Cyber Security Tutor/Expert, Please Work On This For Me

What is an Incident report? During an incident, the incident responder makes a lot of notes and records the actions that he/she has taken. Evidence is gathered from computer systems and kept in a forensically sound manner. The notes, observations, and evidence collected during the incident are used to conduct a root cause analysis. Information security professionals perform root cause analysis to patch up vulnerabilities and harden systems further. Finally, the team performs its own afteraction review, which lays out and critiques the chain of events so that the team may improve its procedures, tools, and approaches, as well as make any necessary changes to the incident response plan. What is documented? - Who: This is the simplest detail to recall. To put it another way, who was involved in the process? John Peter, for example, was one of the people engaged. - When: Keep track of when the imaging started and when it finished. The imaging procedure, for example, began at 19:26 UTC on August 16, 2021, and concluded at 20:45 UTC on the same day. Because timing is so important, make sure you use a standard time zone and specify it in the report. - Where: A specific place, such as an office, should be specified. - What: The action taken, such as collecting memory or firewall logs, or imaging a hard disc. - Why: Having an explanation for the action aids in comprehending why the activity was carried out. - How: It is necessary to give a description of how an activity is carried out. Additionally, playbooks or standard operating procedures should be provided if an incident response team uses them as part of their strategy. Any deviation from the regular operating procedures should be documented in the same way. Executive Summary The executive summary is a 1-2-page report intended for senior management that outlines the incident's high-level bullet points. A brief summary of the occurrences, if possible, a root cause, and remedial advice are frequently adequate for this list. Incident Report This is a thorough report that is seen by a number of people within the company. This report contains the findings of the inquiry, a complete root cause analysis, and extensive suggestions for avoiding a recurrence of the incident. Forensic Report The forensics report is the most thorough report produced. When a forensic investigation of log files, recorded memory, or disc images is performed, this report is created. Because these reports are frequently examined by other forensic specialists, they can be rather technical. Because outputs from tools and parts of evidence, such as log files, are frequently included, these reports might be extensive. Project Overview You are working as an Incident Responder with the security team at Maersk. On 27th June, 2017, the security team detected the NotPetya ransomware attack across the assets of the Organization. You were the Incident Responder who initiated the response against the breach. Post completion of the response and investigation, on 8th July 2017 , the CISO at Maersk has asked you to provide an Incident Report on the breach. You can use the following sources to learn more about the attack and explore other sources on the internet to get more details as required for the Incident Report. 1. https://charliepownall.com/maersk-notpetya-cyberattack-timeline/ 2. https://portswigger.net/daily-swig/when-the-screens-went-black-how-notpetya-taughtmaersk-to-rely-on-resilience-not-luck-to-mitigate-future-cyber-attacks 3. https://www.slideshare.net/cpownall/maersk-notpetya-crisis-response-case-study 4. https://www.eccouncil.org/wp-content/uploads/2021/04/NotPetyaUPDATED.pdf 5. https://investor-maersk.comews-releasesews-release-details/cyber-attack-update 6. https://www.industrialcybersecuritypulse.com/threats-vulnerabilities/throwback-attackhow-notpetya-accidentally-took-down-global-shipping-giant-maersk/ 7. https://www.kordia.co.nzews-and-views/the-maersk-cyberattack\#: :text=More\%20than\%20200\%2C000\%20computers\%20across, where\%20patc hes\%20weren't\%20installed. Project Grading The project requires you to perform a research using the internet and gain insight on: - Type of incident - Incident Timeline (specifically for Maersk) - Incident Impact (specifically for Maersk) Once you have these details, use the incident report template (provided below) to submit the Incident report. The project comprises of a total of 40 points. Project Submission: On the basis of your research, provide the following Information. Please select the checkboxes as applicable. Please keep in mind that you are writing the incident report on 8th July 2017. Cyber Incident Report- > Name of the Incident Responder: Date: Incident Type Check all that apply. (5 Points) \begin{tabular}{|l|l|} \hline Compromised System & Lost Equipment/Theft \\ Compromised User Credentials (e.g., lost & Physical Break-in \\ password) & Social Engineering (e.g. Phishing) \\ Network Attack (e.g. DDoS) & Law enforcement request \\ Malware (e.g. Trojan, worm, ransomware) & Policy Violation \\ Reconnaissance (e.g. scanning, sniffing) & Unknown/Other \\ \hline Additional information: (Mention the nature of the attack, enumerating the exploitation method \\ in brief) \end{tabular} Proprietary content. (8) Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited. greatiearning Incident Scope Please provide as much detail as possible. (8 Points) \begin{tabular}{|l|l|} \hline 1. Estimated quantity of systems affected & \\ \hline 2. Estimated number of locations affected & \\ \hline 3. Third parties involved (vendors, contractors, partners) \\ \hline 4. Attack source (e.g. IP addresses, port) & \\ \hline Additional scoping information: \\ \hline \end{tabular} Systems affected by the incident Please provide as much detail as possible. (8 Points) 1. Type of system affected (e.g. PC, Laptop, server, mobile endpoints) 2. Operating System of the affected System (e.g. Android, Windows, MacOS) 3. Vulnerability exploited Additional information (Provide details of the way in which the vulnerability was exploited) Incident Handling Log Please provide as much detail as possible. (6 Points) \begin{tabular}{|l|l|} \hline 1. Status of Incident Recovery & \\ \hline 2. Action taken/planned for remediation & \\ \hline Additional remediation details for the future: \\ \hline \end{tabular}