Identify the TTPs (Tactics, Techniques, and Procedures) used by the attackers.
The attacker in the Acme Bak case was clever and used phishing as a tactic to attack the bank system. This was done by the attractive email they sent to lure an employee to click it, thinking it was a legitimate link. The attacker further used two techniques—watering hole attacks from the illegitimate website they used to deliver and initiate the attack. Also, a compromised email was another technique they used from the phishing email that was disguised as a regular employee email to trick them into clicking it. The attacker used the following detailed procedure to access the bank system:
Email phishing delivery
Deceptive Link clicked
Malware installation
Malware Execution
Malware replication in the network
Data exfiltration
Classify the security control types implemented by Acme Bank as either technical, operational, or managerial controls.
Acme Bank implemented all three control types as shown below;
Technical Controls
Advanced email filtering: Acme implemented this control to filter out malicious emails before they reach the employee’s queue.
Network detection system (NIDS); Acme Bank implemented this to detect unusual network activity within Theban systems and block further activity (IanIndexsy, 2023).
Security patches and updates: this was done by the bank to upgrade its security systems to ensure attackers do not have easy access to computer systems and resources.
Operational Controls
Asset inventory; the bank had to have a clear record of their assets to ensure security is implemented in all of them.
Access control was done by the bank to ensure employees and outsiders had different levels of access to the bank’s system and resources.
Training was done by the bank to ensure knowledge of threats, how to identify them, and their levels of impact.
Response plan: the bank created a clear incident response plan to ensure an attack is responded to faster to minimize risks.
Managerial Controls
Board oversight: Acme Bank improved its oversight of the bank’s board of management, which ensured better decisions were implemented that would improve the bank’s security.
Employing a new security team: Acme Bank employs a dedicated Chief Information Security Officer (CISO) who will oversee the overall security of the bank’s systems, ensure employee training, and hire an appropriate team to work under him.
Discuss the attack surface management that took place. Was it passive discovery or edge discovery surface management?
Edge security surface management was the type of attack surface management that took place in this scenario (Nolle, 2021). The email servers of Ace Bank were strategically positioned at the edge of the computer infrastructure to ensure seamless communication between internal and external systems to ensure focused security.
Describe the methods employed by Acme Bank to reduce the attack surface. Consider asset inventory, access control, patching and updating, network segmentation, removing unnecessary components, and employee training.
Asset Inventory: In order to comprehend and control its attack surface, Acme Bank kept an inventory of its assets.
Employee Training: Employees at Acme Bank received thorough training on how to identify and handle any security risks, such as phishing efforts.
Network Segmentation: Acme Bank separated its network into parts in order to lessen the effects of a possible hack and stop additional access, therefore lowering risks.
Patches and updates: this was done by the bank to upgrade its security systems to ensure attackers do not have easy access to computer systems and resources.
Access control was done by the bank to ensure employees and outsiders have different levels of access to the bank’s system and resources.
References
IanIndexsy. (2023, March 15). What is Network Intrusion Detection System (NIDS)? Sapphire. https://www.sapphire.net/cybersecurity/nids/
Nolle, T. (2021, November 8). Edge computing security risks and how to overcome them. IoT Agenda. https://www.techtarget.com/iotagenda/tip/Edge-computing-security-risks-and-how-to-overcome-them