Module 2 - Threats and Exploits

Task 1 - Exercise Worksheet

This worksheet contains a number of exercises to be

completed during and after review of the seven videos for this
module. Please refer to the worksheet throughout and use your
new knowledge to complete the two exercises.
After completing this worksheet, please submit your responses in section six of
this module, and move on to the multiple-choice questions before proceeding to
Module 3

The exercises required to be completed for this module are:

1. THREATS AND EXPLOITS PROPERTIES

2. COVID-19 Report (pg 2 – 4)
Exercise 1: Threats and Exploits
Properties
In this exercise you will explore some of the common
properties of malware. Complete the questions below and
submit along with the other exercises at the end of this
module.

Question 1 – Transmission Rate Challenge

A computer worm has infected your company’s network and is about to run riot.

You’ve determined that there is already one infected machine, and that every
infected machine will be able to infect two new machines every two hours. How
many total machines (including the already infected machine) will be infected in
12 hours’ time if you can’t stop the spread?

0 hours 2 hours 12 hours

Question 2 – Malware Challenge

Sally and Tim are in a relationship and live together with a shared a desktop
computer. Sally has recently noticed Tim using IM a lot more than normal on the
machine and asks Tim who he is speaking to all the time. Tim responds that it’s
just for work.

Sally installs free spyware on their desktop to log Tim’s keystrokes and monitor
his activity.

Two weeks’ later, Sally is buying groceries and her card is declined, although
she knew she had money in it this morning.

What could have occurred based on the information above, and what steps
should Sally take going forward?

WHAT COULD HAVE OCCURRED WHAT STEPS SHOULD SALLY

TAKE?
Exercise 2: COVID-19 Report
To: Security Operation Centre
From: Cyber Security Consultant
Date: 22nd April 2020

In our role as Cyber Security consultants we have compiled a

brief report on the cyber security implications of COVID-19 for
your business.
The COVID-19 pandemic is a global crisis that has severe global implications in
healthcare, businesses and the economy. As organisations have shifted to
remote working and moved their operations to the digital world, they are now at
increasing risk of cyberattacks. It is an unfortunate fact that threat actors use
these challenging times to exploit vulnerabilities in individuals and
organisations systems.

COVID-19 has also created a challenge in adhering to high security protocols

and monitoring and spotting unusual network behaviour. With many staff
working remotely, they are logging onto company systems on personal devices
which may lack the security software to protect against attacks. With many
employees not following their usual work patterns by working at all hours of the
day due to childcare commitments and other duties, monitoring systems are
struggling to spot unusual patterns of activity and flag for further analysis.

There is evidence that there is an increased risk of successful malware attacks

due to the combination of weaker security settings on home devices and a
higher likelihood of users clicking on COVID-19 themed emails given the higher
levels of anxiety.

The following list discusses some common scenarios we are seeing in the
current climate and the risks associated with them.
Exercise Instructions

For this exercise, review the following scenarios brought about by the COVID-19
pandemic, identify the type of attack at risk of being carried out and then write
a short sentence on how to prevent a threat actor gaining access to a system.

Scenario Identify the type of Mitigation strategies

attack the scenario is
at risk of
Many employees are working
from home and using their
home routers to access the
company network. However,
many employees do not
ensure that their routers are
secure and keep the default
router password from when it
was purchased.

Customers have seen a rise

in the number of emails
connected to COVID-19.
These emails seem to have
been legitimately sent by the
company offering financial
support due to hardship
caused by the pandemic.
Users are asked to click on a
link to validate their account
and identity.

Employees rely on remote

access systems in order to
work at home. There has
been reports on the dark web
that threat actors are
attempting to disrupt
business operations by
making these remote access
systems unavailable.
Scenario Identify the type of Mitigation strategies
attack the scenario is
at risk of
Employees are downloading
and using free applications to
facilitate their remote
working. However, many of
these applications have
security flaws that the
vendor has not yet patched.

A contractor has had their

contract terminated due to
the budgets being cut. The
disgruntled contractor has
not taken this well. He still
has access to a company
laptop and network and has
been asked to return it next
week.

Employees are given access

to applications they can use
whilst working remotely.
They receive their login
details with a default
password. However, many
users do not change the
default password so it is
easier to remember.