This assignment is what we call a ‘post-mortem’ of an attack. One of the best things that security professionals can do as they attempt to reduce their attack surface is to learn from the mistakes of others. This assignment will prepare you for the follow on assignment in Module 6, which will be more in-depth.

For this module’s assignment, you will conduct a post-mortem of the 2017 Maersk ransomware attack utilizing the Lockheed Martin Corporation’s Cyber Kill Chain® methodology. You should look at each part of the cyber kill chain and be able to articulate the actions of the attackers as they progress through each step of the kill chain. Focus on the following areas:

1. How long did the attackers spend in each phase?
2. What was the overlap between phases?
3. Can you identify where Maersk should have been able to interdict the attackers?
4. What were the attackers after?
5. What kind of attackers were these? Hacktivists, Transnational Criminal Organization, Nation-State?

Prepare a one- to three-page report accompanied by a PowerPoint briefing presentation (no more than 5 slides) for your supervisor and his executive leadership team to help them better understand, discuss, and assess the attack and anticipate where you think your organization might be vulnerable to a similar type of attack. Your report and PowerPoint briefing slides should complement each other. The intent is to help focus the leadership team of your business/organization on the issues you feel they need to pay them most attention to, providing your rationale and methodology, as needed, with appropriate recommendations.