Scenario: You are the Director of IT Security at Maersk’s London, UK, IT headquarters, reporting to the CIO. You have just worked 10 days straight to manage Maersk’s recovery from the cyberattack. You have had an average of 3 hours of sleep per day, all at your desk, and your primary food source has been mostly cold pizza that you also ate at your desk, and which was brought in by various employees in your team. Your partner brought changes of clothing and a toothbrush to the office.
You finally have Maersk back online. The CIO personally thanked you for your dedication to leading Maersk’s recovery from the attack and informed you that you will receive a $50K bonus in your next paycheck as a token of thanks from the company for what you have done. She also asked you to write a short report describing what happened, what actions were taken to recover, and what you recommend the company should do to ensure this does not happen again. She intends to provide your report to the Maersk executive committee.
Your report should contain the following:
1) What Happened:
a. In 150 words or less, describe how a ransomware attack works, and its effect on the target servers/computers.
b. In 150 words or less, describe how NotPetya was different to a usual ransomware attack.
c. In 150 words or less, describe how and where the NotPetya ransomware infiltrated Maersk’s network; identify the software vulnerability and policy lapses that allowed this to happen.
2) Actions Taken To Recover:
a. In 150 words or less describe why the domain controller was critical to restore the Maersk network.
b. In 150 words or less, describe how the domain controller directory was recovered. CSE 50 Fall 2020 CASE STUDY ASSIGNMENT
c. In two or three sentences explain why most of Maersk’s IT system had to be replaced over the past 10 days to recover Maersk’s network. Then provide a table summarizing the hardware that was replaced, the quantity of each type of hardware and the cost of replacing that hardware. Assume that every 25 PCs require a switch and every 100 servers require a router. (This will require you to do some research to identify the cost of switches, routers, servers and PCs).
3) Recommendations to Prevent such Attacks in Future:
a. Identify the three most critical IT policy changes that you recommend should be implemented immediately throughout the Maersk organization. Provide a two or three sentence explanation of how these policy changes would have helped to prevent the NotPetya or other malware attacks, or at least would have enabled faster recovery.
b. Assume that Maersk is not using machine learning based intrusion detection systems (NG-SIEM or NG-XDR). In 150 words or less describe how deploying active machine learning intrusion detection systems across the Maersk network can prevent attacks such as NotPetya. (This will require you to do some research on machine learning based intrusion detection such as XDR and SIEM).
You finally have Maersk back online. The CIO personally thanked you for your dedication to leading Maersk’s recovery from the attack and informed you that you will receive a $50K bonus in your next paycheck as a token of thanks from the company for what you have done. She also asked you to write a short report describing what happened, what actions were taken to recover, and what you recommend the company should do to ensure this does not happen again. She intends to provide your report to the Maersk executive committee.
Your report should contain the following:
1) What Happened:
a. In 150 words or less, describe how a ransomware attack works, and its effect on the target servers/computers.
b. In 150 words or less, describe how NotPetya was different to a usual ransomware attack.
c. In 150 words or less, describe how and where the NotPetya ransomware infiltrated Maersk’s network; identify the software vulnerability and policy lapses that allowed this to happen.
2) Actions Taken To Recover:
a. In 150 words or less describe why the domain controller was critical to restore the Maersk network.
b. In 150 words or less, describe how the domain controller directory was recovered. CSE 50 Fall 2020 CASE STUDY ASSIGNMENT
c. In two or three sentences explain why most of Maersk’s IT system had to be replaced over the past 10 days to recover Maersk’s network. Then provide a table summarizing the hardware that was replaced, the quantity of each type of hardware and the cost of replacing that hardware. Assume that every 25 PCs require a switch and every 100 servers require a router. (This will require you to do some research to identify the cost of switches, routers, servers and PCs).
3) Recommendations to Prevent such Attacks in Future:
a. Identify the three most critical IT policy changes that you recommend should be implemented immediately throughout the Maersk organization. Provide a two or three sentence explanation of how these policy changes would have helped to prevent the NotPetya or other malware attacks, or at least would have enabled faster recovery.
b. Assume that Maersk is not using machine learning based intrusion detection systems (NG-SIEM or NG-XDR). In 150 words or less describe how deploying active machine learning intrusion detection systems across the Maersk network can prevent attacks such as NotPetya. (This will require you to do some research on machine learning based intrusion detection such as XDR and SIEM).
-
CaseStudy4-Maersk.pdf
-
77d35ad0-788e-4f61-bee9-c6476923c865.pdf