Homework answers / question archive / ACCG3025 Session 2, 2020 Cybersecurity Breach Report Assessment Task Word Limit: 2000 words (excluding footnotes and bibliography) Submit: on iLearn through Turnitin Task: You are the Chief Information Security Officer for Deltex Ltd, a listed company which runs a gin distilling business, but which has pivoted to making hand sanitiser during the Covid-19 pandemic on automated production lines

ACCG3025 Session 2, 2020 Cybersecurity Breach Report Assessment Task Word Limit: 2000 words (excluding footnotes and bibliography) Submit: on iLearn through Turnitin Task: You are the Chief Information Security Officer for Deltex Ltd, a listed company which runs a gin distilling business, but which has pivoted to making hand sanitiser during the Covid-19 pandemic on automated production lines

Computer Science

Share With

ACCG3025 Session 2, 2020

Cybersecurity Breach Report Assessment Task

Word Limit: 2000 words (excluding footnotes and bibliography)

Submit: on iLearn through Turnitin

Task: You are the Chief Information Security Officer for Deltex Ltd, a listed company which runs a gin distilling business, but which has pivoted to making hand sanitiser during the Covid-19 pandemic on automated production lines. Deltex Ltd has suffered a cyber-attack and breach. Using the attached information (which has been collated by an external IT forensics consulting firm), prepare a report to the Board of Directors advising:

a) What cybersecurity vulnerabilities in the business enabled this breach to occur?; b) What should the company do in response to the attacks/breaches?; c) To what extent are the company or its directors liable under Australian civil or criminal law for these breaches / the consequences of these breaches? d) Are there any crimes which have been committed that should be reported to the police? e) Provide at least five recommendations to the Board of Directors on actions they should take to mitigate this attack / prevent similar breaches occurring in the future

For the purposes of this assessment task, you need only to briefly note (but not analyse) any potential breaches of Australian privacy law (as we will cover that topic in more detail later in the semester). Please focus on the cybersecurity issues only.

Requirements:

1) See the Assessment Guide and Unit Guide for the Unit, both of which are available on iLearn.

2) Marking Rubric: See the Assessment Guide.

3) Font: Times New Roman 12-point.

4) Begin your report with a one-page Executive Summary (which is different to an Introduction).

Document #1:
Sender: CEO@deltex.com.au
To: ITManager@deltex.com.au
Re: Request for budget allocation to purchase next-generation firewall
30 August 2020 06:30:00 AEST
Dear Christopher,
Unfortunately, I have to decline your request for $500 000 to fund the purchase of a two-year
licence for a next-generation Cisco firewall. In the current economic environment, your department
will simply have to make do with the current D-Link DIR-865 routers and freeware Zonealarm v15.3
firewalls which were approved by my predecessor in 2018. I’m sorry, but the Board of Directors has
advised me that we need to deploy those financial resources in our upcoming round of
redundancies.
Regards,
Jessica
CEO – Deltex Ltd
Document 2:
Sender: ITtraining@deltex.com.au
To: ITManager@deltex.com.au
Re: IT Training
30 August 2020 09:15 AEST
Dear Christopher,
As you requested, I sent out a firm-wide email invitation three weeks ago for our latest cybersecurity
training session. Unfortunately, the response rate was not great and only twenty of three-hundred
staff registered. Eight showed up on the day and three of those had to leave after the first ten
minutes to respond to an urgent customer complaint.
This was a pity as I thought we had prepared quite a good presentation on how to detect spear-
phishing emails. Unfortunately, the CEO was unable to introduce the session as originally planned.
In light of this low turnout, I think it best that we delay our phishing test email campaign for a few
months.
Kind regards,
Helen
IT Manager - Deltex

Document 3:
Email dated 30 August 2020 02:30 AEST
From: deliveries@deltex.com.au
To: CEO@deltex.com.au
Re: Loss of shipment being delivered to Colesworth warehouse
Dear Jessica,
Vicky Rees at Colesworth has just advised me that one of their semi-trailers which had collected
eight pallets of 80% alcohol Deltex hand-sanitisers from our factory has exploded in flames when it
reversed up to the unloading bay of the Colesworth warehouse yesterday evening. The resulting
fireball set their warehouse on fire and has resulted in what is estimated to be $35 million of
damage. The forensic report from the police reveals that the lids on some of the Deltex hand
sanitisers broke off during shipping and the alcohol gel had spilled throughout the trailer. When the
employee opened the back door of that trailer, hundreds of litres of gel vapour leaked out and some
got onto the hot brakes of the trailer causing the explosion. Fortunately, no one was killed!
The CEO of Colesworth will call you this morning to discuss further about how their warehouse will
be out of action for a month or more.
Regards,
Andrew
Document 4:
Email dated 30 August 2020 09:30 AEST
From: ITManager@deltex.com.au
To: ceo@deltex.com.au
Re: Strange email you received last week
Dear Jessica,
My team have reviewed the email you received three weeks ago which appeared to come from one
of the Deltex Board of Directors, Olivia Dunn. Thank you for forwarding it to us.
Whilst at first glance it appeared to be a legitimate email, I confirmed with Olivia that she did not
send that email requesting you to give her details about the equipment which controls the robotic
bottling plant Deltex has re-purposed to make hand sanitiser.
The email address to which you sent your detailed reply <ODunn@gmail.com> was not controlled by
Olivia. The IP address from which the email was sent is geo-located in Pyongyang, North Korea. We
contacted Gmail, but they told us to come back with a warrant if we wanted more information about
that email account.
Do you want us to pursue this further?
Christopher

Document 5:
Email dated 30 August 2020 09:45 AEST
From: Webmanager@deltex.com.au
To: ITManager@deltex.com.au
Re: Deltex website is down
Hi Chris,
Two hours ago, I started to receive tweets from customers stating that they were having difficulty
accessing the Deltex.com.au website. Those customers were finding it hard to complete their orders
this morning, experiencing intermittent timeouts. I checked the webservers and they are still
powered up, but the fans are running really loudly and both the CPU and network capacity are
running at 100%.
Do you know if there has been a big marketing campaign for Deltex products overnight? The traffic
to our site is coming from all over the world at gigabytes per second which is saturating our Internet
connection. I rang our ISP, Telnode, and they said they could increase our upstream bandwidth from
1Gbps to 10GBps but that it would cost us $5000 per month. Do we have budget for that?
Kind regards,
Candice
P.S. Have you made a decision about which of the three options to fix the GraphX code library
security problem on our webserver you like best? I emailed you about it earlier this month.
Document 6:
Email dated 30 August 2020 10:00 AEST
From: bad2thabone@h4ckers4hire.net
To: ceo@deltex.com.au
Re: Pay us, or else
Dear Jessica,
Due to your lax internet security, we have control of your production lines, have smoked your
website, and have exfiltrated 20gb of internal corporate documents from Deltex over the past
month. This includes:
a) your 2021 marketing strategy
b) your world-famous gin recipes
c) details of your ongoing bulk sales of gin to the Haudistani royal family (in violation of UN
sanctions on that country)
If you do not pay us 200 Bitcoin in the next seven days, we will shut down your production and
upload all of your documents to our website and send copies of those documents to the
international union of investigative journalists. Send the cryptocurrency to this address:
<asfdlkjsafd8908asdfilkjasklfdklasj>. You can see examples of other companies who refused to pay
their ransoms at our website: <h4ckers4hire.net>… their CEOs did not last very long in their jobs.
Regards,
Alphonse Capone

Document 7:
Email dated 30 August 2020 11:30AEST
From: production@deltex.com.au
To: ITManager@deltex.com.au
Re: Production problems
Dear Chris,
I have noticed some strange glitches in our automated production line over the past few weeks. For
some reason, the LeverPack Screw-capping machines keep on over-tightening the pump-pack lids
onto the hand sanitiser bottles causing the plastic necks of some of them to crack. This is occurring
randomly. It goes away for a while when I reboot the machines, but then the problem re-emerges
within about thirty minutes. Some batches have more damage than others. I usually throw out the
damaged bottles but there doesn’t seem to be many damaged bottles in the rubbish skip from the
past week’s production run (managed by a junior staffer here as I was away on annual leave), so
perhaps this is now a lower-priority issue than it was earlier this month.
I would have sent this to you sooner, but I was away in Coffs Harbour, so I haven’t yet had a chance
to talk to you about this problem. Can you send one of your IT boffins down to have a look?
I must say that I don’t think these machines are as reliable as the old non-Internet connected
machines that I previously used. This new-fangled IoT tech is more hassle than it is worth!
Regards,
Nicholas
Deltex Warehouse Manager
Document 8:
Email dated 02 August 2020 1432 AEST
From: Webmanager@deltex.com.au
To: ITManager@deltex.com.au
Dear Christopher,
I read a report today on GitHub about how the GraphX encryption software library has been
discovered to have been infected for the last twelve months with malware. We use that software
library in the codebase of our webplatform to protect the remote login systems for contractors to
our IT systems.
I think we should do one of the following options: a) remove the GraphX code library from our
webplatform and replace it with a more secure code library (I estimate that this would require taking
the webplatform offline for ten days at a cost of $5000); b) work with the developers to update our
webplatform to include the latest patched version of the GraphX code library (this would require
three weeks of work and testing time but would only take the webplatform offline for an hour and
would cost $50 000); or c) buy a new webplatform from IBM at a cost of $75 000 which does not use
that GraphX code library). Please let me know which of these options you approve me to implement.
Regards,
Candice