2. The Lena Corporation design various Image Processing Units (IPUs) for portable devices, such as smartphones and tablets. The company remains competitive due to a number of valuable trade secrets related to the design of its IPUs. However, many of these trade secrets have now been leaked to the public in a suspected cyber-attack.
The management team are concerned that attackers have intruded into company systems that were perceived as secure from such threats. The management team have requested Simon, Stallman and Stroustrup to investigate and to determine the anatomy of the suspected cyber-attack as well as suggest appropriate defences.
a.
Simon, Stallman and Stroustrup have reviewed the log of security incidents, that have been reported in the past 12 months within the company. The pair have already determined several relevant incidents:
- § Two removable media drives (USB memory drives) with the label ‘HR department’ written on them have been discovered in the toilets in separate site offices. The USB memory drives contain various Microsoft Excel files.
- § 36 suspicious emails have been reported within the organisation, specifically in the administration office. Each email has been structured to appear from the immediate superior to the recipient, such as their line manager or team leader.
- § 14 suspicious attachments, specifically Microsoft Excel files, that appear relevant to the recipient’s role and benign, but contain a malicious payload. An example would be a financial analyst receiving a spreadsheet labelled ‘Annual Budget’.
- § Remote administration tools have been located on various employee systems, that were not present at the previous inspection.
- § Several employees report receiving suspicious friend requests and messages on social networking services from profiles masquerading as colleagues.
The trio agree that the identified incidents alone are not sufficient to gain insight into the anatomy of the cyber-attack. The trio propose using an approach to better understand the cyber-attack, but cannot agree on an optimal approach.
Simon proposes using Attack Trees, Stallman suggests the Cyber Kill Chain approach, while Stroustrup advocates for the STRIDE approach.
Appraise each of the proposed approaches from Simon, Stallman and Stroustrup in the given context. Argue for the optimal approach and formulate the anatomy of the cyber-attack in the given context.
(approximately 750 words)
