IT, Case study

IT, Case study

If you don’t mind this is the case study i told you about it last time.

Q1- now that the news story about your bank is public, a meeting is scheduled to determine why the various hardware and procedural controls failed to stop a cybercrime group from successfully accessing the accounts of almost 100000 clients and transferring their money overseas. As the head of IT security, you must provide a report to the meeting; the meeting will include the Senior Management Group, Australian Regulatory authorities, Federal and State Police. Write your report bellow ensuring that you describe:
What controls were place to prevent this type of access and why were they selected;
Why didn’t the control work?
When the break-in was notices, what actions were taken and what mitigation steps were used?
Why didn’t mitigation steps work?
Why did it take so long for the break-in to be disclosed to the account owners and stakeholders?

Q2- After only vaguely recalling what your university lecturer said many years ago about not getting involved in a forensics activity, you now find yourself in court having to defend what you did in a forensic examination of hard drive in relation to an unfair dismissal case. The case involves a senior manager who was dismissed after using the company email system to send jokes and photographs- something that is against the company policy.

In preparation for your court appearance, you must write down exactly what you did and why- remember to be specific because the legal counsel will be very aggressive.

SaMple Paper


            Executive Summary

Since late 2006, several financial institutions and banks have suffered attacks from an unknown cluster of cybercriminals. In nearly all these attacks, a similar modus operandi was applied – email scams leading to unauthorized access to over 100,000 client accounts and moving money overseas. In January 2013 Reserve Bank of Australia confirmed a hacking attack that penetrated the Bank’s firewall system accessing nearly 100,000 accounts and transferring their funds overseas. This post-cyber-attack report offers a technical analysis to this attack.


An analysis operation has exposed that the preliminary infections were attained through spear phishing emails appearing to be official legitimate banking communications, with Control Panel Applet (.CPL) and Microsoft Word (.doc) files attached. It is believed that the attackers in addition redirected to exploit kits web traffic that linked to financial activity. Once on network, the email attachments exploit Microsoft Office 2003-10 and MS Word vulnerabilities. Once the vulnerability is effectively exploited, a shell-code decrypts to execute a backdoor identified as Carbanak.

Carbanak is a remote back-entry intended for data infiltration, espionage, and to grant remote access into infected systems. Following a successful malicious attack, the hackers execute a manual exploration of the prey’s networks. The findings of this operation aided the hackers in leveraging diverse lateral movement tools to gain access into the critical systems within the Bank’s infrastructure. This was then followed by installation of additional software such as compromise SSH servers and Ammyy remote administration tools among other Carbanak malware.

Following a successful compromise of the RAB network, the hacker’s primary internal objectives were to permeate money processing services, financial accounts, and Automated Teller Machines – ATM. Money accessed was then transferred to offshore destinations through SWIFT – Society for Worldwide Interbank Financial Telecommunication – network. Several Oracle databases were largely manipulated to access debit or payment card accounts. Additionally, the ATM network was further infiltrated and used to dispense currency from certain locations and times when money mules were standing by to collect it.

This infiltration was made successful through videotaping and impersonating legit Bank operators with superior access levels particularly system administrators. Among the 100,000 banking entities affected at the time of compiling this report, half of this number had suffered financial losses. For example, one account lost an estimated $7.3 million (USD) owing to ATM fraud; while another suffered a $10 million (USD) loss as

banking platform.

What controls were in place?

The bank had diverse technical countermeasures deployed to avert cybercriminals by hardening systems against intrusion. In the first line of defense, Access control lists (ACLs) on the Firewalls were present to determine traffic and services traverse the check point. In addition, the bank had in place a network antivirus to avoid propagation of malevolent code. Both of this protection layers had further been enhanced with crypto

Get a 10 % discount on an order above $ 100
Use the following coupon code :
error: Content is protected !!