Focus Mode
Trash

Information Security Analyst

iocOne
Information Security Analyst
This article outlines the responsibilities of an Information Security analyst at AIG, focusing on mitigating vulnerabilities like Log4j, preventing ransomware attacks, and implementing continuous monitoring. Key strategies included using resources from CISA for vulnerability assessments and creating custom tools for decryption. Affected: AIG, Cybersecurity & Infrastructure Security Agency (CISA), Apache Log4j, ransomware gangs

Keypoints :

  • AIG is an American multinational finance and insurance corporation with operations in over 80 countries.
  • Information security analysts monitor emerging vulnerabilities to protect company assets.
  • CISA publishes advisories to inform organizations about cybersecurity threats and mitigation strategies.
  • The first advisory highlights serious vulnerabilities in the Log4j software library, including CVE-2021–44228 (“Log4Shell”).
  • The second advisory discusses rising ransomware attacks becoming more professionalized.
  • Preventive steps taken included deep scans, isolating vulnerable assets, and pushing patches.
  • A ransomware attack was detected on a server, with only a single zip file encrypted.
  • A Python script was developed to bruteforce the decryption key and decrypt the file.
  • Forensic investigations were conducted to understand the attack vector and any potential risks.
  • Continuous monitoring was established to prevent future attacks and ensure system integrity.

MITRE Techniques :

  • T1071 – Application Layer Protocol: The use of the Log4j vulnerability (CVE-2021–44228) to exploit applications.
  • T1202 – Software Exploitation: Exploiting Log4j vulnerability by attackers to gain unauthorized access.
  • T1566 – Phishing: Cybercriminals using phishing methods to gain access to networks.
  • T1040 – Network Sniffing: Monitoring network traffic to identify encryption patterns for ransomware attacks.
  • T1083 – File and Directory Discovery: Scanning the network to look for files involved in the ransomware deployment.

Indicator of Compromise :

  • [URL] https://github.com/cisagov/log4j-affected-db
  • [URL] https://github.com/CERTCC/CVE-2021-44228_scanner
  • [MD5] 1f0e1eb5d11b814ce90c5f10ad2abd55 (example placeholder, not from the text)
  • [Email] attacker@example.com (example placeholder, not from the text)
  • [IP] 192.168.1.1 (example placeholder, not from the text)

Full Story: https://medium.com/@bolajibaqi/information-security-analyst-ca5f53058a96?source=rss——cybersecurity-5

Tags: CLOUD, CVE, ZERO-DAY, PASSWORD, PHISHING, VIRUS, VULNERABILITY, IMPACT