Commonwealth Bank Introduction to Cybersecurity

Overview

In this virtual internship, I had the opportunity to work alongside a simulated cybersecurity team tasked with protecting a bank’s customers, employees, and reputation. The focus of the program was on enhancing the bank’s resilience against growing cyber threats while maintaining the stability of its financial systems. Through hands-on tasks, I developed skills in data analysis, incident response, security awareness, and penetration testing, using industry tools like Splunk and HackThisSite. I created detailed dashboards to uncover trends in fraud data, devised strategies to respond to cyber incidents, and designed a security awareness campaign to improve password security across the organization. This internship allowed me to gain practical experience in identifying, mitigating, and responding to cyber threats in a financial context.

Objectives

The primary objective of this internship was to deepen my understanding of cybersecurity through hands-on tasks designed to simulate real-world challenges. I enhanced my ability to analyze large datasets for patterns, respond effectively to cyber incidents, and identify security vulnerabilities in web applications. I also focused on developing clear communication strategies for promoting cybersecurity awareness within an organization. This experience helped me build essential skills in data visualization, incident response, penetration testing, and security education, all of which are critical in maintaining the cybersecurity of financial institutions.

Tasks completed in this project

Task 1: Data Analysis with Splunk

As part of my virtual internship, I was tasked with analyzing and visualizing cyber data to identify trends related to financial fraud at Commonwealth Bank. With the increasing rate and complexity of fraud, my responsibility was to create effective defense strategies to help protect the bank’s customers, employees, and reputation. This involved working with a dataset prepared by the Fraud team, which contained information about customer transactions, age groups, merchants, purchase categories, and whether a transaction was fraudulent or not.

To complete this task, I used Splunk, a powerful data analysis and visualization tool, to import, explore, and represent the given dataset. The goal was to create a comprehensive dashboard to help detect patterns and trends that could indicate fraudulent activity. Visual data representation was critical as it allowed the analytics team to quickly interpret the information and make informed decisions.

Key Steps:

  • Installed and Configured Splunk
    I began by downloading and installing Splunk Enterprise. Once set up, I imported the provided dataset into Splunk and explored the data fields through the “Interesting Fields” section.

  • Data Exploration
    I examined key features such as transaction amounts, customer demographics, merchant details, and the fraud indicator. By analyzing this information, I identified potential patterns of fraudulent behavior based on factors like customer age, transaction categories, and the merchants involved.

  • Dashboard Creation
    Using Splunk’s dashboard feature, I created visualizations to uncover insights about fraudulent transactions. Some of the key charts and tables included:

    • Count by Category, Fraudulent Transactions, Age, and Merchant
    • Fraud Detected by Age, Category, Step (Month), and Gender
    • Most Fraudulent Activities by Gender and Category
    • Fraudulent Activities by Age Group and Merchant

  • Key Insights
    By analyzing the visualizations, I was able to identify which age groups and categories were more likely to be associated with fraudulent transactions, and how gender played a role in fraud patterns. This information provided actionable insights for the bank’s fraud detection efforts.

  • Exported Dashboard
    Once the dashboard was completed, I exported it as a PDF for submission, which provided a comprehensive overview of the fraud trends and allowed the team to quickly detect suspicious activities.

Here's the dashboard I created in this task

Skills Gained:

  • Hands-on experience with Splunk for data analysis and dashboard creation.
  • Developed a deep understanding of the importance of data visualization in detecting trends and anomalies.
  • Gained insights into the patterns of fraudulent activities across different customer demographics and transaction types.
  • Enhanced my ability to interpret cyber data fields and extract actionable insights to support fraud detection efforts.

Task 2: Incident Response

In this task, I was responsible for identifying, analyzing, and responding to a cyber attack within Commonwealth Bank. The scenario involved a phishing attack followed by potential malware infection, which disrupted operations. I applied best practices aligned with the NIST Cybersecurity Framework (CSF) to effectively handle the incident. This framework provided guidance across the key phases of the incident response process: Identify, Protect, Detect, Respond, and Recover. My role was to investigate the nature of the incident, take immediate steps to contain and resolve the attack, and implement recovery and prevention strategies.

Task Overview

What I learned:

  • Gained an understanding of cyber incidents and how to analyze them using incident timelines.
  • Learned about phishing attacks, malware, and the NIST Cybersecurity Framework for incident response.
  • Developed knowledge of containment, eradication, and recovery procedures using cybersecurity best practices.
  • Enhanced skills in documenting and reporting incidents, as well as conducting post-incident evaluations.

What I did:

  • Identified the type of cyber attack based on incident details.
  • Applied the NIST Cybersecurity Framework to outline steps for containment, resolution, and recovery.
  • Described post-incident activities and preventive measures to avoid similar occurrences in the future.

Incident Background

The incident began with a phishing attack targeting the bank’s employees. A fake email, purportedly from HR, asked recipients to update their timesheets via a malicious link, which led to credential theft. Several employees fell for the scam, and soon after, the IT Service Desk received multiple reports of failed access to file shares and inability to open Word documents—indicating possible malware, such as ransomware, had been deployed.

Timeline of Events:

  • 10:30 a.m. – An employee received a phishing email from what appeared to be HR, asking them to update timesheets. Upon entering their credentials, they encountered an unfamiliar error page.
  • 2:00 p.m. – Additional reports surfaced, revealing that 62 employees from the Risk Department received similar phishing emails. The emails led to credential theft and potential malware installation.
  • 3:50 p.m. – Several employees reported issues accessing file shares and opening documents, suggesting malware infection.

Task Solution

What kind of attack has happened, and why do you think so?

The attack involved phishing combined with malware. The phishing email tricked employees into providing credentials, while the subsequent inability to open files pointed to a potential ransomware infection, which often locks users out of critical data.

  • Phishing Attack: The attacker impersonated HR to steal login credentials via a fraudulent website.
  • Malware/Ransomware: The inability to open files indicated possible ransomware, a type of malware that encrypts files and demands payment for decryption.

Next steps as a cybersecurity analyst (following the NIST Cybersecurity Framework):

  • Identify: Document the incident, noting all affected systems and users. Analyze the extent of the damage and the scope of the phishing attack.
  • Protect: Immediately revoke compromised credentials and advise affected users to reset their passwords. Block malicious emails from further propagation within the network.
  • Detect: Identify and analyze the phishing email and associated malware to determine how it spread through the system.
  • Respond: Quarantine compromised systems, disable affected accounts, and remove the malware from infected machines.
  • Recover: Restore systems from clean backups and ensure that all systems are operational. Monitor the network closely for signs of lingering malware or continued phishing attempts.

Containment, resolution, and recovery:

  • Contain the attack: Isolate infected systems and revoke access to compromised accounts. Disable access to shared drives and prevent further spread of the malware.
  • Remove malware: Scan all infected systems and remove the malware. If ransomware was involved, decrypt affected files or restore from backups.
  • Recover systems: Restore data from clean backups and ensure that systems are returned to an operational state.
  • Monitor closely: Continue monitoring for any signs of unusual activities that could indicate further threats.

Post-incident activities:

  • Incident report: Create a comprehensive report detailing the incident response process, in line with NIST’s guidelines.
  • Lessons-learned meeting: Conduct a meeting to discuss what worked and what could be improved for future responses.
  • Cybersecurity awareness training: Implement a security awareness program to train employees on how to spot phishing emails and avoid similar attacks in the future.
  • Improve defenses: Strengthen the email filtering system and enforce multi-factor authentication (MFA) for all employees to prevent future phishing attacks.

The NIST Cybersecurity Framework was central to my response in this task, guiding me through the steps of incident identification, containment, and recovery. The framework’s structure ensured that the incident was handled efficiently and provided a clear pathway for post-incident improvements.

Task 3: Security Awareness Campaign

In this task, I was responsible for creating a security awareness infographic aimed at educating fellow employees on password security, based on the best practices provided by the Australian Cyber Security Centre (ACSC). The infographic served as a visual reminder of the importance of creating strong and secure passwords, using passphrases, and incorporating multi-factor authentication (MFA) to enhance security.

Task Overview

What I learned:

  • Gained an understanding of key cybersecurity principles, particularly around password creation and management.
  • Researched best practices for secure passwords as outlined by the ACSC.
  • Enhanced skills in visual communication by creating a clear, engaging, and educational infographic.

What I did:

  • Designed an easy-to-understand infographic using Canva that emphasized the importance of strong passwords and MFA.
  • Incorporated best practices from ACSC’s guidelines to ensure that employees understood the importance of secure passwords and how to manage them effectively.

Background Information

Security awareness involves understanding potential cyber threats and learning how to protect yourself and your organization from these risks. In this task, I focused on raising awareness about the importance of secure passwords, which is a crucial aspect of preventing cyber attacks like phishing, ransomware, and unauthorized access.

One effective way to engage employees is through infographics. They provide a visual and easy-to-digest format for important security information. My task was to create an infographic that highlights ACSC’s recommendations on password security, including tips on creating and managing strong passphrases.

Task Solution

To design an effective infographic, I followed these steps:

  1. Research ACSC Best Practices:

    • I reviewed the Australian Cyber Security Centre’s (ACSC) guidelines, which emphasize using passphrases instead of traditional passwords. The ACSC recommends using random, long combinations of words that are easy to remember but hard to guess.

  2. Use of Visual Design Tools:

    • I used Canva to design the infographic, ensuring that the information was presented in a clear and visually appealing way for employees to easily grasp key points.

  3. Infographic Content:

    • The infographic focused on five key areas:
      1. Longer Passphrases: Encouraged users to create passphrases that are at least 14 characters long using four or more random words (e.g., “purple duck potato boat”).
      2. Unpredictable Passphrases: Stressed the importance of using random words instead of predictable patterns found in sentences or traditional passwords.
      3. Avoid Recycling Passphrases: Advised users to use unique passphrases for different accounts to prevent unauthorized access across multiple platforms.
      4. Passphrase Creation: Explained why passphrases are both harder to guess and easier to remember, making them superior to traditional passwords.
      5. Multi-Factor Authentication (MFA): Encouraged users to enable MFA wherever possible as an added layer of protection, and provided guidance on selecting secure password managers.

  4. Visual Appeal and Simplicity:

    • I ensured the infographic was clean, minimalistic, and easy to follow. Visual icons and clear headings were used to break down the information into digestible sections for better understanding.

Here's the infographic I have designed for this task

The infographic played a key role in promoting password security among employees, ensuring they understood the need for strong, unique passphrases and the importance of MFA. By following ACSC guidelines and making security awareness accessible, I contributed to improving the overall security culture within the organization.

Task 4: Penetration Testing

In this task, I engaged in a hands-on penetration testing exercise using the HackThisSite.org platform. The task involved completing the “Basic” web challenge, consisting of 11 levels, each simulating real-world vulnerabilities in web applications. The purpose was to identify, exploit, and document these vulnerabilities, ultimately improving my penetration testing skills and understanding of web security.

Task Overview

What I learned:

  • Gained a foundational understanding of penetration testing techniques and methodologies.
  • Learned to identify and exploit various web application vulnerabilities.
  • Enhanced skills in documenting findings through a detailed penetration testing report.

What I did:

  • Created an account on HackThisSite.org and completed all 11 levels of the “Basic” web challenge.
  • Documented the vulnerabilities found and provided security recommendations in a comprehensive penetration testing report.

Background Information

Penetration testing, or “pen testing,” simulates cyberattacks on computer systems to find and address vulnerabilities before malicious actors can exploit them. This helps organizations improve their security by identifying weaknesses and evaluating the effectiveness of their defenses.

For this task, I completed the HackThisSite “Basic” Web Challenge, designed to teach users how to identify vulnerabilities in web applications. Each level introduced a new vulnerability, ranging from simple to more complex, providing a safe and legal environment to enhance my penetration testing skills. After completing the challenge, I compiled a penetration testing report outlining the vulnerabilities discovered and recommendations for securing the web application.

Task Solution

To successfully complete this task, I followed these steps:

  1. Registered on HackThisSite:

    • Created an account on HackThisSite.org and accessed the “Basic” web challenges.

  2. Completed All Levels:

    • Completed levels 1 through 11, which covered a variety of common vulnerabilities, including password storage, form field manipulation, URL parameter tampering, cookie manipulation, SQL injection, and cross-site scripting (XSS).

  3. Penetration Testing Report:

    • After identifying and exploiting the vulnerabilities in each level, I created a detailed report, which included:
      • Executive Summary: Summarized the testing engagement, key findings, and overall security posture.
      • Scope: Defined the scope of the web application tested, which was limited to the “Basic” challenges on HackThisSite.org.
      • Vulnerability Descriptions and Key Findings: Documented each vulnerability, including how it was exploited and the risks it posed to the web application.
      • Security Recommendations: Provided actionable recommendations to mitigate or eliminate the vulnerabilities found.

Here's the report I created after completing this task

Hackthissite Basic Challenge Penetration test report

Executive Summary

This report documents the findings of a penetration testing engagement focused on the basic challenges offered on HackTheSite.org (levels 1-11). The purpose of this engagement was to identify and exploit vulnerabilities within these challenges, simulating a real-world attack scenario on a basic web application. This report outlines the vulnerabilities discovered for each level, details the exploitation methods used, and provides recommendations to improve the security posture of the challenges.

Scope of Web Application Tested

The scope of this penetration test was limited to the “Basic” challenges (levels 1-11) offered on HackTheSite.org. These challenges are designed to introduce users to fundamental web application security concepts.

Vulnerability Descriptions and Key Findings

This section details the vulnerabilities identified in each HackThisSite Basic Challenge, along with the exploitation methods used and the information accessed.

Level 1:

  • Vulnerability: Password Stored in Plain Text
  • Exploitation Method: Inspected the HTML source code to reveal the password stored within a comment tag.
  • Key Finding: Sensitive information like passwords should never be stored in plain text.

Level 2:

  • Vulnerability: Hidden Form Field
  • Exploitation Method: Inspected the HTML source code to discover a hidden form field containing the password.
  • Key Finding: Sensitive information should not be hidden within form fields.

Level 3:

  • Vulnerability: URL Parameter Manipulation
  • Exploitation Method: Modified the URL parameter to bypass authentication and access the hidden content.
  • Key Finding: Validate and sanitize all user input within URLs to prevent unauthorized access.

Level 4:

  • Vulnerability: Cookie Manipulation
  • Exploitation Method: Modified the browser cookie value to gain unauthorized access.
  • Key Finding: Implement proper session management practices and utilize secure cookies with appropriate flags (HttpOnly, Secure).

Level 5:

  • Vulnerability: Source Code Leakage
  • Exploitation Method: Inspected the HTML source code to reveal comments containing sensitive information.
  • Key Finding: Securely develop applications to prevent sensitive information leaks within the source code.

Level 6 :

  • Vulnerability: Client-Side Script Injection
  • Exploitation Method: Injected malicious JavaScript code into a user input field to manipulate the application behavior and potentially steal information.
  • Key Finding: Sanitize and validate all user input to prevent script injection attacks.

Level 7:

  • Vulnerability: Broken Authentication
  • Exploitation Method: Identified weak authentication practices (e.g., predictable password patterns) to gain unauthorized access.
  • Key Finding: Implement strong password policies and enforce multi-factor authentication.

Level 8:

  • Vulnerability: Insecure Direct Object References
  • Exploitation Method: Modified a hidden parameter in the URL to access unintended information or functionalities.
  • Key Finding: Implement proper access control mechanisms to prevent unauthorized access to resources.

Level 9:

  • Vulnerability: Insecure File Upload
  • Exploitation Method: Uploaded a malicious file (e.g., containing a web shell) to gain unauthorized access to the server.
  • Key Finding: Implement robust file upload validation to prevent unauthorized script execution on the server.

Level 10:

  • Vulnerability: SQL Injection
  • Exploitation Method: Injected malicious SQL code into a user input field to manipulate the database and potentially steal sensitive information.
  • Key Finding: Sanitize all user input to prevent SQL injection attacks and utilize prepared statements.

Level 11:

  • Vulnerability: Cross-Site Scripting (XSS)
  • Exploitation Method: Injected malicious JavaScript code into a user input field to steal cookies or redirect users to malicious websites.
  • Key Finding: Implement proper input validation and output encoding to prevent XSS attacks.

Recommendations

Based on the identified vulnerabilities, the following recommendations are provided to improve the security posture of the HackThisSite Basic challenges:

  • Store passwords securely: Utilize hashing and salting techniques to store passwords securely.
  • Eliminate hidden fields: Sensitive information should not be hidden within form fields.
  • Validate and sanitize user input: Implement robust input validation and sanitization processes to prevent manipulation of URLs, cookies, and other user inputs.
  • Implement secure session management: Utilize secure cookies with appropriate flags and establish proper session management practices.
  • Securely develop applications: Review code for potential information leaks and follow secure coding practices.
  • Enforce strong authentication: Implement strong password policies and enforce multi-factor authentication.
  • Implement access control mechanisms: Restrict access to resources based on user roles and permissions.
  • Regularly patch and update systems: Keep software and libraries up-to-date to address known vulnerabilities.
  • Conduct ongoing security assessments: Perform regular penetration testing and vulnerability assessments to identify and mitigate risks.

By addressing these recommendations, the HackThisSite Basic challenges can be made more secure and provide a valuable learning experience for users without exposing them to real-world vulnerabilities.

Key Takeaways

  • Cybersecurity Generalist Role: Gained practical experience in the role of a cybersecurity generalist, with a focus on fraud detection and prevention for Commonwealth Bank.

  • Data Visualization with Splunk: Developed proficiency in building data visualization dashboards to analyze customer data and detect fraud patterns, improving data-driven decision-making.

  • Incident Response Expertise: Demonstrated the ability to respond effectively to cybersecurity incidents, from initial notification to containment and recovery, ensuring swift and effective resolutions.

  • Security Awareness & Education: Designed engaging infographics promoting secure password management practices, aligning with the Australian Cybersecurity Centre’s guidelines, to enhance security awareness.

  • Penetration Testing Skills: Acquired hands-on experience in penetration testing, identifying and exploiting web application vulnerabilities, and delivering actionable security recommendations to improve defenses.

Check out the certificate I earned for completing this project.

View Certificate
Contact