A Cyber Threat Intelligence(cti) Use Case For Enugu State University Of Science And Technology(esut)

In 2012, ESUT suffered an insider attack, this attacker (who at the time was a lecturer) with the help of a few other staff leveraged his access to critical infrastructure and human connections to dupe prospective students who were seeking admission into the University. He successfully convinced some admission seekers that he could get them admission into the university, leveraging the desperation of said students to gain admittance. He went ahead to create a fake website that was almost visually exact to that of the Official school site (Typo squatting), and got the victims to use this site for their registration instead of the official school site. According to sources, he told each of his victims to use the fake site instead of the official one since the official site was unresponsive – This also points to the possibility of a Denial of Availability (CIA triad) attack also being carried out at the same time. After the victims registered, he went ahead to send them fake admission letters since he was in charge of this site. Afterward when it was time for due payments, the attacker reached out to his other contacts working at the bursary and they received payments for the victims into an unofficial account. The attacker went on to dish out fake Registration numbers to the victims and even placed them in their desired Faculties of study. THE THREAT LANDSCAPE ASSETS: The assets owned/managed by ESUT include but are not limited to

1. Official school website and connected subdomains
2. Official Payment accounts for student’s fees
3. Servers, Work laptops and other physical infrastructure/devices 
4. Network devices such as routers, Radios etc.
5. The staff and core officers

All these assets present avenues through which an attack can be carried out against the school. POSSIBLE ATTACK SCENARIOS/WHAT TO MONITOR FOR

1. URL Hijacking/ Typo squatting
2. Wire transfer fraud
3. Denial of Service attacks 
4. Insider threat/attacks 

HOW THIS CAN BE MITIGATED The best way to avoid cyber-attacks is by pro-active defensive measures taken by organizations to prevent these attacks from happening in the first place. This would be the work of Cyber Threat Intelligence Analysts and affiliated cyber-security team. In any case, here are a few ways to stay ahead of the threat. Typo-squatting: This kind of attack can be handled in the following ways a. Monitor new domain registrations. b. Trademark your domains and possibly purchase all related URLs that could be mistaken for yours c. System administrator can consider running their own DNS server along with a blacklist of incorrect and forbidden domains. d. Use an open source tool like DNS Twist to automatically scan your company's domain and determine whether there could already be a typo squatting attack in progress.

Insider Threats a. Clearly document and consistently enforce policies and controls.- An incident response policy A third-party access policy An account management policy A user monitoring policy A password management policy b. Perform enterprise-wide risk assessments. c. Establish physical security in the work environment. d. Implement security software and appliances e. Enable surveillance f. Enforce separation of duties and least privilege

DDOS attacks a. Ensure Server redundancy b. Use cloud based protection c. Limit network broadcasting d. Setup continuous monitoring e. Prepare DDOS response plan

Wire transfer fraud: a. Always verify the authenticity of each wire transfer request b. Preventing fraudsters from accessing email and other communication-based accounts to obtain critical information about a transaction.

These practices and more together with your security team in ESUT would aid greatly in preventing and intercepting cyber-attacks in the university even before they happen.

The work and importance of a CTI team cannot be overstated especially in the light of the above mentioned attack and other possible attacks.