CYSE 300

Introduction to Cybersecurity

The course contains ten cybersecurity laboratory assignments and a research paper. Please include the research paper and a few of the laboratory reports you generated for the class. The laboratory reports should contain the required artifacts illustrating the successful completion of cybersecurity-related activities. They should be formatted and written in a professional manner as if you were submitting them to executives in an organization.

The cybersecurity laboratories include the following:

  • Performing reconnaissance and probing using common tools;
  • Performing a vulnerability assessment;
  • Enabling Windows Active Directory and user access controls;
  • Using group policy objects and Microsoft Baseline Security Analyzer for change control;
  • Performing packet capture and traffic analysis;
  • Implementing a business continuity plan;
  • Using encryption to enhance confidentiality and integrity;
  • Performing a website and database attack by exploiting identified vulnerabilities;
  • Eliminating threats with a layered security approach; and
  • Implementing an information systems security policy.

Below is a research paper that I wrote in this course.

COLONIAL PIPELINE CYBER ATTACK
Josiah Marshall
CYSE 300: Introduction to Cybersecurity
Dr. Joseph Kovacic
January 24th, 2023

In May of 2021, the Colonial Pipeline was the victim of one of the biggest ransomware
attacks in the last decade. A ransomware attack is where a hacker or hackers break into a system
such as a network or system files and demand an account of money in return for them. This
ransomware attack shut down the main pipeline that runs along the East coast for several days
and was even declared a state of emergency by President Joe Biden. In this attack were many
different cybersecurity vulnerabilities, threats, and overall low security that led to this attack
happening.

The threat in this ransomware was a leaked password. However, there were multiple
cybersecurity vulnerabilities that led to this ransomware. Hackers of group that calls themselves
“DarkSide” accessed the colonial pipeline network system through an exposed password from a
VPN account. Like many other big organizations, the colonial pipeline uses a VPN to provide
extra security and encrypted remote access into the corporates network. The VPN account that
the colonial pipeline company had was inactive and very poor. Combining an inactive VPN
account with not having a multifactor authentication, it made it very easy for DarkSide to hack
into the network system.

This incident led to a lot in the short time that it happened. As stated above in the
introduction, the pipeline was shut down for the week to reduce the risk of exposure to the
operational network. Also, the colonial pipeline had to pay about approximately $4.4 million in
Bitcoin to the DarkSide. This all could have been stopped if the colonial pipeline just had a
cybersecurity team with the right security measures. If the company didn’t have an inactive VPN
account and had a multifactor authentication tool, the DarkSide could not have been able to
access their network. This just shows that every big company needs a cybersecurity team to
implement the right security measures and test them every so often. If the inactive VPN account
was tested, then the colonial pipeline would have known that it was inactive and not working.
Then something could have been done about that. It is important to investment into a
cybersecurity team to help build your security instead of taking massive amounts of money loss
like the colonial pipeline did.

References
“Colonial Pipeline hack explained: Everything you need to know”
https://www.techtarget.com/whatis/feature/Colonial-Pipeline-hack-explained-Everything-you
need-to-know
“Back to Basics: A Deeper Look at the Colonial Pipeline Hack”
https://www.govtech.com/sponsored/back-to-basics-a-deeper-look-at-the-colonial-pipeline-hack