Scribd
Upload
8 views

Project

Uploaded by

raspi.project13
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
8 views

Project

Uploaded by

raspi.project13
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Build an attack case study report using this template.

If you need help, refer to the instructional video.

There are five content slides plus a title slide in this


template. You can receive up to 20 points for each
content slide. You need 80 points to pass this
assignment.

For your best chance of success, pick an attack or


Instructions breach with enough information and data so that you
will be able to report the required information.

Replace the red text on each slide with your


information and change the text color to black or
white, depending on the background. You can change
the font size, if needed.

When your report is complete, delete this slide and


save your file as a PDF to submit for review.
Case Study

Attack Category

Company/Affected parties

© Copyright IBM Corp. 2023


1. Based on common data breach types, you might select
something like ransomware, phishing, SQL injection, or
man-in-the-middle attack.

2. Ransomware: A type of malware that encrypts the


victim's files, with the attackers demanding a ransom for
the decryption key.

Phishing: A cyberattack that uses fake emails or messages


Attack Category: to trick individuals into sharing sensitive information like
Name of category passwords or credit card numbers.

SQL Injection: A code injection technique that targets


databases by inserting malicious SQL code into forms or
URLs, enabling attackers to retrieve sensitive data.
Possible sources for your research:

“According to IBM’s X-Force Threat Intelligence Index 2023,


ransomware attacks accounted for 27% of all cyberattacks in the
past year.”

“Phishing was responsible for over 80% of reported data breaches


in 2022, according to Verizon’s Data Breach Investigations
Report.”
Attack Category: Cite your sources.
Name of category
https://www.verizon.com/about/news/ransomware-threat-
rises-verizon-2022-data-breach-investigations-report

https://mysecuritymarketplace.com/reports/x-force-threat-
intelligence-index-2023/
Company Description: Write a brief description of the

chosen company, including its industry, size, and

services.Breach Summary: Summarize the breach,

Company mentioning the nature and scope of the attack. Example:


Description and “In 2022, Company X experienced a ransomware attack
Breach Summary
that compromised customer data and financial records.”
Event 1
1 Initial Vulnerability: Describe a specific weakness in the company's
system (e.g., "Unsegmented network left sensitive data exposed").

Event 2
2 Attack Start: Note how and when the breach began (e.g., "Phishing
email granted attackers unauthorized access").

Event 3
3 Breach Detection: Detail when the company discovered the breach
(e.g., "Unusual login alerts triggered an investigation").
Timeline
Event 4
4 Immediate Response: Summarize initial steps taken (e.g., "IT isolated
systems and assessed damage").

Event 5
5 Public Disclosure: State when the company informed the public (e.g.,
"Announcement issued to customers and regulators").

Event 6
6 Long-term Fixes: Mention lasting security improvements (e.g., "Added
multifactor authentication and enhanced monitoring").
Vulnerabilities
Provide a general summary of the vulnerabilities that contributed to the breach. Example: "The company lacked
regular system updates and had weak password policies."

Vulnerability 1 Vulnerability 2 Vulnerability 3 Vulnerability 4


Lack of Multi-Factor Outdated Software: Phishing Weak Password
Authentication (MFA): Critical systems were Susceptibility: Policies: Simple
Many systems lacked running unpatched Employees were not passwords were used
MFA, making software vulnerable to trained to identify without enforcement
unauthorized access known exploits. phishing emails, of complexity
easier. leading to credential requirements.
theft.
Costs Prevention

• 1. Fines and Legal Fees: $2 • 1. Regular Security Audits:


million in regulatory fines and Conduct frequent audits and
legal expenses vulnerability scans.
• 2. Security Upgrades: $5 million • 2. Employee Training: Increase
for enhanced security and cybersecurity training and
Costs and breach recovery. awareness.
Prevention • 3. Lost Revenue: 15% drop in • 3. Enhanced Access Controls:
customer retention, impacting Implement multi-factor
revenue. authentication and network
segmentation.

You might also like