table of Contents
Threats List and STRIDE Categorisation Summary. 5
Threats Analysis (Using Risk Matrix) 9
Conclusion & Recommendations. 15
This report is about the Peter excellent Packers which is service of meat packing and delivery and that is located in western Sydney as well. The PEP’s previous year’s turnover was approximately $15 million. They wanted to improve the security of their organization. They are utilizing their software system and the system will be utilized for all the accounting as well as inventory methods. Recently JBS foods had gone through malicious attacks. PEP is concerned regarding the attacks that had been done on JBS foods. PEP wants to secure over the same type of malicious attacks or other attacks that had been hit in JBS foods. This organization also wants some mitigation strategies over all these vulnerabilities or threats that Might find it after the research or study of the JBS foods organization. The main purpose of this assessment is to mitigate the PEP organization from the attacks that can be hit on their security system. Their security system has all the important information therefore it should not be hit. This assessment is important because it provides different threats that can be done in the organization and various attackers could hack the security systems. The mitigation strategies and the control measures are also provided in this report. Therefore, all the trades could be handled properly if the exact mitigation theory had been implemented in the organization.
Threats List and STRIDE Categorisation Summary
In the software system of PEP, there were various types of threats that could occur. The entire system is having internal as well as external threats. The PEP system could be accessed by two types of clients. One client is the general client that could access the interface of the web for locating the orders. Other is the members of a staff that could access the inter intranet for internal operations of the staff.Various types of threats are given below-
Leaking of Username and password- There were leaking of passwords and usernames of the legitimate users could occur Then the malicious user utilizes all this to access any network that they are trying.
Ransomware- These types of attacks could disturb the entire system therefore There is a requirement to be aware of these kinds of attacks. It could also cause some big losses to the operations of the organization. JBS foods the world’s largest producer of meat also per dollar million in the ransomware attack. It had been revealed by the company that it had been hit the day before by what is known as an organized cyber security attack on their North American and Australian systems and it was in the restoring process by having some backups. This attack is malware that encrypts the system of the target. Then the attackers demand a ransom to unlock all the files that they have. In some cases, the hack could also obtain access to the data of the target, and then the ransom would also guarantee that it will not be made publicly. Therefore, the PEP was away here from the ransom were attacks that could happen in the organization (Duncan et al., 2021).
Daniel of service attacks- In this attack the network on the machine shut down, creating it inaccessible to its intended users. DoS Attacks achieved this by flooding the target with traffic or sending the data or information that gives a crash in the network. The attackers sneak and go into the network to access all the data as well as information that the organization has. The organization has much important information in the systems or networks that they have created. Then the attackers could also assess that data that is having no direct allowance.
Hardware destructions- In hardware destruction there is no system of backup. In the main transaction server of the PEP, there could occur some destructions. All these destructions would lead to entire data loss.
Virus attacks- There are attackers to send some program pieces that could even destroy the entire current data as well as the system integrity. After this, the virus attacks the system and starts behaving abnormally (Mohurle& Patil, 2017).
Phishing- To the client machine there were many malicious URLs are send. When the company clicks on that URL then the system will be hacked and there would be rerouted to the site of the clone.
Insider threats- Different insider users could access the system by maintaining their self-interest. They will share the information with the other parties without having any allowance to the organization.
Privilege escalation- In this, the attackers could enhance their access privileges therefore they could access all the product’s knowledge for that they have no authorization or authentication.
STRIDE Threat modeling– Itis a significant tool in an export’s arsenal of security. The threat modeling is the team of security by a practical substructure for dealing with the threats that are coming. This model code also recommended what defenses to involve, likely the profile of the attacker, attack vectors, and attackers of assets that needed most. STRIDE Model includes six thread categories spoofing identity, tampering with the data, Repudiation threats, information disclosure threat, Daniel of services, and elevation of privileges (Namias& Chace, 2022).
|Threat||Violated property||Explanation of threat|
|S||Spoofing Identity||Authentication||It happens when the hacker or attacker impersonates the authenticated device or user to spread malware, bypass the access control system or steal the information.|
|T||Tampering with data||Integrity||It is the modifying act like manipulating, editing, or destroying the data with the help of unauthorized mediums.|
|R||Repudiation||Non-repudiation||These attacks occur if the system or the application does not obtain controls to Properly track as well as actions of log users, therefore, allowing malicious manipulation or forging the identification of the new action (Alkasassbeh et al., 2016).|
|I||Information Disclosure||Confidentiality||It is also known as information leakage and it happens if the website unintentionally reveals all the private information of the organization to the other users.|
|D||Denial of service||Availability||In this attack the network on the machine shut down, creating it inaccessible to its intended users. DoS Attacks achieved this by flooding the target with traffic or sending the data or information that gives a crash in the network.|
|E||Elevation of privileges||Authorization||In this the attackers could enhance their access privileges therefore they could access all the product’s knowledge for that they have no authorization or authentication (Agrafiotis et al., 2018).|
Threats Analysis (Using Risk Matrix)
Threat analysis the processor utilized to determine that system component required to be secured as well as security risk types or the threat they must be secured. The threat modeling assists the PEP Organisation to quantify vulnerabilities and risks, confirming those that require extreme attention as well as resources do therefore reduce the surface of the attack which is the purpose of the attacker.
|S. No.||Threat||Likelihood||Consequence||Overall risk||Explanation of threat|
|1||Spoofing Identity||Possible||Major||High||It happens when the hacker or attacker impersonates the authenticated device or user to spread malware, bypass the access control system or steal the information.|
|2||Tampering with data||Unlikely||Minor||Moderate||It is the modifying act like manipulating, editing, or destroying the data with the help of unauthorized mediums (Simmons et al., 2014, June).|
|3||Repudiation||Possible||Moderate||High||These attacks occur if the system or the application does not obtain controls to Properly track as well as actions of log users, therefore, allowing malicious manipulation or faking the identification of the new action.|
|4||Information Disclosure||Likely||Major||Extreme||It is also known as information leakage and it happens if the website unintentionally reveals all the private information of the organization to the other users.|
|5||Denial of service||Possible||Catastrophic||Extreme||In this attack the network on the machine shut down, creating it inaccessible to its intended users. DoS Attacks achieved this by flooding the target with traffic or sending the data or information that gives a crash in the network.|
|6||Elevation of privileges||Unlikely||Moderate||Moderate||In this the attackers could enhance their access privileges therefore they could access all the product’s knowledge for that they have no authorization or authentication (Mozafari et al., 2020).|
Threats and Controls
In the Peter Excellent Packers (PEP) the controls for the trades had also been recommended. All the threats could be mitigated if some Precautions are kept in mind. The best manner to secure from the spoofing involves setting up two-facto authentication (2FA), Ignoring emails and calls from unknown sources, utilizing a secured web browser, and utilizing or network firewall. Data tempering prevention could involve easy measures of security like data encryption and this could involve length like FIM or File integrity monitoring system for better security and control. For preventing the information disclosure attack the organization should use strong authorization, secure communication links by protocols that gave confidential text, use strong encryption, and do not store passwords or secret information in plain text. The Daniel of service medication defines as the processor of successfully securing a network or targeted server from distributed attacks of Daniel of services. The targeted victim or network is capable to mitigate the coming threat or risk with the help of designing network equipment or service of cloud-based protection (Raiyn, 2014). To mitigate the ransomware risk the organization has an accident response plan. The backups are also critical in this attack. The organization should utilize anti-spam and antivirus solutions. The organization should maintain all the systems patched. The organization should restrict internet access and utilize a proxy server for internet access. They should also restrict access to usual entry points of ransomware like social networking sites and personal emails accounts. The organization must apply the least privilege principles as well as segment the network.
Control access to ecosystem applications– As many employers are hired in the organization then it is very difficult to confirm who is the right person and who is assessing the applications at the right time. So locating robust access management or AM abilities at the manufacturing technology or steak permits the organization or the companies to influence Standardised protocols, the identity of federated and context-driven SSO that is also known as one single sign-on to confirm that the right phase of access control had been applied at the correct time. The workflow of AM would easily develop and change the manufacturing ecosystem that continues to increase and it would also decrease the cost, time, and risk in the organization.
Strengthen Authentication– In the organization more workers, partners and suppliers utilize antiquated means of authentication. Therefore, by leveraging contextual signals, CARTA or Continuous adaptive risk and trust, and security of zero trust then the organization could make stronger and reinforce the years step up and basic authentication workflows as well as it will also reduce or entirely decrease the reliance on passwords and usernames. It would also mitigate the risk of weak credentials, phishing attacks, and malicious actors’ ability to spread ransomware and malware attacks over the company.
Modify correctly- Nowadays all the organizations wanted to modify their systems and they are also obtaining cloud-based IAM. Implementing these technologies and modifying the technologies will be beneficial for the organization but somewhere the security could become at risk. Therefore obtaining the hybrid IAM solution permits the company to control the modernization at their speed and to expeditiously Legacy system that creates a huge risk to the security. The most useful and successful hybrid solution gives the Means to unity that recognize over various on premises, hybrid, and cloud identity stores while contributing to entire tenant isolation and the latency to control spear in the traffic.
Secure non-human identities- The explosion of both industrial, as well as consumer IoT in the manufacturing industry, had made weakness growingly exploited by other malicious attacks. By influencing hi capabilities of IAM at the edge company or capable to make seamless and secure management for the link and control devices of IoT and other identities of non-human. Establishing a standards-based method for authorizing as well as authenticating this identity gives the company a scalable as well as and automated method for implanting zero trust security at the manufacturing technology stack score by not needing human interventions. This would also permit companies to simply integrate the identities that are non-human by the organization applications at pace.
Conclusion & Recommendations
It had been concluded from the entire report that Peter excellent Packers or PEP is the meat Packing as well as delivery service that is located in western Sydney. They have a website for delivering and packing the services. From that website, they take the orders and the issue invoices also come from that website. All the transactional databases had been linked by that website. They have heard about JBS foods that got hit by attacks on their site. Therefore PEP wanted to know what kinds of threats could come into their organization and how they will mitigate all these risks and threats. In the report, the threats that could come to the organization had been mentioned and the mitigation strategy and scheme were also mentioned in the report. The threat analysis of the risk that could come in the organization or also mentioned in the report. It had been recommended that the organization and all the users should be aware of the coming risks and threats. The organization should implement and locate robust access management or AM abilities at the PEP. Nowadays all the organizations wanted to modify their systems and they are also obtaining cloud-based IAM. Implementing these technologies and modifying the technologies will be beneficial for the organization but somewhere the security could become at the risk.
Agrafiotis, I., Nurse, J. R., Goldsmith, M., Creese, S., & Upton, D. (2018). A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Journal of Cybersecurity, 4(1), tyy006. https://academic.oup.com/cybersecurity/article-abstract/4/1/tyy006/5133288
Alkasassbeh, M., Al-Naymat, G., Hassanat, A., &Almseidin, M. (2016). Detecting distributed denial of service attacks using data mining techniques. International Journal of Advanced Computer Science and Applications, 7(1), 436-445. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.742.3528&rep=rep1&type=pdf
Duncan, S., Carneiro, R., Braley, J., Hersh, M., Ramsey, F., & Murch, R. (2021). Beyond ransomware: Securing the Digital Food Chain. https://vtechworks.lib.vt.edu/bitstream/handle/10919/107740/2021%20Duncan%20et%20al%20Beyond%20Ransomware%201021_F1_Cybersecurity%20Food%20Technology.pdf?sequence=2
Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack 2017. International Journal of Advanced Research in Computer Science, 8(5), 1938-1940. https://sbgsmedia.in/2018/05/10/2261f190e292ad93d6887198d7050dec.pdf
Mozafari, N., Weiger, W. H., &Hammerschmidt, M. (2020). The Chatbot Disclosure Dilemma: Desirable and Undesirable Effects of Disclosing the Non-Human Identity of Chatbots. In ICIS. https://www.researchgate.net/profile/Maik-Hammerschmidt/publication/344416480_The_Chatbot_Disclosure_Dilemma_Desirable_and_Undesirable_Effects_of_Disclosing_the_Non-Human_Identity_of_Chatbots/links/5f734ebc299bf1b53efe91d9/The-Chatbot-Disclosure-Dilemma-Desirable-and-Undesirable-Effects-of-Disclosing-the-Non-Human-Identity-of-Chatbots.pdf
Namias, D., & Chace, J. (2022). US Warfare Within the Fifth Domain: Deterring Russian Cyber Aggression. https://digitalcommons.liberty.edu/cgi/viewcontent.cgi?article=1267&context=hsgconference
Raiyn, J. (2014). A survey of cyber attack detection strategies. International Journal of Security and Its Applications, 8(1), 247-256. https://www.researchgate.net/profile/Jamal-Raiyn/publication/281026425_A_survey_of_Cyber_Attack_Detection_Strategies/links/5f44be57458515b7294f1ffa/A-survey-of-Cyber-Attack-Detection-Strategies.pdf
Simmons, C., Ellis, C., Shiva, S., Dasgupta, D., & Wu, Q. (2014, June). AVOIDIT: A cyber attack taxonomy. In 9th Annual Symposium on Information Assurance (ASIA’14) (pp. 2-12). https://www.albany.edu/wwwres/conf/iasymposium/proceedings/2014/ASIA14Proceedings.pdf#page=12