Cybersecurity Threat Model Report

Name

Institution

Date
 Executive Summary

The use of computers in modern-day cyberspace has become more vulnerable to data breaches
and loss which have led to losses that have been experienced by JBS company which had an attack on its
systems where 5TB of data was destroyed by hackers. The case scenario will be a simulation of possible
threats like the threats JBS company had. The relation connecting the two more easily and simply is
common to the food processing sector. The comparison using the STRIDE model has led to identifying
and categorizing the threats from possible threats in the attack sections in different locations identified
as threat boundaries.

Introduction

Cybersecurity has been one of the main concerns in the protection of data and computer access
from unauthorized personnel in modern cyberspace. Dealing with the threats and vulnerabilities in the
organization's systems need to be maintained and protected at the current threat levels. The case of
Mindys Independent Packers(MIP) has potential threats to the cybersecurity issues where there is a
need t provide knowledge and possible solutions to the threats identified in the case scenario. This
paper will be talking about issues in the PIM scenario which will be including designing data flow
diagrams, discuss on threat discovery, and making a listing of threats categorized in STRIDE methodology.

JBS Case Scenario

JBS is a renowned meat processing company whose parent company is in Australia and has been
a victim of ransomware in 2021. It had vulnerabilities in its systems which led to its data being exfiltrated
leading to threats of data exposure and deletion by the renowned Revil group as reported by Security
Scorecard. encrypting their environment, the attackers had JBS data under siege orchestrating data
exfiltration that took three months from March 2021. The company had some vulnerabilities in their
systems where the source intrusion vector was not identified but had an active connection of
unauthorized connection from Indian servers between May 18 th and May 24th, 2021. In the earlier days of
February 2021, there were attempts to access the systems through the Remote Desktop Protocol(RDP)
and later in march had data infiltrated. According to Security Scorecard, the company had 45GB of data
exfiltrated to a web-sharing site which in later records, the company had made a 5TB data loss in three
months causing a serious threat to the supply chain. The attack had more money gain interest from the
attackers. Selling the data to the dark web would cause a risk of exposure and cause the company to
make a payment of $11 million as indicated in his report, by the CEO of JBS Australia Andre Nogueira in
the Wall Street Journal. The attacker had access to the management databases where it was forced to
make the ransom to protect the identity of their clients otherwise, the company was at risk of
losses(article).

Data Flow Diagram

1.0 Context Diagram

Fig.1 Context diagram for MIP company.

The context diagram is indicating the main elation of MIP with its basic environment where it has
been in the market where integration if its data has been connected whose sources, includes the
customers' information and provides one to track the best Level diagram of the transactions in the
company and expose possible threat points in the system where attacks can be carried from. The
following is the best use of risk analysis of the organization using a level-1 DFD which describes the MIP
systematic transactions between the company and clients.

1.1 Level diagram

Fig.2 A Level-1 DFD for MIP Company.

 Under the L-1 DFD, the management has to take the necessary measures in maintaining security
in modern cyberspace. Concerning the upcoming technologies, there is a need for regular check-ups on
the most vulnerable breach points within the system. Under the circumstances of the frequent
cyberattacks in Australia, there is a need to have more advanced data security to ensure that the
compromise of resources does not occur. The effect may lead to inflation, geopolitical conflicts, and
issues like the ripple effects in the stock market.

Threat Discovery

Data integrity is the main concern of many firms where there is a need to have the best practices
to have the company’s data to be more secure. According to Al-Hawawreh, Moustafa, & Slay(2021), the
need to have risk modeling in cybersecurity, the management can discover all the possible threat issues
n the system and find contingent measures to the identified threats. MIP need to have to be more
careful of the attacks and their system is prone to a large no of vuneralabilites in the current cyberspace.
The company has risked the integration of its transactional database into its website. The business
website is more prone to online issues that will be listed in the table.

The discovery techniques of the threats that may be awaiting for MIP company were identified through
the;

Through questionnaires, I was able to ask some friends about the issues affecting security features in
modern cyberspace.

 Asked an IT expert about the vulnerability of passwords in a system

 Had an online session with a start-up manager and asked for details on how hackers use trojan
horses and logic bombs on target apps.
 Consulted a database manager and queried on issues relating to SQL injecting and related DoS
attacks on transactional databases.
 Consulted a web developer on issues that are related to threats like dive by download, and
insider threats.
 Had interactions with some customer care workers and asked for information about related
phishing through the company’s email compromise.

Threats
1. Denial of Service attacks
2. Malware
3. Cross-site scripting
4. Dive by download
5. Password cracking
6. Eavesdropping
7. Phishing
8. Man in the middle
9. SQL injection attacks
10. Insider threats
Table.1 A table of possible threats in the MIP system.

Denial of Service
 The attack can occur in the transaction DB where the main system can be hacked and services
offered to the customers be suspended. This can cause the system to be flooded with a request for
access to the intended system. Due to the high profiling of meat processing companies around the globe,
the services may be used or suspended threatening sales while exposing valuable data to competitors
who may have access to the data through the dark web. Legitimate users like administrators are denied
to have access to the system resources which later leads to a loss of information and time to handle the
incident. This can threaten the company to have data integrity issues which lead to exposing clients’
information leading to serious losses. Accounting information can be used by competitors in finding the
weaknesses of the firm leading to exposure of firm-related financial disclosure(Syed et al.,2020).

Through the website which is connected to a transactional database, the company is at risk of
attacks which can lead to serious damage to the accounting information and the customer information.
Saturation through attacks like the ping flood of the main system will have heavy traffic of packets
leading to a denial of service to the victim’s computer. This will be characterized by slow performance,
unsuccessful access to certain websites, or frequent loss of connection from a certain network since they
lie under application layer attacks. Mitigation of such attacks can be done through methods like the use
of firewalls or loading resources which are computerized under load balancers while reducing direct
internet traffic access to the main system(Zebari et al., 2020).

Malware Attacks

Malware attacks on the system seem to be more than any other kind of attack in the MIP
system. This means that the clients and the servers are at risk f malware attacks. The attacks can be
orchestrated to lure the client who is making orders through techniques like phishing emails which can
mislead the clients to make payments elsewhere instead of the targeted supplier. Trojan horses can be
used to block or steal passwords which can give the attacker the ability to block access to the systems
leading to manipulation or loss of data. The attacks usually get access to critical login passwords which in
turn will be used to have malicious activities in the system.

Ransomware is one of the main cyber attacks which have led to many firms making a loss and
making payments to protect data from being exposed. The victim’s computer or system is blocked and
the attacker will demand a ransom. If the victim does not adhere to the terms, the attacker may sell the
company’s data on the dark web which will lead to serious inflation or pressure for market goods. As the
exposure of critical information to the general public, the company will be on the verge of collapsing
since their supply chain logistics and powers can be exposed to competitors leading to loss of production
powers. Having an offline backup of the company’s data is the main solution to malware attacks. There is
the use of layered security which in cases use of one layered security is a threat( Davies, Macfarlane, &
Buchanan, 2020). Examples of malware attacks include end-to-end encryption and data security among
others

SQL Injection Attacks

A transactional database connected to the business website has a bigger threat like the Out-of-
band SQL injection threats. According to Kareem et al.(2021), the attack occurs when the attack vector is
installed in the backend of the victim’s computer which risks exposure of critical information which can
include private contractors, customers, or even valuable information from the database. The tax
information which is in the system can also lead to threats that are related to accessing business data.
the attacker can expose the backend of the victim which can cause a threat to the victim and an
opportunity to competitors. The attack usually makes use of access to gain rights of administration which
later exposure can lead to potential loss of customers’ trust(Li et al., 2018). The addition of protection in
a layered approach by the addition of data-centric defense may serve as a mitigation idea for SQL
injection attacks that mainly will focus on data protection against manipulation and deletion.

STRIDE Methodology

Category Threat Threat boundaries

Spoofing identity Phishing attacks Website portals, emails
Tempering data DoS attacks, SQL injectors, flames Transactional databases,
emails, RDP access
Repudiation threats Access attacks, emails
Information disclosure Ransomware, Trojan horses, injectors, Database access, keystroking
dive by download, spyware recording through the RDP
access.
Denial of service Denial of service attacks Cloud interfaces
Elevation of privilege Insider threats Personal emails,
Table.2 A table of categorized threats identified in STRIDE methodology.

Conclusion

Cybersecurity has led to many losses and falls of great companies due to poor data protection in
the last decade. Some of the threats that have been worse of all Are the DoS attacks and the use of
malware. Data integrity is the main concern of many firms where there is a need to have the best
practices to have the company’s data to be more secure. The effects of data breaches may lead to
inflation, geopolitical conflicts, and issues like ripple effects in the stock market. Dealing with the threats
and vulnerabilities in the organization's systems need to be maintained and protected at the current
threat levels

References
 Article; https://securityscorecard.com/blog/jbs-ransomware-attack-started-in-march

Bodeau, D. J., & McCollum, C. D. (2018). System-of-systems threat model. MITRE CORP MCLEAN
VAHOMELAND SECURITY SYSTEMS ENGINEERING AND DEVELOPMENT INSTITUTE.

Bodeau, D.J., McCollum, C.D. & Fox, D.B., 2018. Cyber threat modeling: Survey, assessment, and
representative framework. MITRE CORP MCLEAN VA MCLEAN.

Li, K., Wen, H., Li, H., Zhu, H. & Sun, L., 2018, October. Security OSIF: Toward automatic discovery and
analysis of event-based cyber threat intelligence. In 2018 IEEE SmartWorld, Ubiquitous Intelligence &
Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data
Computing, Internet of People and Smart City Innovation
(SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI) (pp. 741-747). IEEE.
Kareem, F. Q., Ameen, S. Y., Salih, A. A., Ahmed, D. M., Kak, S. F., Yasin, H. M., ... & Omar, N. (2021).
SQL injection attacks prevention system technology. Asian Journal of Research in Computer
Science, 6(15), 13-32.

Al-Hawawreh, M., Moustafa, N. & Slay, J., 2021. A threat intelligence framework for protecting smart
satellite-based healthcare networks. Neural Computing and Applications, pp.1-21.

Kareem, F.Q., Ameen, S.Y., Salih, A.A., Ahmed, D.M., Kak, S.F., Yasin, H.M., Ibrahim, I.M., Ahmed, A.M.,
Rashid, Z.N. & Omar, N., 2021. SQL injection attacks prevention system technology. Asian Journal of
Research in Computer Science, 6(15), pp.13-32.

Syed, N. F., Baig, Z., Ibrahim, A., & Valli, C. (2020). Denial of service attack detection through machine
learning for the IoT. Journal of Information and Telecommunication, 4(4), 482-503.
Zebari, R. R., Zeebaree, S. R., Sallow, A. B., Shukur, H. M., Ahmad, O. M., & Jacksi, K. (2020,
December). Distributed denial of service attack mitigation using high availability proxy and network load
balancing. In 2020 International Conference on Advanced Science and Engineering (ICOASE) (pp. 174-
179). IEEE.

Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2020). Evaluation of live forensic techniques in
ransomware attack mitigation. Forensic Science International: Digital Investigation, 33, 300979.

Li, Y., Zhang, P., & Ma, L. (2019). Denial of service attack and defense method on load frequency control
system. Journal of the Franklin Institute, 356(15), 8625-8645.