Project written report

User Generated

xraal23

Business Finance

Description

Perform a search on the Web for articles and stories about social engineering attacks or reverse social engineering attacks. Find an attack that was successful and describe how it could have been prevented.

Power point presentation of 8-10 slides is required.

The final report should be 10-12 pages, 12 font size, 1” margins, double-spaced, including figures, tables, etc.

Follow the current APA format guide for your report. Use spell check, grammar check, etc. to make sure that your report is written in professional form with no keyboarding or grammatical errors.

No abstract is required. However, a cover page and a reference page are required. Make sure the cover page and reference page are also in current APA format.

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: PREVENTION OF TARGETED ATTACKS ON US ENERGY DEPARTMENT

Prevention of Social Engineering Targeted Attacks on US Energy Department
Names:
Institution:

1

PREVENTION OF TARGETED ATTACKS ON US ENERGY DEPARTMENT

2

Prevention of social engineering targeted attacks on US energy department
Technology has been growing at a high rate in the 21st century. Equally, new threats
have been emerging at a fast rate while existing ones have been escalating each and every
day. In fact, Stallings & Brown (2012) report that these threats could be growing at a
relatively faster rate than the rate at which technology has been growing and especially due to
the slow rate at which corporates and individuals alike have been updating their technology.
Since the tech industry often responds to threats after they are already in the circulation, and
in which it could take a relatively long period for researchers to identify the vulnerabilities
and subsequently develop solutions, both new and existing threats create a major challenge
for the tech industry. Unfortunately, the losses that arise from these threats may be too high
for organizations in terms of both financial and material losses. In this case, Sanders, Randall
& Smith (2013) recommend that organizations make it their priority to mitigate rather than
wait for them to occur before they can be implemented. This paper will explore a recent event
of social engineering, how the threat occurred, and ways that it could have been mitigated.
Overview of social engineering threats
Social engineering attacks have become increasingly common in the recent past. As
defined by Workman (2008), these are threats that rely on human interaction and often one in
which the attacker tricks the victim into thinking of something as legit while at the same time
exposing their data or creating a vulnerability on their systems. In a recent report, Social
Engineer (2014) reported that at least 66% of all recent threats have been a result of social
engineering and, with the recent rate, the percentage could have risen even further within the
past two years. There are many forms of social engineering threats. However, some of the
most common include phishing, baiting, tailgating, and ransomware, among others. Some of
these threats have been in existence for a long period. However, it is a recent malware

PREVENTION OF TARGETED ATTACKS ON US ENERGY DEPARTMENT

3

combined with phishing emails that attacked the US energy sector that caught the attention of
the public.
The recent threat to the US energy sector came as a series of attacks, some of which
were successful, while others were intercepted before they could actually succeed. In this
case, the threat occurred during the mid-months of 2017, and that affected multiple systems
linked to the energy sector. This attack raised widespread speculation and concern and
particularly since it was allegedly conducted by a Russian hacking group that is closely
associated with the Russian Government. In fact, the Washington Post reported that
government officials and members of the US energy sector had conformed to the news
company that the attacks had been funded by the Russian Government as a way of what was
thought to be espionage (Nakashima, 2017). Although most of the information regarding the
attack was concealed by the affected agencies, Nakashima (2017) adds that some of the
nuclear facilities in the US had already been affected and had to undergo thorough clean up so
as to ensure that all the vulnerabilities and traces of threats had been wiped out. Further
evidence was laid out in the presence of multiple URLs and backdoors that had already been
established by the threats.
Mitigating against social engineering threats
There are various ways that the US Energy Sector could have mitigated against the
recent threats. When mitigating against such attacks, however, Hatfield (2017) insists on the
importance of first knowing the nature of the attack as well as the vulnerabilities that were
present in the various systems within the energy sector. Moreover, different threats affect
systems in different ways, and they are also necessitated by different conditions. In this
regard, there were multiple issues that were laid out by various analysts and experts alike
regarding the real occurrence of the threat. Most of these revolved around poor awareness and

PREVENTION OF TARGETED ATTACKS ON US ENERGY DEPARTMENT

4

training of employees, poorly managed networks and systems, as well as recklessness that
occurred amongst the employees.
The major source of the attacks was identified to be phishing emails. In this case, USCERT (2017) reported that the process had been planned for a long period as the attackers had
previously made attempts to conduct a reconnais...


Anonymous
Awesome! Made my life easier.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags