Security Project – Post-Attack Analysis and Cloud Remediation

Team Lead: Chinazor Nwode

Assistant Lead: Ifunanya Benedicta

Team: Pod 15 – DevOps Track

Project Objective:

To simulate and analyze a real world cloud-based cyberattack, identify weaknesses within an AWS environment, and implement a multi layered remediation strategy that follows modern cloud security principles such as Zero Trust, Defense in Depth, and Least Privilege.

Overview

This project showcases our ability to:

• Investigate a simulated advanced persistent threat (APT41) attack on a cloud-based system
• Identify the attack path, starting from initial access to the final ransomware stage
• Detect key weaknesses in the cloud infrastructure (e.g., exposed vulnerabilities, excessive IAM roles, scattered logging)
• Apply real world AWS security tools (like IAM Access Analyzer, MFA, GuardDuty, and Security Hub) to harden the environment

Part 1: Risk and Threat Analysis

As a Cloud Security Analyst responding to recent suspicious activity following DigitalWitch Cyber Solutions Ltd’s migration to AWS, it is essential to perform a risk-based approach to threat analysis. Below is a detailed assessment using industry-standard risk classification methodology.