Professional Documents
Culture Documents
Week 2 - Case Study
Week 2 - Case Study
Week 2 - Case Study
Confidentiality, Integrity, and Availability, also known as the CIA triad, is a model
designed to guide policies for information security within an organization.
Lion is one of Australasia’s leading food and beverage companies across Australia
and New Zealand. They market premium brands of dairy, juice, soy, beer, cider, fine wine,
spirits, alcoholic ready-to-drinks and non-alcohol beverages categories.
On 8 June 2020, Lion was a victim of cyber-attack. They immediately shutdown all
their IT systems as a precaution of further damage.
IT teams and cyber security expert have continued working and investigating cyber
incident and working to bring systems back online.
However, It was reported as per iTwire that hackers used the REvil ransomware to
attack the company and demanding $US800,000(1.16m) to decrypt the company files.
REvil is also known as Sodinkibi that attacks systems running Microsoft’s Windows
operating system.
In addition, to encrypting up a company files, REvil ransomware will often leak files
on the dark web as a bargaining tactic if a victim does not pay by the deadline.
In relation to the C.I.A. Triad, the Lion - REvil ransomware attack defined as:
Confidentiality:
Confidentiality means limiting access to information only to those who need it and
preventing access by those who don’t.
A loss of confidentiality is defined when data is seen by someone who shouldn’t have
seen it, data breaches like the Lion cyber-attack using a REvil ransomware by malicious
attacker is an high-profile example of loss of confidentiality.
Integrity:
Integrity of “Lion IT system” data has been affected, but it’s not fully disclosed. Other
sources have stated that Lion was given time to pay up and threatened to double the ransom
(itwire, 2020). Therefore, the hackers successfully delivered a sophisticated cyber attack
using a REvil ransomware that encrypts and corrupts data when Ransome payment is not
met.
Availability:
Availability of information means that’s users, either people or other systems, have
access to it.
References
Grubb, B 2020, Hackers post evidence they have beer giant Lion's confidential files,
https://www.smh.com.au/technology/hackers-post-evidence-they-have-beer-giant-lion-s-
confidential-files-20200619-p5548s.html
Lion, 2020, Lion Cyber incident update,
https://www.lionco.com/media-centre/lion-update-re-cyber-issue
McAfee Labs, 2020, McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service
– What The Code Tells Us,
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-
revil-ransomware-as-a-service-what-the-code-tells-us/
Varghese, S 2020, Attackers give Lion deadline for paying ransom of US$800,000,
https://www.itwire.com/security/attackers-give-lion-deadline-for-paying-ransom-of-us
%24800,000.html