BY FAVOUR IBE

Scenario:

I’m a newly hired Cloud Security Analyst at DigitalWitch Cyber Solutions Ltd, a banking service company that has recently migrated 80% of its infrastructure to the cloud (AWS).

A few weeks into the migration, several departments begin reporting:

• Sudden access denials to internal resources.
• Unauthorized cloud storage access.
• Unusual outbound traffic to unknown IPs.

At the same time, a ransomware note appears on a few virtual machines, demanding payment in Monero. Security teams also discovered that a set of previously whitelisted IPs had been added to firewall rules, and some IAM roles were overly permissive.

Initial threat intelligence suggests the involvement of APT32 or APT41 groups known for cloud espionage and ransomware deployment.

My Tasks:

I’m tasked with conducting a comprehensive analysis and response strategy. My report will include the following sections:

Part 1: Risk and Threat Analysis

1. Identify and describe at least 3 key risks in the scenario. Classify them using Total Risk = Threat x Vulnerability x Asset Value.
2. Define what the Residual Risk might be after patching and IAM tightening.
3. Explain what secondary risks could arise after implementing changes (e.g., disabling external access might block legit tools).

ANALYSIS