Learning Outcomes Assessed: ULO1,2,3and4 Word Limit: 2,500words
Due date:13April2025,11:59pm(AEST)
All submissions must be submitted with a signed Ozford Institute of Higher Education Cover Sheet via Moodle. Late submissions will attract a penalty of 5% of the assessment weighting for each calendar day late unless the lecturer grants an extension.
Assessment Task:
Read the supplied case study (Sentinel Cyber Shield Pty Ltd) and follow the instruction provided at the end of the case study to prepare a written report.
Case Study:
Case Study:Sentinel Cyber Shield Pty Ltd. Background
Sentinel Cyber Shield Pty Ltd.*, founded in 2010, is a leading Australian cybersecurity firm headquartered in Sydney. It provides advanced cybersecurity solutions, including managed security services, digital forensics, and threat intelligence. The company serves government agencies, financial institutions, healthcare organizations, and critical infrastructure providers.
Due to its role in protecting sensitive data and national security assets, Sentinel Cyber Shield has become a high-value target for state-sponsored and financially motivated cyber criminals.
*Note:Sentinel Cyber Shield Pty Ltd.is a fictional entity created for educational purposes and does not represent any real-world organization.
Incident Overview
On March 5, 2025, Sentinel Cyber Shield detected a highly coordinated ransomware attack launched by a cyber criminal group known as "Phantom Jackals". This attack was significantly more sophisticated than typical ransomware campaigns, utilizing a triple-extortion strategy:
Data Encryption–The ransomware encrypted mission-critical files,affecting client contracts, legal documents, and threat intelligence reports.
Data Theft–Theattackersexfiltratedover750GBofsensitiveclientdata,including government intelligence files and financial transaction logs.
DDoS Attack Threat–The group threatened to launch distributed denial-of-service(DDoS) attacks on Sentinel Cyber Shield’s clients if the ransom was not paid.
Key Incident Details
Attack Entry& Initial Breach
Zero-Day Exploit – The attackers exploited a zero-day vulnerability in Sentinel CyberShield’s remote monitoring software.
Phishing & Social Engineering –A targeted spear-phishing attack tricked a senior executive into downloading a malicious "security update".
Supply Chain Compromise – The attackers infiltrated a third-party cloud storage provider, gaining access to Sentinel’s offsite backups.
Tactics & Techniques Used
File less Malware & Living-off-the-Land (LotL) Attacks – The ransomware used existing administrative tools like Power Shell and Windows Management Instrumentation (WMI) to evade detection.
Lateral Movement–Attackers gained domain administrator privileges with in hours, allowing them to disable endpoint security tools.
Stealth Persistence – The malware established multiple back doors, ensuring continued access even after initial remediation efforts.
Ransom Demand & Threats
The attackers demanded AUD 12 million in Monero (XMR) cryptocurrency.
They threatened to release stolen government intelligence data on dark web forums.
A DDoS attack was launched against Sentinel’s main client portal,forcing downtime and service disruptions.
Third-Party & Regulatory Challenges
Several high-profile financial institutions and a government cybersecurity agency were affected.
The Australian Critical Infrastructure Act (2023) mandates strict breach reporting and severe financial penalties for non-compliance.
Sentinel’s cyber insurance provider initially denied the claim, citing insufficient cybersecurity controls in its supply chain.
Immediate Actions Taken
Incident Response Team(IRT)Activation–The team isolated infected systems,but threat actors had already established persistence mechanisms.
Emergency Threat Hunting – Advanced forensic analysis uncovered multiple undetected vulnerabilities still being exploited.
Client & Regulatory Notifications – Government authorities, major financial institutions, and healthcare clients were immediately notified.
Threat Actor Negotiations – A crisis response team was deployed to engage in ransom negotiations while alternative decryption methods were explored.
Requirements
As a cyber security consultant assigned to Sentinel Cyber Shield Pty Ltd.,your task is to prepare a comprehensive report addressing the following:
Roles and Responsibilities
Based on the incident details, define the specific roles and responsibilities involved in responding to the ransomware attack. Consider roles such as Cyber Risk Manager, Incident Response Coordinator, Regulatory Compliance Officer, IT& Security Teams, etc.
Cyber Risk Identification & Management Plan
Describe the types of cyber security threats encountered in this ransomware attack and develop a risk management plan addressing the following areas:
Threat Identification & Attack Methods: Explain the attack vector (e.g., phishing, zero-day exploits, supply chain vulnerabilities); Identify high-risk assets affected, such as client financial data, government contracts, and internal IP.
Business Impact Analysis (BIA):Assess the impact of the ransomware attack on financial operations,reputation,and legal standing;Quantify potential revenue loss, regulatory fines, and insurance implications.
Regulatory & Compliance Obligations: Determine legal obligations regarding data protection laws, financial regulations, and critical infrastructure security; Outline reporting requirements to regulators and affected stakeholders.
Strategic Threat Mitigation & Response Plan
Based on the incident details, describe the potential cybersecurity threats facing Sentinel Cyber Shield Pty Ltd.and discuss strategies for mitigating these threats.Your response should cover the following areas:Preventive measures,Detective Measures,Response Measures and Recovery Measures.
Cybersecurity Governance & Business Risk Management Frameworks
Discuss relevant business-focused cyber security frameworks that can be used to improve risk management and response planning.
COBIT2019–IT risk management & business resilience.
Cyber Risk Quantification–Estimating potential financial losses from future cyber attacks.
Report Structure
A title page with subject code and name,assignment title,student’s name,student number, and lecturer’s name.
The introduction(200–250words)that will also serve as your statement of purpose for the report—this means that you will tell the reader what you are going to cover in your report. You will need to inform the reader of:
Your area of research and its context(key concepts)
The key elements you will be addressing
What the reader can expect to find in the body of the report
The body of the report (1,700–2,000 words) will need to respond to the specific requirements of the case study. It is advised that you develop a report to identify the threat types and key factors involved. This will support you to understand the most at- risk components,development staff focuses on components with a high attack probability and manage them.
The conclusion(200-250words) will summarize any findings or recommendations that the report puts forward regarding the concepts covered in the report.
It is recommended that you read various academic papers, magazine articles, before writing this report. You will be expected to have consulted as many sources (at least 10) such as journal articles, books, market reports etc. to write the report (i.e. support your arguments with theories and market figures, tables etc, we shall discuss the formatting in class).
Remember to reference this articles in-text as you use them and add them immediately to your reference list at the end of your report.The referencing style used by Oz ford Institute of Higher Education is Harvard Referencing style (For example see Moodle).
