Professional Documents
Culture Documents
INTELLIGENCE PLAN
G LOGAN GOMBAR
8/14/2020
USD CSOL580 M7
DEFINITIONS
• Cyber Threat
• Anything that can damage, corrupt, or steal data, or disrupt an orgs digital landscape and
presence
• Organized Crime
• Groups paid by other groups to do the actions
• Hacktivists
• Persons who hack for a social cause
• Insider Threats
• Employees who are upset with their company
• Threat Level
• Unlikely to target the company offensively
• Not a publicly traded company, so no public market value, but are still active
• Received “Top Rated” award in 2019 from SoftwareWorld
EVENT EXAMPLE 1 – MAERSK & NOTPETYA
• Who: Unknown
• When: June 2017
• Why: Unknown, seemed to be complete destruction
• What: A Ukrainian tax software update server was poisoned with
malware. It permanently encrypted infected devices. Estimated
cost of Maersk recovery was $300 million, with ~$10 billion for
global recovery
• How: Used a public NSA tool, EternalBlue, exploited unpatched
systems. The patch to render EternalBlue useless was also public.
EVENT EXAMPLE 2 - MIRAI IOT BOTNET
• Who: Unknown
• When: May 2017
• Why: Financial gain, malware demanded ransom
• What: Encrypted computers & demanded ransom. Hit high-profile
networks, British National Health Service and FedEx.
• How: Used a public NSA tool, EternalBlue, exploited unpatched
systems. The patch to make EternalBlue useless was public.
RISKS TO THE COMPANY
• Phishing/Social Engineering
• Exfiltrating sensitive data via social engineering is a risk to every company
• Can happen via multiple mediums – in person, email, phone, etc.
• Unpatched systems
• Have known vulnerabilities, are liabilities
• Password Audits
• Mirai botnet used factory default passwords for networked devices
• Quarterly password audits and minimum requirements help avoid this
RE-EVALUATE REGULARLY
• The Red Team, Patching, & Password Audit processes will need to be reviewed
quarterly to ensure they meet the target