Jon Boucher – CSOL 580-01-SU17 (Cyber Intelligence)

Module 4 – Assignment 4

Assumptions: The company profile is as follows: (a) LLC, small business; (b) 20 employees with $15M
in revenues; (c) Defense contractor providing software/systems engineering support services to a US
Navy client in the San Diego area.

I. Introduction - The purpose of this report is to highlight relevant Cyber threats to

our company and assist company leadership in better appreciating the threats
potential impacts. This report is also intended to help Leadership in making informed
decisions in applying resources (people and funding). The four threats are: Cyber
Criminals (financially motivated), Cyber Criminals (competitively motivated),
Hacktivists and Advanced Persistent Threats (APT).
The stakes are high, and the consequences of not understanding these threats are
substantial. “The U.S’ National Cyber Security Alliance found that 60 percent of
small companies are unable to sustain their businesses over six months after a
cyber attack.” (Miller, 2017)

II. Company Priorities and our Obligations - The four threats identified in this
report all present a threat to our corporate priorities. These actors present tactical,
operational and strategic threats. These threats could not only effect our company’s
“bottom line” they could also negatively affect our fiduciary obligations to
employee/clients. As a certified Defense contractor, we also have a unique
requirement to protect the confidential information of our Government clients when
necessary.

III. Methodology and Rationale: My methodology for selecting these threats was
based on two criteria. First, I wanted to select threats that are likely to target our
company. Our small business has unique needs with regards to cyber security; we
should choose tactics that address the most probable attack. Secondly, I wanted to
choose threats which we have the means and resources to defend. I found one
article that provided insight into the most probable attacks our company could face.
Matt Mansfield’s article “Cyber Security Statistics – Numbers Small Businesses
Need to Know” provided a great foundation for this report. His analysis is based on
surveying over 600 IT leaders across small and medium sized businesses. Here’s
what the survey revealed (Mansfield, 2017):

Most Cyber criminals Most typical types of Root causes of the

interested in obtaining: attacks: breaches:
Customer records Web-based attacks Negligent employee or
contractor
Intellectual Property (IP) Phishing/Social 3rd party mistake
Engineering
Credit/debit card General malware Error in system or
information. operating procedure
 Jon Boucher – CSOL 580-01-SU17 (Cyber Intelligence)
Module 4 – Assignment 4

IV. Four Types of Threats: Here are the four threats (in order of precedence, #1
being the most probable):
a. Financially Motivated Cyber Criminals –These people seek money and
primarily use Cyber tools like ransomware to accomplish their attack. This
actor is most likely a criminal with no affiliation with our company; however, in
some cases this person could be an insider. Insiders consist of disgruntled
works and their motivation is usually based on some perceived wrong (e.g.:
termination, passed over for promotion, etc) (Bosworth, 2015)
b. Business Competitive Cyber Criminals - This is another class of criminals;
however, their motivation extends beyond just financial gain. They are
interested in trade secrets and/or our propriety information. These Cyber
criminals seek data to give them a competitive advantage in our Industry.
c. Hacktivist – Because we are a DoD defense contractor, we do present an
attractive target to a Hacktivist. Hacktivism is cyber-crime motivated by
politics, idealism and a shared believe. The two Hacktivist organizations
below have perpetrated several attacks on US Government institutions,
espousing political and ideological positions.
i. LulzSec: When they hacked PBS, they stated they did so in retaliation
for what they perceived as unfair treatment of Wikileaks in
a Frontline documentary entitled WikiSecrets. A page they inserted on
the PBS website included the title "FREE BRADLEY MANNING.
@#$@ FRONTLINE!" (Wikipedia [LulzSec], 2017)
ii. Anonymous: “Anonymous attacked the Census Bureau in protest of
the proposed Transatlantic Trade and Investment Partnership between
the U.S. and European Union and the Trans-Pacific Partnership with
countries from North America and the Pacific Rim.” (Boyd, 2017).
Even more compelling evidence of cyber-attacks can be found in Paul
Rosenzweig’s article “Significant Cyber Attacks on Federal Systems –
2004 to present”.
https://www.lawfareblog.com/significant-cyber-attacks-federal-systems-
2004-present

d. Adversarial Nations States APT(s) – APT’s represent the most

sophisticated, advanced threat. They are often perpetrated by determined,
adversarial nation states committed to compromising our most cherished
state secrets.
“Historically, APT attacks have been created by sophisticated hackers using
advanced attack techniques and blended-threat malware. But now, we’re
starting to see smarter, every day malware criminals speed up the evolution
of APTs and make small and mid-sized organizations even bigger targets”
(Nachreiner, 2013). Here is an example of a Nation State demonstrating APT
behavior:
i. Cozy Bear, classified as advanced persistent threat APT29, is
a Russian hacker group believed to be associated with Russian
 Jon Boucher – CSOL 580-01-SU17 (Cyber Intelligence)
Module 4 – Assignment 4

intelligence. Cybersecurity firm Crowd Strike has suggested that it may

be associated with either the Russian Federal Security Service (FSB)
or Foreign Intelligence Service (SVR).[2] (Wikipedia –[Cozy Bear],
2017)

V. Mitigating the Risks: The following section will cover the how to best mitigate
the threats mentioned in section IV. Please see related PowerPoint slide deck for a
more detailed explanation of risk (Likelihood and Severity) and mitigation strategies.
a. Financially Motivated Cyber Criminals – The best way to mitigate is to
implement multi factor authentication and implement comprehensive and
Cyber training on Phishing attacks. We should select an appropriate IDS/IPS.
b. Business Competitive Cyber Criminals – Create a culture that discourages
insider threats, Implement multi factor authentication. We should also
frequently conduct cyber training on Phishing attacks and procure a robust
Data Loss Prevention (DLP) system.
c. Hacktivist – We should routinely gather information on Hacktivist type
attacks and actively control information about our company. In other words,
we should be cognizant of our online OSINT footprint.
d. Adversarial Nations States APT(s) – To address the APT threat we should
procure a Data Loss Protection (DLP) System. In addition, we should status
current with APT activity by building a relationship with other Industry
partners. We should also consider using consultants and joining Cyber
Security Trade groups and consortiums that collectively have knowledge
about current APT activity.

VI. Recommendations and Way Forward: Now that we have identified the
landscape, our company’s priorities and obligations and the four threats we now
need to decide a direction to counter these threats. We should choose a IDS/IPS
and/or Data Loss Prevention (DLP) that specifically addresses these threats. Finally,
there is no substitute for consistent and comprehensive training for our employees
and system administrators.

References:

1) Bosworth, Seymour. (2014). Computer Security Handbook (6th ed., Vol. 1).
Hoboken, NJ: Wiley. Chapter 12

2) Gary Miller. 24 March 2017. “60% of small companies that suffer a cyber attack
are out of business within six months.” Retrieved 04 Aug 2017 from:
http://www.denverpost.com/2016/10/23/small-companies-cyber-attack-out-of-
business/
Jon Boucher – CSOL 580-01-SU17 (Cyber Intelligence)
Module 4 – Assignment 4

3) Matt Mansfield. (03 JAN 2017) “Cyber Security Statistics – Numbers Small
Businesses Need to Know.” Retrieved on 03 Aug 2017
from:https://smallbiztrends.com/2017/01/cyber-security-statistics-small-
business.html

4) Wikipedia – [LulzSec]. Retrieved on 03 August 2017 from:

https://en.wikipedia.org/wiki/LulzSec

5) Wikipedia – [Cozy Bear]. Retrieved on 04 August 2017 from:

https://en.wikipedia.org/wiki/Cozy_Bear

6) Aaron Boyd. (27 July 2915 “Anonymous Hacks Census Bureau, exposing more
feds’ data.” Retrieved on 03 AUG 2017 from:
http://www.federaltimes.com/2015/07/27/anonymous-hacks-census-bureau-
exposing-more-feds-data/

7) Paul Rosenzweig. (07 May 2017). “Significant Cyber Attacks on Federal Systems
– 2004 to present”. Retrieved on 03 AUG 2017 from:
https://www.lawfareblog.com/significant-cyber-attacks-federal-systems-2004-
present

8) Corey Nachreiner (02 JAN 2013). “Your Firm Is Small, But Still An Attractive
Target”. Retrieved on 03 AUG 2017 from:
https://readwrite.com/2013/01/02/small-firms-are-immune-to-advanced-
persistent-threats-youre-delusional/