ETHICAL HACKING AND INCIDENT RESPONSE
ETHICAL HACKING AND INCIDENT RESPONSE
ALTERNATIVE ASSESSMENT - INDIVIDUAL TASK
(Total Marks: 50)
CASE SCENARIO
Phishing is a huge threat and growing more widespread every year. According to a research conducted in 2021, employees receive an average of 14 malicious emails per year. Some industries were hit particularly hard, with retail workers receiving an average of 49. It was found a 7.3% increase in email-based attacks between May and August 2021, the majority of which were part of phishing campaigns. Another 2021 research from IBM confirmed this trend, citing a 2 percentage-point rise in phishing attacks between 2019 and 2020, partly driven by COVID-19 and supply chain uncertainty.
CISCOs 2021 Cybersecurity threat trends report suggests that at least one person clicked a phishing link in around 86% of organizations. The companys data suggests that phishing accounts for around 90% of data breaches. Theres an uneven distribution in phishing attacks throughout the year. CISCO found that phishing tends to peak around holiday times, finding that phishing attacks soared by 52% in December.
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information. An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.
Moreover, phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an advanced persistent threat (APT) event. In this latter scenario, employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data. An organization succumbing to such an attack typically sustains severe financial losses in addition to declining market share, reputation, and consumer trust. Depending on scope, a phishing attempt might escalate into a security incident from which a business will have a difficult time recovering.
Conduct a research on types of phishing attack, by using your own words discuss the criteria of these types and their differences. Select ONE (1) type of the aforementioned phishing attacks, discuss the attack phases involve in order to coordinate a phishing attack. Justify your answer with a suitable case study and include the type of ethical issues an attacker will face if prosecuted.
Report guideline:
Introduction
Type of phishing attack
Selected type of phishing attack
Example of case study (including step-by-step of the attack phases)
Ethical issues in accordance to the attack
Summary and conclusion
*This is just a guideline, student may edit the content accordingly
(50 marks)
INSTRUCTIONS
You are required to complete the assignment individually and submit it through Moodle.
All discussion and justification should be made using your own words (no copy paste work is allowed), and supported with citation from external resources (books, reliable internet resources etc.). Explanation should not be in general, must relate it with a selected/given scenario.
Plagiarism is a serious offence and will automatically be awarded zero (0) marks. Similarity % should be equal or less than 19%. In the case of higher similarity %, students should provide clear justifications to support the output.
Minimum words count should be 2500 words, excluding figures, charts, tables etc., to maximum 3000 words.
All information, figures and diagrams obtained from external sources must be referenced using the Harvard referencing system accordingly.
MARKING RUBRIC
Full Mark (100%) Distinction (80%) Merit 60%) Pass (40%) Fail (20%) Zero (0%)
Attack phases, methodology with the example of attack
(30 marks) Excellent ability to explain and discuss in details on all the attacks phases. Provide clear attack methodology together with example relevant to the case. Demonstrate step by step tutorial on how to use technique/tool/ framework/attack commands. Good ability to explain and discuss in details on all the attacks phases. Provide clear attack methodology together with example relevant to the case. Demonstrate step by step tutorial on how to use technique/tool/ framework/attack commands. Sufficient explanation and discussion on all the attacks phases. Provide clear attack methodology together with example relevant to the case. Demonstrate step by step tutorial on how to use technique/tool/ framework/attack commands. Acceptable explanation and discussion on all the attacks phases. Provide clear attack methodology together with example relevant to the case. No/ not able to demonstrate step by step tutorial on how to use technique/tool/ framework/attack commands. Poor explanation and discussion on all the attacks phases. Unclear attack methodology together with example relevant to the case. No/ not able to demonstrate step by step tutorial on how to use technique/tool/ framework/attack commands. Missing attack phases and methodology.
Critical discussion
(10 marks) Exceptional critical evaluation on the ethical issues faced in the case study provided. Good critical evaluation on the ethical issues faced in the case study provided. Sufficient critical evaluation on the ethical issues faced in the case study provided. Acceptable critical evaluation on the ethical issues faced in the case study provided. Minimal / No critical evaluation on the ethical issues faced in the case study provided. Zero critical evaluation
Originality
(5 marks) Excellent originality of the content is provided in relation to the case study provided. Good originality of the content is provided in relation to the case study provided. Sufficient originality of the content is provided in relation to the case study provided. Acceptable originality of the content is provided in relation to the case study provided. No originality of the content is provided in relation to the case study provided. No proof of originality is provided
Citation / Referencing
(5 marks) An almost professional documentation with exceptional format in documentation structure and referencing.The report follows a referencing style that complies with the format, and the in text citations are made purposefully. All resources were cited and no plagiarism. A very good documentation format including documentation structure and referencing.The report follows a referencing style that complies with the format, and the in text citations are made purposefully. All resources were cited and no plagiarism. A good documentation with satisfactory format in documentation structure and referencing.The report follows a referencing style that complies with the format, and the in text citations are made persistently. Resources were cited with some missing citation and details An acceptable documentation format including documentation structure and referencing.The report follows a minimum referencing style that complies with the format, and the in text citations are made clumsily. Some resources were cited but with missing or limited details. A poor documentation format. The report did not follows any referencing style that complies with the format, and the in text citations are missing. The resources were not cited and details were not provided. Zero referencing
