A one- to two-page double-spaced document. 

 In this step, you will create the Joint Network Defense Bulletin. Compile the information you have gathered, taking care to eliminate any sensitive bank-specific information. The Joint Network Defense Bulletin is an educational document for the financial services consortium. This bulletin should be addressed to the FBI chief and the FS-ISAC representative. 

JointNetworkDefenseBulletin.docx

Joint Network Defense Bulletin 2

Joint Network Defense Bulletin 2

Joint Network Defense Bulletin
Brithon Johnson
Cybersecurity, The University of Maryland University College CBR 620 7641
Professor Jay Gamble

Overview
This joint network defense bulletin is the result of coordinated efforts of the Federal Bureau of Investigation (FBI) cyber security sector engagement division and Financial Services Information Sharing and Analysis Center (FS-ISAC). Working with the U.S. financial sector the FBI and FS-ISAC identified areas of compromise associated with network intrusions occurring at various banks in the U.S. Details of the intrusions reported millions of files compromised and banks customer websites and a blockage of potential transactions worth millions of dollars. It is believed these attackers have maintained a presence on networks to further network exploitation.
Description
The specific type of attacks on the financial institutions have been described as multiple distributed denial of service attacks (DDoS), spoofing, cache poisoning, session hijacking and man in the middle attacks (MITM). The effects of these attacks resulted in the disruption of flow within the financial institutions network, website manipulation and significant system downtime. Additionally, the MITM attacks were able to manipulate software and install malware on the network. These attacks can degrade a network in many ways, so if an administrator recognizes changes in system performance within the network, it is recommended network administrators review all security logs and conduct a network traffic analysis. IF indicators of malware are discovered, take proper precautions to remove the malware. A review of the network traffic will vary as some traffic will seem malicious, whereas other traffic will be legitimate.
Mitigation Recommendations
It is recommended administrators and security teams use the following best practices to mitigate and prevent attacks to their system networks.
· Continue to monitor well-known ports such as ports 21, 25, 22, 53 and 80. If specific well-known ports can be closed without affecting operation, it is recommended to close those ports.
· Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software (CISA, 2017).
· Implement the use of honeypots, upgrade firewalls to include signatures and dynamic IP addressing
· Utilize other networking tools such as Metasploit, Snort and Nmap that aides in detecting and reporting malicious activity
Implement these additional signature rules to intrusion detection and prevention systems to detect malicious activity. These signatures should be used only for analysis and not to replace current institution signatures. Be advised, the possibility of false positives will remain.
· alert tcp any any -> any any (msg:”Malicious SSL 01 Detected”;content:”|17 03 01 00 08|”; pcre:”/x17x03x01x00x08.{4}x04x88x4dx76/”; rev:1; sid:2;) (CISA, 2017)
· alert tcp any any -> any any (msg:”Malicious SSL 02 Detected”;content:”|17 03 01 00 08|”; pcre:”/x17x03x01x00x08.{4}x06x88x4dx76/”; rev:1; sid:3;) (CISA, 2017)
Additional information and resources can be found on your local FBI website or contacting an office and speaking to a representative.
References

CISA. (2017, November 14). HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL | CISA. Us-Cert.Cisa.Gov. https://us-cert.cisa.gov/ncas/alerts/TA17-318A