SlideShare a Scribd company logo

Cyber Security

CMR WORLD TECH
CMR WORLD TECH

Cyber Security for everyone

Engineering
1 of 15
Download to read offline
Cybersecurity for Everyone Course FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
OilRig Attack Case Studies: The Hacking Process Tactics on Their Targets. The Primary, Secondary, and Second Order Effects •  Attack 1: An attack on an oil rig utilizing Al Squared software. •  Attack 2: An Oilrig assault masquerading as Oxford University •  Attack 3-Attack on Al Elm and Samba Financial Group by OilRig •  Attack 4-Attack on Job Seekers by Oil Rigs •  Attack 5-Attack on Israeli IT providers by Oil Rigs FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
Hackers arenot all the same; they rangein skill, resources, and capability and often go by differentnames. How would you classify this threat actor? Do they go by any aliases? Whereare they from? How would you ratethe skill level and resources availableto this threat actor? OilRig has been classed as an Advanced PersistentThreatdue to the multiple attacks it has undertaken, each of which has varied in efficacy (APT). TheIranian governmentis behind OilRig. Cobalt Gypsy is oneof their other identities, while others include IRN2, Helix Kitten, Twisted Kitten, and APT34. According to a Forbes article from the IsraeliITbusiness ClearSky, OilRig's roots may betraced back to Iran, and the Counter Threat Unit of the cyber intelligence company SecureWorks is positivethat the group is tied to the Iranian government. They'vehad success in the Middle East while doing the majority of their business elsewhere. OilRig targets businesses outsideof Iran, whereas thevastmajority of Iranian threatactors targetgovernmentinstitutions and opposition figures. OilRig is confident in its ability to carry out any activity that is expected to benefit Iran becauseit works with or for the (Islamic Republic of) Iran. Similarly to the Mabna Instituteincident, the Islamic Revolutionary Guard Corps enlisted an Iranian institution(Mabna Institute) to carry out a massivespear phishing campaign, resulting in the loss of 31.5 gigabytes of academic data and 3.4 billion dollars in intellectual property (IP). FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
Hackers are motivated to act for specific reasons. What are the motivations of your threat actor? What is the specific geo-political context they are operating in and what insight does that give you for why they are operating in this manner? OilRig espionage, according to the Council on Foreign Relations, targets private-sector and government organizations. According to Merriam- Webster, espionage is the action of spying or utilizing spies to obtain information about a foreign government's or a competing enterprise's goals and operations. The Cambridge Economic English Dictionary defines it as "the act of secretly obtaining and reporting information, particularly covert political, military, business, or industrial intelligence." According to the Middle East Institute (MEl), "many countries stopped doing business with Iran as a result of the Iranian Revolution of 1979, and so stealing academic and corporate information from around the world allows it to renew infrastructure and build technologies that it simply cannot purchase abroad, ranging from weaponry to airplane parachute. '' Because Iran is subject to economic sanctions, they rely on what many refer to as "soft war" (less regulated and low-level combat for lengthy periods of time) in cyberspace with public and commercial sectors of adversary nations as their objective. MEl also anticipated that Iran-linked organisations will focus on two cyber activities in the medium and long term: international election meddling and widespread intellectual property theft (IP). FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
Attack 1-Al Squared software is used in an oil rig attack •  Al Squared, a tiny, mission-driven tech business based in Vermont, developed software to aid visually impaired internet users. According to Forbes, security firm Symantec told Al Squared that certifications for technology used to authenticate its authenticity had been compromised, implying that a threat actor (OilRig) obtained Al Squared's signing key and certificates and used them to hide their own malware. •  The plan was to use the visually impaired software as a surveillance tool while seeming genuine to security systems in the Middle East, Europe, and the United States. When the digital certificate required to certify newer ZoomText and Window-Eyes software products was compromised, their certification was cancelled, according to a notice on the Al Squared website in 2017. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
Attack 1 •  Reconnaissance: The Al Squared tech business, according to OilRig, has software that will allow the gang to quickly locate its victims in the Middle East, Europe, and the United States, where they have a large number of targets. •  Weaponization: Oilrig is said to have gotten Al Square's signing key and certificate and is using it to construct their own malware. The majority of individuals have considered adopting Al Square's (previously hacked) software to assist the visually handicapped in accessing the internet. •  Installation and Exploitation: To guarantee that the program works properly, users must install and test it on their PCs. •  Command and Control: By installing the program (malware) unknowingly, victims give the OilRig gang with information that may be exploited to gain access to bigger networks. •  OilRig has infected blind software with malware for espionage purposes. The fundamental result is that the end host gets exploited. •  As a result, the following income, reputation, and macroeconomic effects have occurred: Sales would be lower than predicted since Oilrig's spying spyware tainted the application. Customers would then utilize reputation to locate new software that provides the same sort of service. Macroeconomics: If the program becomes polluted, the personnel working on it may change. •  Second Order Information/Perception Effect: Anyone with access to the programmer could get the impression that the business is just a cover for spying. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
Attack 2 - Attack by OilRig posing as Oxford University •  In November 2016, the OilRig group registered two phoney Oxford University pages, according to ClearSky. The first is a website for registering for conferences, while the second claims to offer employment within the company. •  On both pages, there was a download button that visitors could use. The fictional event's registration form is in one file, and an Oxford University CV builder is in the other. After clicking, victims unknowingly give data to Helminth, the malware that OilRig uses to hijack the PC and steal data, without even realising it. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
Attack 2 •  Reconnaissance - OilRig created bogus Oxford University websites to attack multiple targets at once. •  Weaponization - Two fictitious Oxford University websites were made by OilRig, one of which appeared to be a job board and the other to be a place to sign up for conferences. •  Delivery - People who are interested in working for Oxford or attending a conference that Oxford is hosting are sure to adhere to the fictitious page requirements. •  Installation and Exploitation - The victims, once on the fake website/s are encouraged to fill-up what seem to be a normal registration form and download files that are infected by OilRig's surveillance malware. •  Control & Command - OilRig now has access to the computers with Helminth malware infections and has gathered the basic information of their victims because people registered and downloaded files from the bogus websites. •  Initial Impact - Utilization of the End Host: OilRig considered gathering personal data through the fictitious Oxford website they developed. •  Secondary Impact on Credibility: Oxford University's reputation will undoubtedly suffer as a result of the fake website's use of their name and other identifiers. •  Second-order effects on perception and information: Everyone who provided personal information and registered on the fictitious Oxford websites would now choose different universities to be affiliated with, which is a regrettable development. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
Attack 3 - Attack by the OilRig on Samba Financial Group and Al Elm •  According to a 2017 Forbes article, the group started conducting phishing attacks in May 2016 from servers owned by Saudi Arabian contractor and IT security Al-Elm. The email was inserted into a discussion between Saudi Arabian lender Samba Financial Group and Al-Elm. The email had an Excel attachment called "notes.xls," which when opened by the recipient would launch a Helminth surveillance kit from OilRig. •  In the case of Al-Elm, analysis of the phishing emails' headers revealed that they originated from within the sender's company and that "the threat actor previously compromised those organisations," according to SecureWorks intelligence analyst Allison Wikoff. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
Attack 3 •  Reconnaissance - Here, the Samba Financial Group is highlighted, which reported a profit of $290 million for the most recent quarter of the previous year. •  Weaponization -The OilRig group decided to use Al-"previously Elm's compromised" network to communicate with Samba Financial Group. •  Delivery - Al-Elm and Samba Financial Group exchanged emails, and one of them contained the OilRig's • Helminth spying programme. •  Installation and Exploitation: After the email has been sent, anyone who opens the "notes.xls" excel attachment will have the Helminth surveillance kit installed on their computer. •  Control & Command - After opening the email, everything might appear to be in order, but OilRig has installed the surveillance kit, giving them access to that computer and perhaps the company's network. •  Initial Impact - Use of the End Host: OilRig sent emails containing Helminth surveillance kits to Al-Elm Security and Samba Financial Group through phishing attacks. •  Secondary effects on reputational damage and remediation Remediation: Depending on how badly it was affected, the infected devices from both ends would now be scanned, cleaned, and possibly replaced. Reputation: Threat actors should be prevented from interfering with IT security companies' client relationships, which will have an impact on those companies' reputations. •  Second-order effects on perception and information: Due to the phishing emails sent, both businesses will now proceed with great caution when creating new business alliances. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
Attack 4 - Attack by oil rig on job seekers •  The cyber intelligence firm SecureWorks, which refers to the OilRig crew as Cobalt Gypsy, asserts in the same report from the earlier incident that the group has been sending emails containing malware from legitimate email addresses belonging to two Egyptian and one of the biggest IT service providers in Saudi Arabia, the National Technology Group, and the National Technology Group. •  These email addresses were used to send emails to an unnamed Middle Eastern organization with links to job offers. The attachments contained PupyRAT, an open-source remote access trojan (RAT) that works on Android, Linux, and Windows platforms. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
Attack 4 •  Reconnaissance - The OilRig intended to attack an unnamed entity, but they decided to go after the Middle East instead. •  Weaponization - OilRig Group decided to send a malicious email using National Technology Group, a Saudi Arabian IT supplier, and ITWorx, an Egyptian IT service provider. •  Delivery - OilRig sent their victims alluring job offers via email accounts owned by IT firms. •  Installation and Exploitation - When recipients clicked on the email's link attachment, an opensource remote access trojan was waiting for them. •  Control & Command - After the link has been clicked, the malware will start to gather login information from the user and the computer. •  Initial Impact - Use of the End Host: OilRig sent emails to a range of targets that were infected with an open-source remote access trojan and contained links to job offers from reputable IT companies. •  Reputational consequences as a byproduct: - Candidates should think twice before accepting a position with an IT company, even though the job offers might be legitimate now that they can track the PupyRAT's origin and link it to their own devices. •  Effect of second order on information and perception: The companies run the risk of developing a negative reputation for monitoring both past and present customers. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
•Attack 5 • Reconnaissance - The OilRig believes that because Israel is their intended target, attacking IT vendors will assist them in breaking into crucial networks. • Weaponization -It's a given that OilRig already has access to hacked user accounts from different Israeli IT • vendors. •  Delivery - In an email to the vendors, the group poses as a real customer and requests assistance. •  Installation and Exploitation - The victim is then prompted to download a Juniper VPN in order to continue when they attempt to access the user's account using the provided credentials. They include their trustworthy Juniper VPN along with the spying malware Helminth. •  Control & Command - OilRig would then have access to the device and many other client/customer emails that utilise their services after a successful installation. •  Initial Impact - Utilization of the End Host: OilRig disguised themselves as customers who needed help because they were interested in breaking into Israeli networks. •  Secondary Impact on Cleanup: Remediation - Some employees of the company may have carried out the threat actor's instructions because it is their responsibility to maintain customer satisfaction. As a result, businesses may need to inspect, maintain, or upgrade their equipment. •  Effect of second order on information and perception: People who use the VPN may be concerned that their devices have the surveillance malware Helminth because it is connected to a legitimate Juniper VPN. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
Not all hackers represent a strategic problem for policy makers. How would you characterize your threat actor, are they chiefly a private problem for businesses or a public concern for policy makers? How should policy makers respond? • The range of OilRig's targets makes them an Advanced Persistent Threat (APT). Their primary activity is espionage; instead of erasing or altering anything they gain access to, they simply sit back and relax while their Helminth malware completes its work. They have used compromised email to obtain stolen information for the majority of their espionage operations. Targeting private industries is something OilRig is interested in doing, and they use mostly subtle methods like phishing. They pose a clear threat to businesses, but because these organisations have connections with both private and public institutions, one email could give them access to apowerful corporation or government office, making them both a private issue and a public one. They pose a clear threat to businesses, but because these organisations are connected to both private and public institutions, one email could give them access to a powerful corporation or government office, making them a problem for both individuals and the general public. The best course of action would be to impose more economic sanctions since OilRig has been identified as an Iranian threat actor. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
•Not all hackers represent a strategic problem for policy makers. How would you characterize your threat actor, are they chiefly a private problem for businesses or a •public concern for policy makers? How should policy makers respond? • The amount of pressure that one nation could exert on Iran to make good on any harm caused by cyber espionage was limited. It is feasible, but it could take a very long time, and once any secrets are compromised, they cannot be replaced. If Iran agrees or if other nations share their concerns, policymakers could work together to craft treaties that would penalise and deter threat actors from coming from Iran. There should be clear punishments for any cyber-related activities, such as espionage, coming from any group that could be traced back to or is supported by Iran, rather than financial incentives, if a group of nations wants to rewrite the Iran Nuclear Deal in the •future. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO

Recommended

Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptxFinal Project for the Cybersecurity for Everyone Course- Oilrig.pptx
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptxAbdulhafizAhmed3
 
Final Assignment.pptx
Final Assignment.pptxFinal Assignment.pptx
Final Assignment.pptxHariNathaReddy14
 
Cybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfCybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfHamzaAfzal61
 
ppt_deck_cybersecurity_for_Everyone.pptx
ppt_deck_cybersecurity_for_Everyone.pptxppt_deck_cybersecurity_for_Everyone.pptx
ppt_deck_cybersecurity_for_Everyone.pptxjmiham
 
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptx
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptxUNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptx
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptxchrisdeming24
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
ECOWAS Cybersecurity Strategy Workshop
ECOWAS Cybersecurity Strategy WorkshopECOWAS Cybersecurity Strategy Workshop
ECOWAS Cybersecurity Strategy WorkshopAbdul-Hakeem Ajijola
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 

Recommended

Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptxFinal Project for the Cybersecurity for Everyone Course- Oilrig.pptx
Final Project for the Cybersecurity for Everyone Course- Oilrig.pptxAbdulhafizAhmed3
 
Final Assignment.pptx
Final Assignment.pptxFinal Assignment.pptx
Final Assignment.pptxHariNathaReddy14
 
Cybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfCybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfHamzaAfzal61
 
ppt_deck_cybersecurity_for_Everyone.pptx
ppt_deck_cybersecurity_for_Everyone.pptxppt_deck_cybersecurity_for_Everyone.pptx
ppt_deck_cybersecurity_for_Everyone.pptxjmiham
 
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptx
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptxUNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptx
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptxchrisdeming24
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
ECOWAS Cybersecurity Strategy Workshop
ECOWAS Cybersecurity Strategy WorkshopECOWAS Cybersecurity Strategy Workshop
ECOWAS Cybersecurity Strategy WorkshopAbdul-Hakeem Ajijola
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial CrimesRaj Goel
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling finalMARIUS EUGEN OPRAN
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareIBM Security
 
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...eraser Juan José Calderón
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityIRJET Journal
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
MID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_EN
MID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_ENMID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_EN
MID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_ENVladyslav Radetsky
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
File000154
File000154File000154
File000154Desmond Devendran
 
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...Editor IJMTER
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsOPSWAT
 
Cyber espionage
Cyber espionageCyber espionage
Cyber espionageharshitakhandelwal26
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza Belayneh
 
File000095
File000095File000095
File000095Desmond Devendran
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 
Computer security incidents
Computer security incidentsComputer security incidents
Computer security incidentsassanesignate
 
Cyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCMR WORLD TECH
 
CPQ Básico
CPQ BásicoCPQ Básico
CPQ BásicoCMR WORLD TECH
 

More Related Content

Similar to Cyber Security

2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial CrimesRaj Goel
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling finalMARIUS EUGEN OPRAN
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareIBM Security
 
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...eraser Juan José Calderón
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityIRJET Journal
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
MID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_EN
MID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_ENMID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_EN
MID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_ENVladyslav Radetsky
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...Editor IJMTER
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsOPSWAT
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza Belayneh
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 
Computer security incidents
Computer security incidentsComputer security incidents
Computer security incidentsassanesignate
 

Similar to Cyber Security (20)

2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated Ransomware
 
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
NUS-ISS Learning Day 2017 - Managing Cybersecurity Risk in the Digital Era fo...
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDC
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software development
 
MID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_EN
MID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_ENMID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_EN
MID_Modern_Threats_Landscape_GTI_Alex_de_Graaf_EN
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
File000154
File000154File000154
File000154
 
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
 
Cyber espionage
Cyber espionageCyber espionage
Cyber espionage
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_brief
 
File000095
File000095File000095
File000095
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
 
Computer security incidents
Computer security incidentsComputer security incidents
Computer security incidents
 

More from CMR WORLD TECH

Cyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCMR WORLD TECH
 
Cpq basics bycesaribeiro
Cpq basics bycesaribeiroCpq basics bycesaribeiro
Cpq basics bycesaribeiroCMR WORLD TECH
 
Questoes processautomation
Questoes processautomationQuestoes processautomation
Questoes processautomationCMR WORLD TECH
 
Aws migration-whitepaper-en
Aws migration-whitepaper-enAws migration-whitepaper-en
Aws migration-whitepaper-enCMR WORLD TECH
 
Delivery readness for pick season and higth volume
Delivery readness for pick season and higth volumeDelivery readness for pick season and higth volume
Delivery readness for pick season and higth volumeCMR WORLD TECH
 
Why digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagementWhy digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagementCMR WORLD TECH
 
Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure CMR WORLD TECH
 
Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance CMR WORLD TECH
 
Hyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusHyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusCMR WORLD TECH
 
Apexand visualforcearchitecture
Apexand visualforcearchitectureApexand visualforcearchitecture
Apexand visualforcearchitectureCMR WORLD TECH
 
Trailblazers guide-to-apps
Trailblazers guide-to-appsTrailblazers guide-to-apps
Trailblazers guide-to-appsCMR WORLD TECH
 
Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1CMR WORLD TECH
 
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_CMR WORLD TECH
 
Salesforce voice-and-tone
Salesforce voice-and-toneSalesforce voice-and-tone
Salesforce voice-and-toneCMR WORLD TECH
 
Success cloud-overview
Success cloud-overviewSuccess cloud-overview
Success cloud-overviewCMR WORLD TECH
 

More from CMR WORLD TECH (20)

Cyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project Presentation
 
CPQ Básico
CPQ BásicoCPQ Básico
CPQ Básico
 
Cpq basics bycesaribeiro
Cpq basics bycesaribeiroCpq basics bycesaribeiro
Cpq basics bycesaribeiro
 
Apexbasic
ApexbasicApexbasic
Apexbasic
 
Questoes processautomation
Questoes processautomationQuestoes processautomation
Questoes processautomation
 
Process automationppt
Process automationpptProcess automationppt
Process automationppt
 
Transcript mva.cesar
Transcript mva.cesarTranscript mva.cesar
Transcript mva.cesar
 
Aws migration-whitepaper-en
Aws migration-whitepaper-enAws migration-whitepaper-en
Aws migration-whitepaper-en
 
Delivery readness for pick season and higth volume
Delivery readness for pick season and higth volumeDelivery readness for pick season and higth volume
Delivery readness for pick season and higth volume
 
Why digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagementWhy digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagement
 
Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure
 
Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance
 
Hyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusHyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensus
 
Master lob-e-book
Master lob-e-bookMaster lob-e-book
Master lob-e-book
 
Apexand visualforcearchitecture
Apexand visualforcearchitectureApexand visualforcearchitecture
Apexand visualforcearchitecture
 
Trailblazers guide-to-apps
Trailblazers guide-to-appsTrailblazers guide-to-apps
Trailblazers guide-to-apps
 
Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1
 
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
 
Salesforce voice-and-tone
Salesforce voice-and-toneSalesforce voice-and-tone
Salesforce voice-and-tone
 
Success cloud-overview
Success cloud-overviewSuccess cloud-overview
Success cloud-overview
 

Recently uploaded

CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and usesDevarapalliHaritha
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 

Recently uploaded (20)

CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and uses
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 

Cyber Security

  • 1. Cybersecurity for Everyone Course FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 2. OilRig Attack Case Studies: The Hacking Process Tactics on Their Targets. The Primary, Secondary, and Second Order Effects •  Attack 1: An attack on an oil rig utilizing Al Squared software. •  Attack 2: An Oilrig assault masquerading as Oxford University •  Attack 3-Attack on Al Elm and Samba Financial Group by OilRig •  Attack 4-Attack on Job Seekers by Oil Rigs •  Attack 5-Attack on Israeli IT providers by Oil Rigs FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 3. Hackers arenot all the same; they rangein skill, resources, and capability and often go by differentnames. How would you classify this threat actor? Do they go by any aliases? Whereare they from? How would you ratethe skill level and resources availableto this threat actor? OilRig has been classed as an Advanced PersistentThreatdue to the multiple attacks it has undertaken, each of which has varied in efficacy (APT). TheIranian governmentis behind OilRig. Cobalt Gypsy is oneof their other identities, while others include IRN2, Helix Kitten, Twisted Kitten, and APT34. According to a Forbes article from the IsraeliITbusiness ClearSky, OilRig's roots may betraced back to Iran, and the Counter Threat Unit of the cyber intelligence company SecureWorks is positivethat the group is tied to the Iranian government. They'vehad success in the Middle East while doing the majority of their business elsewhere. OilRig targets businesses outsideof Iran, whereas thevastmajority of Iranian threatactors targetgovernmentinstitutions and opposition figures. OilRig is confident in its ability to carry out any activity that is expected to benefit Iran becauseit works with or for the (Islamic Republic of) Iran. Similarly to the Mabna Instituteincident, the Islamic Revolutionary Guard Corps enlisted an Iranian institution(Mabna Institute) to carry out a massivespear phishing campaign, resulting in the loss of 31.5 gigabytes of academic data and 3.4 billion dollars in intellectual property (IP). FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 4. Hackers are motivated to act for specific reasons. What are the motivations of your threat actor? What is the specific geo-political context they are operating in and what insight does that give you for why they are operating in this manner? OilRig espionage, according to the Council on Foreign Relations, targets private-sector and government organizations. According to Merriam- Webster, espionage is the action of spying or utilizing spies to obtain information about a foreign government's or a competing enterprise's goals and operations. The Cambridge Economic English Dictionary defines it as "the act of secretly obtaining and reporting information, particularly covert political, military, business, or industrial intelligence." According to the Middle East Institute (MEl), "many countries stopped doing business with Iran as a result of the Iranian Revolution of 1979, and so stealing academic and corporate information from around the world allows it to renew infrastructure and build technologies that it simply cannot purchase abroad, ranging from weaponry to airplane parachute. '' Because Iran is subject to economic sanctions, they rely on what many refer to as "soft war" (less regulated and low-level combat for lengthy periods of time) in cyberspace with public and commercial sectors of adversary nations as their objective. MEl also anticipated that Iran-linked organisations will focus on two cyber activities in the medium and long term: international election meddling and widespread intellectual property theft (IP). FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 5. Attack 1-Al Squared software is used in an oil rig attack •  Al Squared, a tiny, mission-driven tech business based in Vermont, developed software to aid visually impaired internet users. According to Forbes, security firm Symantec told Al Squared that certifications for technology used to authenticate its authenticity had been compromised, implying that a threat actor (OilRig) obtained Al Squared's signing key and certificates and used them to hide their own malware. •  The plan was to use the visually impaired software as a surveillance tool while seeming genuine to security systems in the Middle East, Europe, and the United States. When the digital certificate required to certify newer ZoomText and Window-Eyes software products was compromised, their certification was cancelled, according to a notice on the Al Squared website in 2017. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 6. Attack 1 •  Reconnaissance: The Al Squared tech business, according to OilRig, has software that will allow the gang to quickly locate its victims in the Middle East, Europe, and the United States, where they have a large number of targets. •  Weaponization: Oilrig is said to have gotten Al Square's signing key and certificate and is using it to construct their own malware. The majority of individuals have considered adopting Al Square's (previously hacked) software to assist the visually handicapped in accessing the internet. •  Installation and Exploitation: To guarantee that the program works properly, users must install and test it on their PCs. •  Command and Control: By installing the program (malware) unknowingly, victims give the OilRig gang with information that may be exploited to gain access to bigger networks. •  OilRig has infected blind software with malware for espionage purposes. The fundamental result is that the end host gets exploited. •  As a result, the following income, reputation, and macroeconomic effects have occurred: Sales would be lower than predicted since Oilrig's spying spyware tainted the application. Customers would then utilize reputation to locate new software that provides the same sort of service. Macroeconomics: If the program becomes polluted, the personnel working on it may change. •  Second Order Information/Perception Effect: Anyone with access to the programmer could get the impression that the business is just a cover for spying. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 7. Attack 2 - Attack by OilRig posing as Oxford University •  In November 2016, the OilRig group registered two phoney Oxford University pages, according to ClearSky. The first is a website for registering for conferences, while the second claims to offer employment within the company. •  On both pages, there was a download button that visitors could use. The fictional event's registration form is in one file, and an Oxford University CV builder is in the other. After clicking, victims unknowingly give data to Helminth, the malware that OilRig uses to hijack the PC and steal data, without even realising it. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 8. Attack 2 •  Reconnaissance - OilRig created bogus Oxford University websites to attack multiple targets at once. •  Weaponization - Two fictitious Oxford University websites were made by OilRig, one of which appeared to be a job board and the other to be a place to sign up for conferences. •  Delivery - People who are interested in working for Oxford or attending a conference that Oxford is hosting are sure to adhere to the fictitious page requirements. •  Installation and Exploitation - The victims, once on the fake website/s are encouraged to fill-up what seem to be a normal registration form and download files that are infected by OilRig's surveillance malware. •  Control & Command - OilRig now has access to the computers with Helminth malware infections and has gathered the basic information of their victims because people registered and downloaded files from the bogus websites. •  Initial Impact - Utilization of the End Host: OilRig considered gathering personal data through the fictitious Oxford website they developed. •  Secondary Impact on Credibility: Oxford University's reputation will undoubtedly suffer as a result of the fake website's use of their name and other identifiers. •  Second-order effects on perception and information: Everyone who provided personal information and registered on the fictitious Oxford websites would now choose different universities to be affiliated with, which is a regrettable development. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 9. Attack 3 - Attack by the OilRig on Samba Financial Group and Al Elm •  According to a 2017 Forbes article, the group started conducting phishing attacks in May 2016 from servers owned by Saudi Arabian contractor and IT security Al-Elm. The email was inserted into a discussion between Saudi Arabian lender Samba Financial Group and Al-Elm. The email had an Excel attachment called "notes.xls," which when opened by the recipient would launch a Helminth surveillance kit from OilRig. •  In the case of Al-Elm, analysis of the phishing emails' headers revealed that they originated from within the sender's company and that "the threat actor previously compromised those organisations," according to SecureWorks intelligence analyst Allison Wikoff. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 10. Attack 3 •  Reconnaissance - Here, the Samba Financial Group is highlighted, which reported a profit of $290 million for the most recent quarter of the previous year. •  Weaponization -The OilRig group decided to use Al-"previously Elm's compromised" network to communicate with Samba Financial Group. •  Delivery - Al-Elm and Samba Financial Group exchanged emails, and one of them contained the OilRig's • Helminth spying programme. •  Installation and Exploitation: After the email has been sent, anyone who opens the "notes.xls" excel attachment will have the Helminth surveillance kit installed on their computer. •  Control & Command - After opening the email, everything might appear to be in order, but OilRig has installed the surveillance kit, giving them access to that computer and perhaps the company's network. •  Initial Impact - Use of the End Host: OilRig sent emails containing Helminth surveillance kits to Al-Elm Security and Samba Financial Group through phishing attacks. •  Secondary effects on reputational damage and remediation Remediation: Depending on how badly it was affected, the infected devices from both ends would now be scanned, cleaned, and possibly replaced. Reputation: Threat actors should be prevented from interfering with IT security companies' client relationships, which will have an impact on those companies' reputations. •  Second-order effects on perception and information: Due to the phishing emails sent, both businesses will now proceed with great caution when creating new business alliances. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 11. Attack 4 - Attack by oil rig on job seekers •  The cyber intelligence firm SecureWorks, which refers to the OilRig crew as Cobalt Gypsy, asserts in the same report from the earlier incident that the group has been sending emails containing malware from legitimate email addresses belonging to two Egyptian and one of the biggest IT service providers in Saudi Arabia, the National Technology Group, and the National Technology Group. •  These email addresses were used to send emails to an unnamed Middle Eastern organization with links to job offers. The attachments contained PupyRAT, an open-source remote access trojan (RAT) that works on Android, Linux, and Windows platforms. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 12. Attack 4 •  Reconnaissance - The OilRig intended to attack an unnamed entity, but they decided to go after the Middle East instead. •  Weaponization - OilRig Group decided to send a malicious email using National Technology Group, a Saudi Arabian IT supplier, and ITWorx, an Egyptian IT service provider. •  Delivery - OilRig sent their victims alluring job offers via email accounts owned by IT firms. •  Installation and Exploitation - When recipients clicked on the email's link attachment, an opensource remote access trojan was waiting for them. •  Control & Command - After the link has been clicked, the malware will start to gather login information from the user and the computer. •  Initial Impact - Use of the End Host: OilRig sent emails to a range of targets that were infected with an open-source remote access trojan and contained links to job offers from reputable IT companies. •  Reputational consequences as a byproduct: - Candidates should think twice before accepting a position with an IT company, even though the job offers might be legitimate now that they can track the PupyRAT's origin and link it to their own devices. •  Effect of second order on information and perception: The companies run the risk of developing a negative reputation for monitoring both past and present customers. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 13. •Attack 5 • Reconnaissance - The OilRig believes that because Israel is their intended target, attacking IT vendors will assist them in breaking into crucial networks. • Weaponization -It's a given that OilRig already has access to hacked user accounts from different Israeli IT • vendors. •  Delivery - In an email to the vendors, the group poses as a real customer and requests assistance. •  Installation and Exploitation - The victim is then prompted to download a Juniper VPN in order to continue when they attempt to access the user's account using the provided credentials. They include their trustworthy Juniper VPN along with the spying malware Helminth. •  Control & Command - OilRig would then have access to the device and many other client/customer emails that utilise their services after a successful installation. •  Initial Impact - Utilization of the End Host: OilRig disguised themselves as customers who needed help because they were interested in breaking into Israeli networks. •  Secondary Impact on Cleanup: Remediation - Some employees of the company may have carried out the threat actor's instructions because it is their responsibility to maintain customer satisfaction. As a result, businesses may need to inspect, maintain, or upgrade their equipment. •  Effect of second order on information and perception: People who use the VPN may be concerned that their devices have the surveillance malware Helminth because it is connected to a legitimate Juniper VPN. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 14. Not all hackers represent a strategic problem for policy makers. How would you characterize your threat actor, are they chiefly a private problem for businesses or a public concern for policy makers? How should policy makers respond? • The range of OilRig's targets makes them an Advanced Persistent Threat (APT). Their primary activity is espionage; instead of erasing or altering anything they gain access to, they simply sit back and relax while their Helminth malware completes its work. They have used compromised email to obtain stolen information for the majority of their espionage operations. Targeting private industries is something OilRig is interested in doing, and they use mostly subtle methods like phishing. They pose a clear threat to businesses, but because these organisations have connections with both private and public institutions, one email could give them access to apowerful corporation or government office, making them both a private issue and a public one. They pose a clear threat to businesses, but because these organisations are connected to both private and public institutions, one email could give them access to a powerful corporation or government office, making them a problem for both individuals and the general public. The best course of action would be to impose more economic sanctions since OilRig has been identified as an Iranian threat actor. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO
  • 15. •Not all hackers represent a strategic problem for policy makers. How would you characterize your threat actor, are they chiefly a private problem for businesses or a •public concern for policy makers? How should policy makers respond? • The amount of pressure that one nation could exert on Iran to make good on any harm caused by cyber espionage was limited. It is feasible, but it could take a very long time, and once any secrets are compromised, they cannot be replaced. If Iran agrees or if other nations share their concerns, policymakers could work together to craft treaties that would penalise and deter threat actors from coming from Iran. There should be clear punishments for any cyber-related activities, such as espionage, coming from any group that could be traced back to or is supported by Iran, rather than financial incentives, if a group of nations wants to rewrite the Iran Nuclear Deal in the •future. FINAL PROJECT - OILRIG BY: CESAR MURILO RIBEIRO