SlideShare a Scribd company logo

Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx

Download as PPTX, PDF
A
AbdulhafizAhmed3

OilRig is an advanced persistent threat (APT) group backed by the Iranian government that engages in cyber espionage. It has targeted various private sector organizations across multiple industries and some government agencies. OilRig employs techniques like phishing and uses malware like Helminth to covertly obtain sensitive information from its victims. While posing a threat to businesses, OilRig also raises public policy concerns due to its ties to Iran and the potential for stolen data to be used for political or military advantage. Policymakers should consider imposing further economic sanctions on Iran and crafting international treaties to deter such espionage activities in the future.

Technology
1 of 17
Final Project for the Cybersecurity for Everyone Course: Oilrig By: Mustofa Abdulhafiz Ahmed
Hackers are not all the same; they range in skill, resources, and capability and often go by different names. How would you classify this threat actor? Do they go by any aliases? Where are they from? How would you rate the skill level and resources available to this threat actor? OilRig has been classed as an Advanced Persistent Threat due to the multiple attacks it has undertaken, each of which has varied in efficacy (APT). The Iranian government is behind OilRig. Cobalt Gypsy is one of their other identities, while others include IRN2, Helix Kitten, Twisted Kitten, and APT34. According to a Forbes article from the Israeli IT business ClearSky, OilRig's roots may be traced back to Iran, and the Counter Threat Unit of the cyber intelligence company SecureWorks is positive that the group is tied to the Iranian government. They've had success in the Middle East while doing the majority of their business elsewhere. OilRig targets businesses outside of Iran, whereas the vast majority of Iranian threat actors target government institutions and opposition figures. OilRig is confident in its ability to carry out any activity that is expected to benefit Iran because it works with or for the (Islamic Republic of) Iran. Similarly to the Mabna Institute incident, the Islamic Revolutionary Guard Corps enlisted an Iranian institution (Mabna Institute) to carry out a massive spear phishing campaign, resulting in the loss of 31.5 gigabytes of academic data and 3.4 billion dollars in intellectual property (IP).
Hackers are motivated to act for specific reasons. What are the motivations of your threat actor? What is the specific geo-political context they are operating in and what insight does that give you for why they are operating in this manner? OilRig espionage, according to the Council on Foreign Relations, targets private-sector and government organizations. According to Merriam-Webster, espionage is the action of spying or utilizing spies to obtain information about a foreign government's or a competing enterprise's goals and operations. The Cambridge Economic English Dictionary defines it as "the act of secretly obtaining and reporting information, particularly covert political, military, business, or industrial intelligence." According to the Middle East Institute (MEI), "many countries stopped doing business with Iran as a result of the Iranian Revolution of 1979, and so stealing academic and corporate information from around the world allows it to renew infrastructure and build technologies that it simply cannot purchase abroad, ranging from weaponry to airplane parachute."" Because Iran is subject to economic sanctions, they rely on what many refer to as "soft war" (less regulated and low-level combat for lengthy periods of time) in cyberspace with public and commercial sectors of adversary nations as their objective. MEI also anticipated that Iran-linked organisations will focus on two cyber activities in the medium and long term: international election meddling and widespread intellectual property theft (IP).
OilRig Attack Case Studies: The Hacking Process Tactics on Their Targets and the Primary, Secondary, and Second Order Effects • Attack 1: An attack on an oil rig utilizing AI Squared software. • Attack 2: An Oilrig assault masquerading as Oxford University • Attack 3-Attack on Al Elm and Samba Financial Group by OilRig • Attack 4-Attack on Job Seekers by Oil Rigs • Attack 5-Attack on Israeli IT providers by OilRig
Attack 1-AI Squared software is used in an oil rig attack • AI Squared, a tiny, mission-driven tech business based in Vermont, developed software to aid visually impaired internet users. According to Forbes, security firm Symantec told AI Squared that certifications for technology used to authenticate its authenticity had been compromised, implying that a threat actor (OilRig) obtained AI Squared's signing key and certificates and used them to hide their own malware. • The plan was to use the visually impaired software as a surveillance tool while seeming genuine to security systems in the Middle East, Europe, and the United States. When the digital certificate required to certify newer ZoomText and Window-Eyes software products was compromised, their certification was cancelled, according to a notice on the AI Squared website in 2017.
Attack 1 • Reconnaissance: The AI Squared tech business, according to OilRig, has software that will allow the gang to quickly locate its victims in the Middle East, Europe, and the United States, where they have a large number of targets. • Weaponization: Oilrig is said to have gotten AI Square's signing key and certificate and is using it to construct their own malware. The majority of individuals have considered adopting AI Square's (previously hacked) software to assist the visually handicapped in accessing the internet. • Installation and Exploitation: To guarantee that the program works properly, users must install and test it on their PCs. • Command and Control: By installing the program (malware) unknowingly, victims give the OilRig gang with information that may be exploited to gain access to bigger networks. • OilRig has infected blind software with malware for espionage purposes. The fundamental result is that the end host gets exploited. • As a result, the following income, reputation, and macroeconomic effects have occurred: Sales would be lower than predicted since Oilrig's spying spyware tainted the application. Customers would then utilize reputation to locate new software that provides the same sort of service. Macroeconomics: If the program becomes polluted, the personnel working on it may change. • Second Order Information/Perception Effect: Anyone with access to the programmer could get the impression that the business is just a cover for spying.
Attack 2 - Attack by OilRig posing as Oxford University • In November 2016, the OilRig group registered two phoney Oxford University pages, according to ClearSky. The first is a website for registering for conferences, while the second claims to offer employment within the company. • On both pages, there was a download button that visitors could use. The fictional event's registration form is in one file, and an Oxford University CV builder is in the other. After clicking, victims unknowingly give data to Helminth, the malware that OilRig uses to hijack the PC and steal data, without even realising it.
Attack 2 • Reconnaissance - OilRig created bogus Oxford University websites to attack multiple targets at once. • Weaponization - Two fictitious Oxford University websites were made by OilRig, one of which appeared to be a job board and the other to be a place to sign up for conferences. • Delivery - People who are interested in working for Oxford or attending a conference that Oxford is hosting are sure to adhere to the fictitious page requirements. • Installation and Exploitation - The victims, once on the fake website/s are encouraged to fill-up what seem to be a normal registration form and download files that are infected by OilRig’s surveillance malware. • Control & Command - OilRig now has access to the computers with Helminth malware infections and has gathered the basic information of their victims because people registered and downloaded files from the bogus websites. • Initial Impact - Utilization of the End Host: OilRig considered gathering personal data through the fictitious Oxford website they developed. • Secondary Impact on Credibility: Oxford University's reputation will undoubtedly suffer as a result of the fake website's use of their name and other identifiers. • Second-order effects on perception and information: Everyone who provided personal information and registered on the fictitious Oxford websites would now choose different universities to be affiliated with, which is a regrettable development.
Attack 3 - Attack by the OilRig on Samba Financial Group and Al Elm • According to a 2017 Forbes article, the group started conducting phishing attacks in May 2016 from servers owned by Saudi Arabian contractor and IT security Al-Elm. The email was inserted into a discussion between Saudi Arabian lender Samba Financial Group and Al-Elm. The email had an Excel attachment called "notes.xls," which when opened by the recipient would launch a Helminth surveillance kit from OilRig. • In the case of Al-Elm, analysis of the phishing emails' headers revealed that they originated from within the sender's company and that "the threat actor previously compromised those organisations," according to SecureWorks intelligence analyst Allison Wikoff.
Attack 3 • Reconnaissance - Here, the Samba Financial Group is highlighted, which reported a profit of $290 million for the most recent quarter of the previous year. • Weaponization -The OilRig group decided to use Al-"previously Elm's compromised" network to communicate with Samba Financial Group. • Delivery - Al-Elm and Samba Financial Group exchanged emails, and one of them contained the OilRig's Helminth spying programme. • Installation and Exploitation: After the email has been sent, anyone who opens the "notes.xls" excel attachment will have the Helminth surveillance kit installed on their computer. • Control & Command - After opening the email, everything might appear to be in order, but OilRig has installed the surveillance kit, giving them access to that computer and perhaps the company's network. • Initial Impact - Use of the End Host: OilRig sent emails containing Helminth surveillance kits to Al-Elm Security and Samba Financial Group through phishing attacks. • Secondary effects on reputational damage and remediation Remediation: Depending on how badly it was affected, the infected devices from both ends would now be scanned, cleaned, and possibly replaced. Reputation: Threat actors should be prevented from interfering with IT security companies' client relationships, which will have an impact on those companies' reputations. • Second-order effects on perception and information: Due to the phishing emails sent, both businesses will now proceed with great caution when creating new business alliances.
Attack 4 - Attack by oil rig on job seekers • The cyber intelligence firm SecureWorks, which refers to the OilRig crew as Cobalt Gypsy, asserts in the same report from the earlier incident that the group has been sending emails containing malware from legitimate email addresses belonging to two Egyptian and one of the biggest IT service providers in Saudi Arabia, the National Technology Group, and the National Technology Group. • These email addresses were used to send emails to an unnamed Middle Eastern organization with links to job offers. The attachments contained PupyRAT, an open-source remote access trojan (RAT) that works on Android, Linux, and Windows platforms.
Attack 4 • Reconnaissance - The OilRig intended to attack an unnamed entity, but they decided to go after the Middle East instead. • Weaponization - OilRig Group decided to send a malicious email using National Technology Group, a Saudi Arabian IT supplier, and ITWorx, an Egyptian IT service provider. • Delivery - OilRig sent their victims alluring job offers via email accounts owned by IT firms. • Installation and Exploitation – When recipients clicked on the email's link attachment, an opensource remote access trojan was waiting for them. • Control & Command - After the link has been clicked, the malware will start to gather login information from the user and the computer. • Initial Impact - Use of the End Host: OilRig sent emails to a range of targets that were infected with an open- source remote access trojan and contained links to job offers from reputable IT companies. • Reputational consequences as a byproduct: - Candidates should think twice before accepting a position with an IT company, even though the job offers might be legitimate now that they can track the PupyRAT's origin and link it to their own devices. • Effect of second order on information and perception: The companies run the risk of developing a negative reputation for monitoring both past and present customers.
Attack 5 - Attack by the OilRig on Israeli IT vendors • The research team at ClearSky claims that OilRig used a compromised account to send emails to a number of targeted Israeli IT vendors. • The victim is asked to install a genuine Juniper VPN programme after entering their login information, and this programme has been bundled with Helminth, malware that the group frequently employs for surveillance. • It is a simple email asking for assistance with details regarding the fictitious customer.
Attack 5 • Reconnaissance - The OilRig believes that because Israel is their intended target, attacking IT vendors will assist them in breaking into crucial networks. • Weaponization -It's a given that OilRig already has access to hacked user accounts from different Israeli IT vendors. • Delivery - In an email to the vendors, the group poses as a real customer and requests assistance. • Installation and Exploitation - The victim is then prompted to download a Juniper VPN in order to continue when they attempt to access the user's account using the provided credentials. They include their trustworthy Juniper VPN along with the spying malware Helminth. • Control & Command - OilRig would then have access to the device and many other client/customer emails that utilise their services after a successful installation. • Initial Impact - Utilization of the End Host: OilRig disguised themselves as customers who needed help because they were interested in breaking into Israeli networks. • Secondary Impact on Cleanup: Remediation - Some employees of the company may have carried out the threat actor's instructions because it is their responsibility to maintain customer satisfaction. As a result, businesses may need to inspect, maintain, or upgrade their equipment. • Effect of second order on information and perception: People who use the VPN may be concerned that their devices have the surveillance malware Helminth because it is connected to a legitimate Juniper VPN.
Not all hackers represent a strategic problem for policy makers. How would you characterize your threat actor, are they chiefly a private problem for businesses or a public concern for policy makers? How should policy makers respond? • The range of OilRig's targets makes them an Advanced Persistent Threat (APT). Their primary activity is espionage; instead of erasing or altering anything they gain access to, they simply sit back and relax while their Helminth malware completes its work. They have used compromised email to obtain stolen information for the majority of their espionage operations. Targeting private industries is something OilRig is interested in doing, and they use mostly subtle methods like phishing. They pose a clear threat to businesses, but because these organisations have connections with both private and public institutions, one email could give them access to a powerful corporation or government office, making them both a private issue and a public one. They pose a clear threat to businesses, but because these organisations are connected to both private and public institutions, one email could give them access to a powerful corporation or government office, making them a problem for both individuals and the general public. The best course of action would be to impose more economic sanctions since OilRig has been identified as an Iranian threat actor.
Not all hackers represent a strategic problem for policy makers. How would you characterize your threat actor, are they chiefly a private problem for businesses or a public concern for policy makers? How should policy makers respond? • The amount of pressure that one nation could exert on Iran to make good on any harm caused by cyber espionage was limited. It is feasible, but it could take a very long time, and once any secrets are compromised, they cannot be replaced. If Iran agrees or if other nations share their concerns, policymakers could work together to craft treaties that would penalise and deter threat actors from coming from Iran. There should be clear punishments for any cyber-related activities, such as espionage, coming from any group that could be traced back to or is supported by Iran, rather than financial incentives, if a group of nations wants to rewrite the Iran Nuclear Deal in the future.
Reference • https://www.forbes.com/sites/thomasbrewster/2017/02/15/oilrig-iran-hackers-cyberespionage-us-turkey- saudi-arabia/?sh=4c88925f468a • https://www.merriam-webster.com/dictionary/espionage • https://microsites-live-backend.cfr.org/interactive/cyber-operations/oilrig • https://www.cfr.org/backgrounder/what-iran-nuclear-deal • https://www.mei.edu/publications/irans-cyber-future • https://www.justice.gov/opa/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf- islamic-revolutionaryhttps://www.clearskysec.com/oilrig/ • https://attack.mitre.org/groups/G0049/ • https://dictionary.cambridge.org/us/dictionary/english/espionage

Recommended

Final Assignment.pptx
Final Assignment.pptxFinal Assignment.pptx
Final Assignment.pptx
HariNathaReddy14
 
Cybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfCybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdf
HamzaAfzal61
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
Fwem
 
Threat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptxThreat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptx
MALCOMNORONHA1
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Innocent Korie
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
Clare Nelson, CISSP, CIPP-E
 
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
Casey Ellis
 
Cybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdfCybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdf
Haris Chughtai
 

Recommended

Final Assignment.pptx
Final Assignment.pptxFinal Assignment.pptx
Final Assignment.pptx
HariNathaReddy14
 
Cybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfCybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdf
HamzaAfzal61
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
Fwem
 
Threat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptxThreat Actors - Vietnam (OceansLotus).pptx
Threat Actors - Vietnam (OceansLotus).pptx
MALCOMNORONHA1
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Innocent Korie
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
Clare Nelson, CISSP, CIPP-E
 
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
Casey Ellis
 
Cybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdfCybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdf
Haris Chughtai
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model Roadmap
David Sweigert
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
n|u - The Open Security Community
 
UW - IMT 552-JPMorgan Chase & Co. Risk Assessment
UW - IMT 552-JPMorgan Chase & Co. Risk AssessmentUW - IMT 552-JPMorgan Chase & Co. Risk Assessment
UW - IMT 552-JPMorgan Chase & Co. Risk AssessmentAkshay Ajgaonkar
 
Course Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino IjaCourse Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino Ija
Right Tech Centre
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
PhishingBox
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
RaviPrashant5
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Spear Phishing Attacks
Spear Phishing AttacksSpear Phishing Attacks
Spear Phishing Attacks
n|u - The Open Security Community
 
Networking Fundamental Course by Haris Chughtai
Networking Fundamental Course by Haris ChughtaiNetworking Fundamental Course by Haris Chughtai
Networking Fundamental Course by Haris Chughtai
Haris Chughtai
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
APNIC
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
Spyware
SpywareSpyware
SpywareIshita Bansal
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
SentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivSentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel Aviv
NOAH Advisors
 
OceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old TricksOceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old Tricks
ESET Middle East
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptx
NBBNOC
 
Cyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project Presentation
CMR WORLD TECH
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
CMR WORLD TECH
 

More Related Content

What's hot

Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model Roadmap
David Sweigert
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
n|u - The Open Security Community
 
UW - IMT 552-JPMorgan Chase & Co. Risk Assessment
UW - IMT 552-JPMorgan Chase & Co. Risk AssessmentUW - IMT 552-JPMorgan Chase & Co. Risk Assessment
UW - IMT 552-JPMorgan Chase & Co. Risk AssessmentAkshay Ajgaonkar
 
Course Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino IjaCourse Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino Ija
Right Tech Centre
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Ransomware
RansomwareRansomware
Ransomware
Akshita Pillai
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
PhishingBox
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
RaviPrashant5
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Spear Phishing Attacks
Spear Phishing AttacksSpear Phishing Attacks
Spear Phishing Attacks
n|u - The Open Security Community
 
Networking Fundamental Course by Haris Chughtai
Networking Fundamental Course by Haris ChughtaiNetworking Fundamental Course by Haris Chughtai
Networking Fundamental Course by Haris Chughtai
Haris Chughtai
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
APNIC
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
SentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivSentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel Aviv
NOAH Advisors
 
OceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old TricksOceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old Tricks
ESET Middle East
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptx
NBBNOC
 

What's hot (20)

Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model Roadmap
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
UW - IMT 552-JPMorgan Chase & Co. Risk Assessment
UW - IMT 552-JPMorgan Chase & Co. Risk AssessmentUW - IMT 552-JPMorgan Chase & Co. Risk Assessment
UW - IMT 552-JPMorgan Chase & Co. Risk Assessment
 
Course Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino IjaCourse Final Project on OceanLotus by Lino Lazarous Marino Ija
Course Final Project on OceanLotus by Lino Lazarous Marino Ija
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Ransomware
RansomwareRansomware
Ransomware
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Spear Phishing Attacks
Spear Phishing AttacksSpear Phishing Attacks
Spear Phishing Attacks
 
Networking Fundamental Course by Haris Chughtai
Networking Fundamental Course by Haris ChughtaiNetworking Fundamental Course by Haris Chughtai
Networking Fundamental Course by Haris Chughtai
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Spyware
SpywareSpyware
Spyware
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
SentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivSentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel Aviv
 
OceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old TricksOceanLotus Ships New Backdoor Using Old Tricks
OceanLotus Ships New Backdoor Using Old Tricks
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptx
 

Similar to Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx

Cyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project Presentation
CMR WORLD TECH
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
CMR WORLD TECH
 
ppt_deck_cybersecurity_for_Everyone.pptx
ppt_deck_cybersecurity_for_Everyone.pptxppt_deck_cybersecurity_for_Everyone.pptx
ppt_deck_cybersecurity_for_Everyone.pptx
jmiham
 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial CrimesRaj Goel
 
ALPHV site taken down [EN].pdf
ALPHV site taken down [EN].pdfALPHV site taken down [EN].pdf
ALPHV site taken down [EN].pdf
Overkill Security
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021
lior mazor
 
security_threats.pdf and control mechanisms
security_threats.pdf and control mechanismssecurity_threats.pdf and control mechanisms
security_threats.pdf and control mechanisms
ronoelias98
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summary
Symantec Italia
 
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptx
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptxUNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptx
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptx
chrisdeming24
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Black Duck by Synopsys
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
OPSWAT
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsInvincea, Inc.
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
MAXfocus
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
Vertex Holdings
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
360mnbsu
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
Jaime Manteiga
 

Similar to Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx (20)

Cyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project Presentation
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
ppt_deck_cybersecurity_for_Everyone.pptx
ppt_deck_cybersecurity_for_Everyone.pptxppt_deck_cybersecurity_for_Everyone.pptx
ppt_deck_cybersecurity_for_Everyone.pptx
 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes
 
ALPHV site taken down [EN].pdf
ALPHV site taken down [EN].pdfALPHV site taken down [EN].pdf
ALPHV site taken down [EN].pdf
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDC
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021
 
security_threats.pdf and control mechanisms
security_threats.pdf and control mechanismssecurity_threats.pdf and control mechanisms
security_threats.pdf and control mechanisms
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summary
 
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptx
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptxUNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptx
UNVEILING THE THREAT ACTOR FOR CYBERSECURITY ASSIGNMENT.pptx
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
 
File000154
File000154File000154
File000154
 
File000095
File000095File000095
File000095
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
 

Recently uploaded

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 

Recently uploaded (20)

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 

Final Project for the Cybersecurity for Everyone Course- Oilrig.pptx

  • 1. Final Project for the Cybersecurity for Everyone Course: Oilrig By: Mustofa Abdulhafiz Ahmed
  • 2. Hackers are not all the same; they range in skill, resources, and capability and often go by different names. How would you classify this threat actor? Do they go by any aliases? Where are they from? How would you rate the skill level and resources available to this threat actor? OilRig has been classed as an Advanced Persistent Threat due to the multiple attacks it has undertaken, each of which has varied in efficacy (APT). The Iranian government is behind OilRig. Cobalt Gypsy is one of their other identities, while others include IRN2, Helix Kitten, Twisted Kitten, and APT34. According to a Forbes article from the Israeli IT business ClearSky, OilRig's roots may be traced back to Iran, and the Counter Threat Unit of the cyber intelligence company SecureWorks is positive that the group is tied to the Iranian government. They've had success in the Middle East while doing the majority of their business elsewhere. OilRig targets businesses outside of Iran, whereas the vast majority of Iranian threat actors target government institutions and opposition figures. OilRig is confident in its ability to carry out any activity that is expected to benefit Iran because it works with or for the (Islamic Republic of) Iran. Similarly to the Mabna Institute incident, the Islamic Revolutionary Guard Corps enlisted an Iranian institution (Mabna Institute) to carry out a massive spear phishing campaign, resulting in the loss of 31.5 gigabytes of academic data and 3.4 billion dollars in intellectual property (IP).
  • 3. Hackers are motivated to act for specific reasons. What are the motivations of your threat actor? What is the specific geo-political context they are operating in and what insight does that give you for why they are operating in this manner? OilRig espionage, according to the Council on Foreign Relations, targets private-sector and government organizations. According to Merriam-Webster, espionage is the action of spying or utilizing spies to obtain information about a foreign government's or a competing enterprise's goals and operations. The Cambridge Economic English Dictionary defines it as "the act of secretly obtaining and reporting information, particularly covert political, military, business, or industrial intelligence." According to the Middle East Institute (MEI), "many countries stopped doing business with Iran as a result of the Iranian Revolution of 1979, and so stealing academic and corporate information from around the world allows it to renew infrastructure and build technologies that it simply cannot purchase abroad, ranging from weaponry to airplane parachute."" Because Iran is subject to economic sanctions, they rely on what many refer to as "soft war" (less regulated and low-level combat for lengthy periods of time) in cyberspace with public and commercial sectors of adversary nations as their objective. MEI also anticipated that Iran-linked organisations will focus on two cyber activities in the medium and long term: international election meddling and widespread intellectual property theft (IP).
  • 4. OilRig Attack Case Studies: The Hacking Process Tactics on Their Targets and the Primary, Secondary, and Second Order Effects • Attack 1: An attack on an oil rig utilizing AI Squared software. • Attack 2: An Oilrig assault masquerading as Oxford University • Attack 3-Attack on Al Elm and Samba Financial Group by OilRig • Attack 4-Attack on Job Seekers by Oil Rigs • Attack 5-Attack on Israeli IT providers by OilRig
  • 5. Attack 1-AI Squared software is used in an oil rig attack • AI Squared, a tiny, mission-driven tech business based in Vermont, developed software to aid visually impaired internet users. According to Forbes, security firm Symantec told AI Squared that certifications for technology used to authenticate its authenticity had been compromised, implying that a threat actor (OilRig) obtained AI Squared's signing key and certificates and used them to hide their own malware. • The plan was to use the visually impaired software as a surveillance tool while seeming genuine to security systems in the Middle East, Europe, and the United States. When the digital certificate required to certify newer ZoomText and Window-Eyes software products was compromised, their certification was cancelled, according to a notice on the AI Squared website in 2017.
  • 6. Attack 1 • Reconnaissance: The AI Squared tech business, according to OilRig, has software that will allow the gang to quickly locate its victims in the Middle East, Europe, and the United States, where they have a large number of targets. • Weaponization: Oilrig is said to have gotten AI Square's signing key and certificate and is using it to construct their own malware. The majority of individuals have considered adopting AI Square's (previously hacked) software to assist the visually handicapped in accessing the internet. • Installation and Exploitation: To guarantee that the program works properly, users must install and test it on their PCs. • Command and Control: By installing the program (malware) unknowingly, victims give the OilRig gang with information that may be exploited to gain access to bigger networks. • OilRig has infected blind software with malware for espionage purposes. The fundamental result is that the end host gets exploited. • As a result, the following income, reputation, and macroeconomic effects have occurred: Sales would be lower than predicted since Oilrig's spying spyware tainted the application. Customers would then utilize reputation to locate new software that provides the same sort of service. Macroeconomics: If the program becomes polluted, the personnel working on it may change. • Second Order Information/Perception Effect: Anyone with access to the programmer could get the impression that the business is just a cover for spying.
  • 7. Attack 2 - Attack by OilRig posing as Oxford University • In November 2016, the OilRig group registered two phoney Oxford University pages, according to ClearSky. The first is a website for registering for conferences, while the second claims to offer employment within the company. • On both pages, there was a download button that visitors could use. The fictional event's registration form is in one file, and an Oxford University CV builder is in the other. After clicking, victims unknowingly give data to Helminth, the malware that OilRig uses to hijack the PC and steal data, without even realising it.
  • 8. Attack 2 • Reconnaissance - OilRig created bogus Oxford University websites to attack multiple targets at once. • Weaponization - Two fictitious Oxford University websites were made by OilRig, one of which appeared to be a job board and the other to be a place to sign up for conferences. • Delivery - People who are interested in working for Oxford or attending a conference that Oxford is hosting are sure to adhere to the fictitious page requirements. • Installation and Exploitation - The victims, once on the fake website/s are encouraged to fill-up what seem to be a normal registration form and download files that are infected by OilRig’s surveillance malware. • Control & Command - OilRig now has access to the computers with Helminth malware infections and has gathered the basic information of their victims because people registered and downloaded files from the bogus websites. • Initial Impact - Utilization of the End Host: OilRig considered gathering personal data through the fictitious Oxford website they developed. • Secondary Impact on Credibility: Oxford University's reputation will undoubtedly suffer as a result of the fake website's use of their name and other identifiers. • Second-order effects on perception and information: Everyone who provided personal information and registered on the fictitious Oxford websites would now choose different universities to be affiliated with, which is a regrettable development.
  • 9. Attack 3 - Attack by the OilRig on Samba Financial Group and Al Elm • According to a 2017 Forbes article, the group started conducting phishing attacks in May 2016 from servers owned by Saudi Arabian contractor and IT security Al-Elm. The email was inserted into a discussion between Saudi Arabian lender Samba Financial Group and Al-Elm. The email had an Excel attachment called "notes.xls," which when opened by the recipient would launch a Helminth surveillance kit from OilRig. • In the case of Al-Elm, analysis of the phishing emails' headers revealed that they originated from within the sender's company and that "the threat actor previously compromised those organisations," according to SecureWorks intelligence analyst Allison Wikoff.
  • 10. Attack 3 • Reconnaissance - Here, the Samba Financial Group is highlighted, which reported a profit of $290 million for the most recent quarter of the previous year. • Weaponization -The OilRig group decided to use Al-"previously Elm's compromised" network to communicate with Samba Financial Group. • Delivery - Al-Elm and Samba Financial Group exchanged emails, and one of them contained the OilRig's Helminth spying programme. • Installation and Exploitation: After the email has been sent, anyone who opens the "notes.xls" excel attachment will have the Helminth surveillance kit installed on their computer. • Control & Command - After opening the email, everything might appear to be in order, but OilRig has installed the surveillance kit, giving them access to that computer and perhaps the company's network. • Initial Impact - Use of the End Host: OilRig sent emails containing Helminth surveillance kits to Al-Elm Security and Samba Financial Group through phishing attacks. • Secondary effects on reputational damage and remediation Remediation: Depending on how badly it was affected, the infected devices from both ends would now be scanned, cleaned, and possibly replaced. Reputation: Threat actors should be prevented from interfering with IT security companies' client relationships, which will have an impact on those companies' reputations. • Second-order effects on perception and information: Due to the phishing emails sent, both businesses will now proceed with great caution when creating new business alliances.
  • 11. Attack 4 - Attack by oil rig on job seekers • The cyber intelligence firm SecureWorks, which refers to the OilRig crew as Cobalt Gypsy, asserts in the same report from the earlier incident that the group has been sending emails containing malware from legitimate email addresses belonging to two Egyptian and one of the biggest IT service providers in Saudi Arabia, the National Technology Group, and the National Technology Group. • These email addresses were used to send emails to an unnamed Middle Eastern organization with links to job offers. The attachments contained PupyRAT, an open-source remote access trojan (RAT) that works on Android, Linux, and Windows platforms.
  • 12. Attack 4 • Reconnaissance - The OilRig intended to attack an unnamed entity, but they decided to go after the Middle East instead. • Weaponization - OilRig Group decided to send a malicious email using National Technology Group, a Saudi Arabian IT supplier, and ITWorx, an Egyptian IT service provider. • Delivery - OilRig sent their victims alluring job offers via email accounts owned by IT firms. • Installation and Exploitation – When recipients clicked on the email's link attachment, an opensource remote access trojan was waiting for them. • Control & Command - After the link has been clicked, the malware will start to gather login information from the user and the computer. • Initial Impact - Use of the End Host: OilRig sent emails to a range of targets that were infected with an open- source remote access trojan and contained links to job offers from reputable IT companies. • Reputational consequences as a byproduct: - Candidates should think twice before accepting a position with an IT company, even though the job offers might be legitimate now that they can track the PupyRAT's origin and link it to their own devices. • Effect of second order on information and perception: The companies run the risk of developing a negative reputation for monitoring both past and present customers.
  • 13. Attack 5 - Attack by the OilRig on Israeli IT vendors • The research team at ClearSky claims that OilRig used a compromised account to send emails to a number of targeted Israeli IT vendors. • The victim is asked to install a genuine Juniper VPN programme after entering their login information, and this programme has been bundled with Helminth, malware that the group frequently employs for surveillance. • It is a simple email asking for assistance with details regarding the fictitious customer.
  • 14. Attack 5 • Reconnaissance - The OilRig believes that because Israel is their intended target, attacking IT vendors will assist them in breaking into crucial networks. • Weaponization -It's a given that OilRig already has access to hacked user accounts from different Israeli IT vendors. • Delivery - In an email to the vendors, the group poses as a real customer and requests assistance. • Installation and Exploitation - The victim is then prompted to download a Juniper VPN in order to continue when they attempt to access the user's account using the provided credentials. They include their trustworthy Juniper VPN along with the spying malware Helminth. • Control & Command - OilRig would then have access to the device and many other client/customer emails that utilise their services after a successful installation. • Initial Impact - Utilization of the End Host: OilRig disguised themselves as customers who needed help because they were interested in breaking into Israeli networks. • Secondary Impact on Cleanup: Remediation - Some employees of the company may have carried out the threat actor's instructions because it is their responsibility to maintain customer satisfaction. As a result, businesses may need to inspect, maintain, or upgrade their equipment. • Effect of second order on information and perception: People who use the VPN may be concerned that their devices have the surveillance malware Helminth because it is connected to a legitimate Juniper VPN.
  • 15. Not all hackers represent a strategic problem for policy makers. How would you characterize your threat actor, are they chiefly a private problem for businesses or a public concern for policy makers? How should policy makers respond? • The range of OilRig's targets makes them an Advanced Persistent Threat (APT). Their primary activity is espionage; instead of erasing or altering anything they gain access to, they simply sit back and relax while their Helminth malware completes its work. They have used compromised email to obtain stolen information for the majority of their espionage operations. Targeting private industries is something OilRig is interested in doing, and they use mostly subtle methods like phishing. They pose a clear threat to businesses, but because these organisations have connections with both private and public institutions, one email could give them access to a powerful corporation or government office, making them both a private issue and a public one. They pose a clear threat to businesses, but because these organisations are connected to both private and public institutions, one email could give them access to a powerful corporation or government office, making them a problem for both individuals and the general public. The best course of action would be to impose more economic sanctions since OilRig has been identified as an Iranian threat actor.
  • 16. Not all hackers represent a strategic problem for policy makers. How would you characterize your threat actor, are they chiefly a private problem for businesses or a public concern for policy makers? How should policy makers respond? • The amount of pressure that one nation could exert on Iran to make good on any harm caused by cyber espionage was limited. It is feasible, but it could take a very long time, and once any secrets are compromised, they cannot be replaced. If Iran agrees or if other nations share their concerns, policymakers could work together to craft treaties that would penalise and deter threat actors from coming from Iran. There should be clear punishments for any cyber-related activities, such as espionage, coming from any group that could be traced back to or is supported by Iran, rather than financial incentives, if a group of nations wants to rewrite the Iran Nuclear Deal in the future.
  • 17. Reference • https://www.forbes.com/sites/thomasbrewster/2017/02/15/oilrig-iran-hackers-cyberespionage-us-turkey- saudi-arabia/?sh=4c88925f468a • https://www.merriam-webster.com/dictionary/espionage • https://microsites-live-backend.cfr.org/interactive/cyber-operations/oilrig • https://www.cfr.org/backgrounder/what-iran-nuclear-deal • https://www.mei.edu/publications/irans-cyber-future • https://www.justice.gov/opa/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf- islamic-revolutionaryhttps://www.clearskysec.com/oilrig/ • https://attack.mitre.org/groups/G0049/ • https://dictionary.cambridge.org/us/dictionary/english/espionage