Business Finance Homework Help

ACCYA 733 USCA Social Engineering attacks and Control Discussion

 

  1. Read the six-step methodology utilized in social engineering in the pre-read document.
  2. Create an event table similar to the table shown in the pre-read document.
  3. Read and analyze the separately attached case.
  4. Map the social engineering step and specific event from the case using the table from the the pre-read document.
  5. Identify specific controls you recommend to prevent, detect, or correct internal control weaknesses. Record those items in the specific controls column and row related to that step/event combination. Note that multiple controls can and should be listed for each step/event combination.
  6. Prepare a written report in memorandum form utilizing Microsoft Word to explain 1) your recommended controls, 2) the order to implement the controls in, and 3) any long-term recommendations 

Introduction August 13, 2012, started like any other Monday. Employees were reporting for work at the South Carolina Department of Revenue. Many individuals started their day by checking e-mails that arrived over the weekend. One executive checked his e-mail account and opened an attachment. The executive then deleted the e-mail and continued with their day. That fall, the United States Secret Service detected identity theft on three South Carolina taxpayers. The Secret Service informed South Carolina State officials on October 10. On October 12, the State of South Carolina hired cybersecurity firm Mandiant to investigate the possibility of a data breach, and offer short and long-term recommendations. Investigation Mandiant used forensic tools and log analysis to determine that a malicious e-mail was sent to several employees of SCDOR. The e-mail used a link that allowed the hackers to access the username and password of those clicking on the link to access the attachment. The analysis provided by Mandiant showed that the hackers logged into the employee’s computer using remote access service starting on August 27. Software deployed by the attackers allowed them to obtain passwords for other users’ accounts on the network. The intruders also installed software on one server to allow for backdoor access to the systems of SCDOR. Starting in early September of 2012, the hackers began accessing and investigating the contents of various servers using the stolen credentials. On September 12, the attackers created a staging directory on a server and began copying database backup files to that location. Over the following two days, the hackers used compression utilities to encrypt the files into 14 archives. The attackers uploaded the files to an off-site location, and next deleted them on the SCDOR servers. An additional archive was uploaded that contained files from the SCDOR website and an encrypted version of the encryption key. The hackers gained additional network access to investigate the network, but Mandiant did not detect further by the attackers. Between October 19 and 20, SCDOR executed recommendations by Mandiant to remove the ability of the attackers to access the network environment and detect any subsequent attempts to access those resources. Public Disclosure On October 26, SC Governor Nikki Haley held a press conference to inform the public that a breach occurred at SCDOR affecting 3.8 million taxpayers, their 1.9 million dependents, and 700,000 businesses. Additionally, the breach exposed 3.3 million bank accounts and 5,000 credit cards. The Governor stated the attack was sophisticated and unpreventable. The State of South Carolina was using data encryption recommendations made by the Internal Revenue Service. She also vowed to find and prosecute the perpetrators. Epilogue Later hearings at the State House revealed a different story. The hearings exposed a divide between the previous Chief Information Officer (CIO) and Chief Information Security Officer (CISO) at SCDOR. The former CISO stated that the CIO ignored data encryption requests and the need for multi-factor authentication. In December of 2012, the State of SC began mailing letters to those compromised in the attack. The letter offered tips for identity theft detection and prevention. The State of South Carolina contracted with an identity theft monitoring service for taxpayers that wished to enroll. The State of South Carolina paid for the monitoring service until late 2018. The State of South Carolina Budget and Control Board later hired Deloitte to consult on the status and recommend how the State should handle information security (INFOSEC). Their report detailed that each State Agency determined their propensity for cybersecurity risk and allocated resources independently. The primary recommendation was to move to a centralized model for management and oversight for INFOSEC at all SC State Agencies. Conclusion The breach of the SCDOR was a turning point for all governmental agencies throughout the nation. The scope of the attack created great stress and concern from stakeholders. The State of South Carolina paid 18 million dollars for credit monitoring over six years before deciding to discontinue. The breach exposed a system ripe for exploitation with social engineering. The State has responded by centralizing INFOSEC management and practices. The work done is a model for other States. Only time will tell if the continuing efforts are successful in preventing or detecting the next breach. 

BE CAREFUL WHERE YOU CLICK PRE-READ Learning Objectives The specific learning objectives and the corresponding Bloom’s Taxonomy (revised) that a student should accomplish upon completing this case assignment are as follows: Learning Objective Bloom’s Taxonomy (Revised) Cognitive Process Dimension Discuss the steps in a social engineering attack Apply Examine weaknesses in internal control that allowed the social engineering attack to occur Analyze Select preventative, detective, and corrective controls to apply to those internal control weaknesses Evaluate Recommend steps to be taken in the short and long-term Evaluate In addition, the following Association of International of Certified Professional Accountants (AICPA) Pre-certification Core Competency Framework are addressed: • Accounting competencies – Reporting – Research – System or process management • Business competencies – Process and research management – Governance perspective • Professional competencies – Decision making Assignment 1. Read the six-step methodology utilized in social engineering in this document. 2. Create an event table similar to the table shown in this document. 3. Read and analyze the separately attached case. 4. Map the social engineering step and specific event from the case using the table. 5. Identify specific controls you recommend to prevent, detect, or correct internal control weaknesses. Record those items in the specific controls column and row related to that step/event combination. Note that multiple controls can and should be listed for each step/event combination. 6. Prepare a written report in memorandum form utilizing Microsoft Word to explain 1) your recommended controls, 2) the order to implement the controls in, and 3) any longterm recommendations..2 Six-Step Methodology Utilized in Social Engineering A six-step process describes the methodology used in social engineering techniques. Conduct reconnaissance – This step involves understanding the organization’s systems and technology in addition to identifying the target(s). Attempt social engineering – This step may be as simple as obtaining e-mail addresses from external sources to building a trust relationship with the potential target(s). Scan and map the target – Identification of potential points of entry into the system. Research – The hackers next gain an understanding of the location and type of data available on the organization’s networks, along with the access levels of the target(s) they have acquired. Execute the attack – This step involves accessing and extracting the organization’s data. The extraction may be broken up into multiple small parts to minimize the opportunity for detection. Cover tracks – The hackers need to cover evidence of their actions or identities. Frequently, a “back-door” is installed to allow them to return in case their original means of access are closed.Event Table

STEP Event Control Type (P, D, C) Specific Control