7. Find the potential cyberattack groups that target the oil sectors in middle east (from MITRE ATT&CK)? 8. What techniques and tools they used? Select one attack group and list 5 different techniques they used, describe each one and list tools they used for each technique. 9. If you are a part of the cybersecurity team (from MITRE ATT&CK) a. What do you suggest to mitigate the impact of such cyberattacks? b. How can you detect such cyberattacks? Answer questions 7, 8 and 9 in a table (see an example next page) Example Mitigation Detection (Question 9a) Disable the SSH daemon on systems that do not require it. Attack group Attack Attack Technique Tools (software) the Technique ID Description used (Question 7) (Question 8) (Question 8) (Question 8) Adversaries may Putty to access use Valid compromised Accounts to log systems into remote machines using Group name T1021,004 Secure Shell 1 (SSH). The adversary may then perform actions as the logged-on user. Require multi-factor authentication for SSH connections wherever possible. (Question 9b) Use of SSH may be legitimate depending on the environment and how it's used. Other factors, such as acce patterns and activity that occurs after a remote login, may indicate suspicious or malicious behavior with SSH Limit which user accounts are allowed to login via SSH Monitor for user accounts logged into systems they would not normally access or access patterns to multiple systems over a relatively short period of time. T... T... T. Group name 2