TITLE: OPERATION CLOUD MIRAGE: A RISK AND THREAT ANALYSIS STIMULATION

ROLE: CLOUD SECURITY ANALYST( POD 16 COHORT 4)

ORGANIZATION: DIGITAL WITCH CYBER SOLUTIONS LIMITED

CLOUD PLATFORM: AMAZON WEB SERVICES(AWS)

Project Objective

• Analyze a cloud security incident impacting the AWS infrastructure of Digital Witch Cyber Solutions Ltd.
• Recognize key risks and vulnerabilities.
• Identify the suspected threat actors (APT32 or APT41).
• Propose secure access control and change management strategies
• Strengthen the overall cloud security posture of the organization

PROJECT ANALYSIS/SCENARIO

As a newly hired Cloud Security Analyst at Digital Witch Cyber Solutions Ltd, operating on AWS infrastructure, a recent incident report included sudden access denials, unauthorized access to cloud storage, and unusual outbound traffic by several departments. Additionally, a ransomware note was discovered on some virtual machines. Initial investigation reveals overly permissive IAM roles and suspicious IPs were added to firewall rules, and threat intelligence suggests the involvement of APT32 or APT41.

Part 1: Risk and Threat Analysis Identify and describe at least 3 key risks in the scenario. Classify them using Total Risk = Threat x Vulnerability x Asset Value.

Digital witch cyber solution scenario identifies the following risks in its AWS infrastructure.

A. Compromised IAM Roles: In conducting risk analysis, we discovered that overly permissive IAM roles, which allowed unauthorized access to the company’s AWS environment, were granted. As a result, attackers such as APT32 or APT41 could gain full control over cloud resources, presenting a high risk, Vulnerability due to weak access policies, and the asset value is high as it affects core infrastructure and sensitive data.