Your manager appreciated your thoughtful analysis on the infiltrate phase and would now like your thoughts on the Activate phase. Your efforts at educating users on the common ransomware attack vectors has been a huge success. Despite that success, some users were caught off guard and clicked through a phishing email message. At least one user landed on a malicious website and clicked a form submission button that allowed the attacker direct access to your network. Now that an attacker has infiltrated your network, and you suspect they have planted ransomware on some systems: Choose one of the questions below. What would you communicate to your manager? 1. What, if anything can CAG do to determine if malicious code was transferred over the network and planted on a system? 2. Provide your thoughts on how a defender can gain better visibility over the Activate phase. 3. How do you think CAG can best defend against a ransomware attack in the activate stage?
You were introduced to a ransomware attack scenario during Unit I in which you assumed the role of a recently hired cybersecurity analyst to help the organization to respond to an unfolding ransomware attack. In Unit II, you provided your manager with your ideas on ransomware attack vectors, how an attacker might employ a vector in an attack or how Celinszky Automotive Group (CAG) might best defend against these common vectors.
Your manager appreciated your thoughtful analysis on the infiltrate phase and would now like your thoughts on the Activate phase. Your efforts at educating users on the common ransomware attack vectors has been a huge success. Despite that success, some users were caught off guard and clicked through a phishing email message. At least one user landed on a malicious website and clicked a form submission button that allowed the attacker direct access to your network.
Now that an attacker has infiltrated your network, and you suspect they have planted ransomware on some systems:
Choose one of the questions below. What would you communicate to your manager?
1. What, if anything can CAG do to determine if malicious code was transferred over the network and planted on a system?
2. Provide your thoughts on how a defender can gain better visibility over the Activate phase.
3. How do you think CAG can best defend against a ransomware attack in the activate stage?
Textbook Reference
Grama, J. L. (2022). Legal and privacy issues in information security (3rd ed.). Jones and Bartlett. https://online.vitalsource.com/#/books/9781284231465