...-Describe the nature of the event: A sophisticated intrusion was detected in the company’s financial records that encompassed multiple stealthy tactics, leaving the company in a predicament they never would have imagined. A financial auditor performing their daily tasks identified an error within the company’s financial amounts. They identified that multiple paychecks with modified amounts were sent to an individual. In their attempts to notify appropriate personnel via email, the emails were sniffed; modified and fictitious communications were conducted between the auditor and the attacker. The attacker was then able to gain additional access into more financial records, whereby more modifications were conducted; to include the presidents and other’s salary and then took those deductions and added them to their paycheck. IT personnel were able to identify that an internal system was conducting a man-in-the-middle attack by spoofing an internal Internet Protocol address, whereby all traffic that was sent to a specific location was involuntarily sent to another system. The culprit was lack of access controls, central reporting systems, authentication controls, and a lack of host based intrusion prevention systems. These controls and systems would have prevented this type or at minimal detected this type of attack and could have saved the company many hours of labor costs. -Identify who needs to be notified based on the type and severity of the incident: In incidents such as...
Words: 2798 - Pages: 12
...-Describe the nature of the event: A highly technical interference was discovered in the organization's financial reports that rounds off several stealthy methods which puts the company at great risk. This discovery was as a result of an audit carried out by professionals on a routine basis. They noticed that many paychecks which had been doctored were made to a particular person. In a bid to notify the right personnel through mail, the mails were intercepted and fraudulent communications were between the auditor and the attacker. Through this the attacker then gained access to a lot of financial records and altered them; adding the name of the president and that of others in order to deduct money from theirs to add to their own paycheck. However the IT personnel was able to dictate that an internal system had done a middle man attack through an internal internet Protocol address, whereby all traffic meant for a particular location was sent to another system unknowingly. The suspect didn't have the right access control central reporting systems, authentication controls, and a lack of host based intrusion prevention systems. These controls and systems are actually meant to act as guide against this kind of attack and save the company several hours of labor costs. -Who should be notified? In cases like this, the top hierarchy should be alerted and kept informed of the casewhen any move is made becauseeverything stops at their table. The Computer Emergency Response Team or...
Words: 2778 - Pages: 12
...SUBDOMAIN 427.1 ENTERPRISE CONTINUITY PLANNING Competency 427.1.5: Responding to Attacks and Special Circumstances The graduate identifies, evaluates, and applies network response procedures for attacks with special circumstances. Competency 427.1.7: Continued Assessments During a Disaster The graduate assesses needs, threats, and solutions prior to and during a network disaster. Scenario: An employee hacked into the human resource records system at the employee’s place of business and changed the employee’s base salary rate to obtain a pay raise. The employee did this by spoofing an IP address in order to eavesdrop on the network. Once the employee identified where the data was stored and how to modify it, the employee made the changes and received two paychecks with the new amount. Fortunately, an auditor happened to discover the error. The auditor sent an email to several individuals within the organization to let them know there was a potential problem with the employee’s paycheck. However, the employee was able to intercept the message and craft fake responses from the individuals the original email was sent to. The employee and the auditor exchanged emails back and forth until the employee was soon given access permissions for some other financial records. With this new information, the employee was able to lower the salaries of the president of the company and several other employees and then to include the salary difference in the employee’s own paycheck. The...
Words: 667 - Pages: 3
...FXT2 Task 2 Follow-Up re: Human Resources Data Modification 1. Identify areas that were not addressed by the IT staff’s response to the incident. Based on the narrative, the only corrective measure the company implemented was PKI. As noted in the original evaluation, several areas need to be addressed: * Climate/culture of the organization * Employee training for social engineering attacks * Positive identification of employees when granting role-based access * Vulnerabilities within and without the network, specifically to sniffers and eavesdropping * The ease with which the employee changed his pay rate, indicating a single system used for HR profiles rather than segregated duties & systems * The PKI that was installed only addressed the HR system, rather than the entire organization Honestly, the whole environment at this company needs a complete evaluation and overhaul! 2. Outline the other attacks mentioned in the scenario that were not noticed by the organization. * Social Engineering * Sniffing/Eavesdropping * Unauthorized Privilege Escalation * Network Penetration * Spoofing a. Describe the nature of the attacks not noticed by the organization. By “the nature of the attacks” I interpret this to mean the source of the attacks, or the skillset required to carry out the attacks. I believe this employee was tenured based on their ability to: * Hack into the HR system * Successfully intercept the email from...
Words: 801 - Pages: 4
...ENTERPRISE CONTINUITY PLANNING Responding to Attacks and Special Circumstances Continued Assessments During a Disaster By Charles Paddock FXT2 – Task 2 November 5th, 2012 A. Perform a post event evaluation of how the organization’s IT staff responded to the attack described in the scenario by doing the following: 1. Describe the nature of the incident. The nature of the incident was that an internal employee successfully hacked into the human resources, payroll and electronic mail systems. The employee was then able to manipulate payroll data, intercept emails and impersonate staff through electronic means. There were a number of techniques used in this attack such as network eavesdropping, IP spoofing, social engineering, man in the middle, and escalation of access privileges. All of these types of attacks are consistent with an experienced hacker who knew what he was after. The incident was only discover because of an auditor reviewing the records and noticed the changes. When the auditor notified management of the discrepancies via email his emails were intercepted and the hacker negotiated higher access privileges by posing as management and IT Staff. 2. Identify who needs to be notified based on the type and severity of the incident. The first call should be to the Security and IT teams to secretly verify the attack and prevent further escalation. In the case where you believe we have been hacked and you do not know the extent of the...
Words: 1283 - Pages: 6
...------------------------------------------------- ENTERPRISE CONTINUITY PLANNING FXT2 TASK 2 November 10, 2015 chrystal kimbrough WGU November 10, 2015 chrystal kimbrough WGU EXPLANATION SUMMARY ENTERPRISE CONTINUITY PLANNING A company’s worst fear came to fruition when an employee hacked into his own records on the human resource system and was successful in modifying their own records. The employee gave himself an increase in pay by increase his base salary rate. The employee had success in performing this crime by spoofing an IP address, allowing their self the ability to eavesdrop on the network. By spoofing the specific IP address, the employee was able to find the location of the data and successfully modified it for their gain. After the fact, the employee received two paychecks containing the fraudulent salary. An auditor, who was effectively performing their job duties, became aware of the fraudulent acts of the employee, and thus sent an email to several pertinent individuals within the organization making them aware of the situation and that there is potentially a discretion with the employee’s paycheck. Probably on the “look-out” for reaction from their errant ways, the employee somehow was able to intercept the emails that were intended for the original recipients. The employee then created falsified responses, posing them to seem as if they were coming from the intended individuals that the original email was sent to. This exchange went on back and...
Words: 3197 - Pages: 13