Assessment 2: Case Study - Analysis report
| Assessment Overview | |
| Weighting | 35% of unit total |
| Due Date | Week 6, Sunday, 22/03/2026, by 23:59 AEDT |
| Assessment Type | Individual assessment |
| Word Count / Length | 2000 words +/- 10% |
| Unit Learning Outcomes | In this assessment, you will be tested on whether you have successfully met the following Unit Learning Outcomes (ULOs):
|
| Submission Type and Required Format | The type of assessment you will be completing is a Case Study Analysis. It should include the following:
|
| Assessment Details | |
| Assessment Purpose | The purpose of this assessment is to develop your ability to perform a proactive threat and risk assessment for a real-world organization against an emerging cybersecurity threat. You will step into the role of a security consultant to profile a relevant threat actor, model a potential attack, identify organizational vulnerabilities, and recommend a robust defensive strategy. This will enhance your skills in threat intelligence, risk analysis, and strategic security planning. |
| Assessment Instructions | For this assessment, you will produce a professional report that addresses the following steps:
1. Select an Organization and a Threat:
2. Threat Actor Profile:
3. Hypothetical Attack Chain Analysis:
4. Vulnerability and Impact Assessment:
5. Protective Security Recommendations:
6. Visual Representation:
|
| Artificial Intelligence (AI) Use | In this assessment, the use of generative artificial intelligence (AI) tools is PERMITTED. You can use AI tools to assist with:
You CANNOT include any AI-generated material in your final report directly without modification or proper acknowledgement.
Specifically, for visual representations, any figures, diagrams, or flowcharts must be created by you and NOT copied or generated by AI.
Example tools might include:
Students take full responsibility for the content of their assessments, and AI tools should be used as a supplement to your own research and analysis rather than as a replacement. If you use AI tools in an unethical or irresponsible manner, such as copying AI-generated output without checking it against reliable sources, you risk committing academic misconduct. Any use of AI must be appropriately acknowledged in the AI declaration on the Assessment Cover Sheet.
Refer to the Using AI page on the ECA Library and Learning Support website for further guidance. |
| Other Important Information | |
| Assessment Resources | It is strongly recommended that you use the following to find academic peer-reviewed sources of information.
For in-text citation and referencing, follow the ECA HE Student Guide to APA 7th Referencing. |
| Submission Requirements | On completion of your assessment:
|
| Assessment Support | For academic support or feedback on a draft of your assessment, please email academic.support@eca.edu.au
For assistance with finding resources, such as books and journal articles, please email library@eca.edu.au
For information and guides on tackling assessments and developing your academic skills, please visit in the ECA Library and Learning Support website: https://eca.libguides.com/
For queries about this specific assessment task, please contact the Unit Coordinator. |
Assessment 2 Rubric
| Criteria (weighted as indicated below) | High Distinction (HD) 85-100 | Distinction (D) 75-84 | Credit (C) 65-74 | Pass (P) 50-64 | Fail (F) 0-49 |
Criteria 1 Context and Threat Profiling (20%) | Provides an exceptionally detailed and insightful profile of a highly relevant threat actor, including a sophisticated analysis of their motivations, capabilities, and relationship to the chosen organization. | Provides a clear and detailed profile of the threat actor with a strong analysis of their motivations and capabilities in the context of the chosen organization. | Provides a good profile of the threat actor and organization, but the analysis of motivations or specific relevance may be less developed. | Identifies a threat actor and an organization but provides a generic or superficial profile with limited analysis. | Fails to identify a relevant threat actor or provide a coherent profile. |
Criteria 2 Hypothetical Attack Chain Analysis (TTPs) (25%) | Develops a highly plausible and technically sophisticated hypothetical attack narrative. Masterfully integrates the MITRE ATT&CK framework to describe a creative and logical sequence of TTPs. | Develops a plausible and detailed attack chain. Effectively applies the MITRE ATT&CK framework to describe the TTPs with clear justification at each stage. | Develops a logical attack chain and applies the MITRE ATT&CK framework, but the narrative may lack technical depth or some TTPs may be less relevant. | Describes a basic attack sequence but the application of the MITRE ATT&CK framework is limited, inaccurate, or superficial. | Fails to develop a coherent attack chain or does not use the required framework. |
Criteria 3 Vulnerability and Impact Assessment (20%) | Demonstrates exceptional critical thinking by identifying specific, nuanced vulnerabilities in the chosen organization and provides a comprehensive, quantified assessment of the potential business impact. | Clearly identifies relevant organizational vulnerabilities and provides a detailed and well-reasoned assessment of the likely financial, operational, and reputational impact. | Identifies key vulnerabilities and assesses the potential impact, but the analysis is more general and may not be fully tailored to the specific attack chain. | Identifies obvious vulnerabilities but provides a limited or generic assessment of the impact without strong justification. | Fails to identify relevant vulnerabilities or assess the potential impact of the attack. |
Criteria 4 Protective Security Strategy (20%) | Proposes a comprehensive and multi-layered security strategy with specific, actionable controls. Expertly structures recommendations using the NIST Cybersecurity Framework, justifying each control with clear alignment to the identified threat. | Proposes a strong and relevant set of security controls logically structured using the NIST Framework. Recommendations are well-justified and directly address the analyzed threat. | Proposes a good set of security controls that are structured using the NIST Framework, but recommendations may be more generic or lack detailed justification. | Proposes basic or high-level security controls with limited use of the NIST Framework or weak justification. | Fails to provide relevant or coherent security recommendations. |
Criteria 5 Report Professionalism & Visualisation (15%) | Exemplary report: professionally structured, exceptionally clear, with flawless referencing. The original diagram is insightful, professionally presented, and significantly enhances the analysis. | Well-structured and clearly written report with minor referencing errors. The diagram is clear, relevant, and effectively supports the analysis. | The report is logically structured but may have some issues with clarity or referencing. The diagram is relevant but may lack detail. | The report structure is difficult to follow, with frequent referencing errors. The diagram adds little value to the analysis. | Fails to meet basic academic standards of structure, referencing, or clarity. The diagram is missing or irrelevant. |
Note: This report is provided as a sample for reference purposes only. For further guidance, detailed solutions, or personalized assignment support, please contact us directly.MCX005 Accounting Systems and Processes
Cybersecurity threats have significantly increased across industries, particularly in sectors that manage sensitive personal and financial data. Healthcare organizations are among the most attractive targets for cybercriminals because of the value of patient records and the critical nature of healthcare services.
This report analyses the potential cybersecurity threat posed by the LockBit ransomware group against Medibank Private Limited, one of Australia’s largest health insurance providers. The analysis is conducted within the 2025–2026 cybersecurity landscape, where increased cloud adoption, remote workforce environments, and artificial intelligence–driven attacks have expanded the threat surface.
The report profiles the threat actor, develops a hypothetical attack chain using the MITRE ATT&CK framework, identifies vulnerabilities within the organization, evaluates the potential impact of a successful attack, and proposes security strategies based on the NIST Cybersecurity Framework.
Medibank is a major Australian health insurance company responsible for managing the personal and health information of millions of customers.
Key assets include:
Due to its large database of sensitive healthcare information, Medibank represents a high-value target for cybercriminals.
The selected threat is LockBit Ransomware-as-a-Service (RaaS).
LockBit is one of the most active ransomware groups globally and operates using an affiliate-based model where cybercriminals deploy ransomware using LockBit’s infrastructure.
Recent developments in the 2025–2026 threat landscape include:
LockBit is a financially motivated cybercriminal organization specializing in ransomware attacks. It operates under a Ransomware-as-a-Service (RaaS) model, allowing affiliates to conduct attacks using LockBit's malware in exchange for a percentage of the ransom.
The primary motivations of LockBit include:
Healthcare organizations are especially attractive because they often prioritize operational continuity and may be more likely to pay ransom quickly.
LockBit commonly targets:
These sectors store sensitive data and often rely on legacy systems that contain exploitable vulnerabilities.
LockBit demonstrates a high level of sophistication, including:
The group frequently adapts its techniques to evade detection by traditional security systems.
This section describes a plausible attack chain that LockBit affiliates could use to compromise Medibank.
The attack follows multiple stages mapped to the MITRE ATT&CK framework.
Technique: Phishing (T1566)
Attackers send spear-phishing emails to employees posing as internal IT notifications requesting password resets.
An employee unknowingly enters credentials into a fake login page controlled by attackers.
Result:
Attackers obtain valid employee credentials.
Technique: Command and Scripting Interpreter (T1059)
Using stolen credentials, attackers access internal systems and execute malicious scripts that download ransomware payloads.
Technique: Create or Modify System Process (T1543)
Attackers create backdoor administrator accounts to maintain persistent access even if the initial credentials are revoked.
Technique: Exploitation for Privilege Escalation (T1068)
Attackers exploit system vulnerabilities to gain administrator privileges across the network.
Technique: Remote Services (T1021)
Attackers move laterally across the organization’s internal network to access database servers containing customer data.
Technique: Exfiltration Over Web Services (T1567)
Sensitive customer information is copied and transferred to attacker-controlled servers.
Technique: Data Encrypted for Impact (T1486)
LockBit ransomware encrypts critical systems and displays a ransom note demanding cryptocurrency payment.
The attacker assumes that:
Employees lack sufficient training to detect phishing attacks.
This assumption is realistic because phishing remains the primary initial access method in over 70% of ransomware attacks globally.
Several vulnerabilities may allow the attack to succeed.
A successful ransomware attack could significantly affect Medibank.
Costs may include:
The cost of ransomware incidents in healthcare often exceeds $10 million per attack.
Customer trust could be severely damaged, resulting in:
Failure to protect personal health information may violate Australian Privacy Act regulations, leading to legal consequences and fines.
Security recommendations are structured according to the NIST Cybersecurity Framework.
Organizations must understand and manage cybersecurity risks.
Recommended actions:
Security measures should prevent unauthorized access.
Recommendations include:
Early detection helps minimize damage.
Recommended controls:
Organizations must respond effectively to cyber incidents.
Recommended actions:
Organizations must ensure business continuity after an attack.
Recommendations include:
You must create your own diagram.
Example you can create in PowerPoint, Lucidchart, or Draw.io:
Structure:
Phishing Email
↓
Credential Theft
↓
System Access
↓
Privilege Escalation
↓
Lateral Movement
↓
Data Exfiltration
↓
Ransomware Deployment
Label each stage with the MITRE ATT&CK technique code.
Cyber threats such as ransomware continue to pose significant risks to organizations managing sensitive information. This report analyzed the potential threat posed by the LockBit ransomware group to Medibank within the modern cybersecurity landscape.
By examining the threat actor profile, modelling a realistic attack chain using the MITRE ATT&CK framework, and identifying organizational vulnerabilities, the analysis demonstrated how such an attack could compromise critical systems and data.
Implementing a comprehensive security strategy aligned with the NIST Cybersecurity Framework can significantly reduce the likelihood and impact of such cyber incidents.
Organizations must adopt proactive cybersecurity measures, improve employee awareness, and strengthen technical defenses to protect against evolving cyber threats.
You should include around 10–15 references.
Example:
LockBit ransomware group profile. (2024). Cybersecurity and Infrastructure Security Agency.
National Institute of Standards and Technology. (2023). NIST Cybersecurity Framework.
MITRE Corporation. (2024). MITRE ATT&CK Framework.
Australian Cyber Security Centre. (2024). Annual Cyber Threat Report.
Verizon. (2024). Data Breach Investigations Report.
Get original papers written according to your instructions and save time for what matters most.
