Cyber Threat Intelligence
So what is Cyber Threat Intelligence? Well, out side of the birth of a new buzzword, it’s heart and soul purpose in life is to help organizations understand the risks of the more common and severe external threats. These threats range from zero-day threats, advanced persistent threats, and exploits. It’s important to realize what information you are using here is more than just collecting data. But a means of analyzing that data to get it into the right audience for the appropriate decision making. Some of the benefits of using threat intelligence is that it’s a proactive security measure. So you can prevent a data breach and not face the severe financial costs of cleaning up after such an incident.
Different Types of Threat Intelligence
Human intelligence (HUMINT)
The most obvious type of intelligence, which is gathered from humans using interpersonal contact (directly or indirectly). It can also happen more covertly, via espionage or observation
Open-source intelligence (OSINT)
Collects information from publicly available sources. This data includes news, social media and public reports.
Cyber intelligence (CYBINT)
The collection of data via different intelligence-collection disciplines. In a lot of cases, CYBINT will collect data from SIGINT, OSINT and ELINT.
The most obvious type of intelligence, which is gathered from humans using interpersonal contact (directly or indirectly). It can also happen more covertly, via espionage or observation
Open-source intelligence (OSINT)
Collects information from publicly available sources. This data includes news, social media and public reports.
Cyber intelligence (CYBINT)
The collection of data via different intelligence-collection disciplines. In a lot of cases, CYBINT will collect data from SIGINT, OSINT and ELINT.
Intelligence gathering and its use isn’t something revolutionary in today's world. Governments and companies around the world use common means such as Human intelligence and Open-source intelligence. Just think about water jug conversations being overheard by someone trying to gather information on what Bob in accounting is doing for pension updates or Jill in HR searching Facebook for what personnel have been doing that might look bad for the company. Sure these might be very simple examples that we might just dismiss on a day to day basis. However, collecting those types of data over time can result in interesting patterns or even threat predictions against the company or persons within.
Where as Cyber Intelligence collects from multiple intelligence-collection disciplines to broaden the scope of analysis. As an example CYBINT may collect data from a form of Signals Intelligence coupled with Open Source and covert intelligence-gathering by other electronic means. The combination of these different means can result in different findings, but ultimately the result may end in the same or similar finding.
Where as Cyber Intelligence collects from multiple intelligence-collection disciplines to broaden the scope of analysis. As an example CYBINT may collect data from a form of Signals Intelligence coupled with Open Source and covert intelligence-gathering by other electronic means. The combination of these different means can result in different findings, but ultimately the result may end in the same or similar finding.
Cyber Threat Intelligence Plan (CTIP)
A CTIP lays the groundwork for how you a Cyber Security Professional will identify the threats pertinent to your company or organization and what defense measures you can preemptively take. Ensuring that the CTIP is written for non-technical and C-Suite staff will help gather the support required to see the defense measures proposed are seen to fruition. Below are some snippets from my University of San Diego CSOL 580 course final where I was tasked with creating a CTIP for a fictitious company and made recommendations on ways to deploy defense mechanisms to mitigate the threats.
Executive Summary
An Executive Summary is an important part of any document aimed to garner support from your C-Suite management. It's important to utilize less technical verbiage while calling attention to what the focus of your CTIP is about.
Example
As our world continues to grow so do the cyber threats that affect our day-to-day operations. While we continue to expand our Internet of Things (IoT), and operational and information technology into an ever-evolving environment across public and private clouds, and on premises data centers, our security teams continually monitor and highlight notable threats, incidents and trends.
In this report, we analyze threats, threat actors and methods of delivery and share our observations on some of the more highly targeted sectors in each industry. As a Defense Contractor to the United States of America being able to identify threats before an attack is critical for our business. As such adapting emerging security postures such as threat hunting is as a critical focal area for our security teams today. Many are new to this practice and don’t know where to start. Threat hunting is in high demand as our enterprise security teams are looking to leverage expertise, analytical skills, and visibility into data activity to proactively discover advanced threats capable of evading detection by legacy security technologies like antivirus or firewalls.
We also included an independent analysis for the other nations, to understand regional results of similar threats from a global scale. For you, the reader, this may a provide a valuable look at specific threats, helping you prepare for the year ahead. As industries and other governments are implementing new and revised security policies, many organizations will continue to face an uphill battle in achieving an optimal balance between operational security and compliance initiatives. Which is why a successful Chief Information Security Officer (CISO) needs to comply with those initiatives, while having a firm grasp on what it means to remain secure and realizing security is a fundamental requirement for business today.
An Executive Summary is an important part of any document aimed to garner support from your C-Suite management. It's important to utilize less technical verbiage while calling attention to what the focus of your CTIP is about.
Example
As our world continues to grow so do the cyber threats that affect our day-to-day operations. While we continue to expand our Internet of Things (IoT), and operational and information technology into an ever-evolving environment across public and private clouds, and on premises data centers, our security teams continually monitor and highlight notable threats, incidents and trends.
In this report, we analyze threats, threat actors and methods of delivery and share our observations on some of the more highly targeted sectors in each industry. As a Defense Contractor to the United States of America being able to identify threats before an attack is critical for our business. As such adapting emerging security postures such as threat hunting is as a critical focal area for our security teams today. Many are new to this practice and don’t know where to start. Threat hunting is in high demand as our enterprise security teams are looking to leverage expertise, analytical skills, and visibility into data activity to proactively discover advanced threats capable of evading detection by legacy security technologies like antivirus or firewalls.
We also included an independent analysis for the other nations, to understand regional results of similar threats from a global scale. For you, the reader, this may a provide a valuable look at specific threats, helping you prepare for the year ahead. As industries and other governments are implementing new and revised security policies, many organizations will continue to face an uphill battle in achieving an optimal balance between operational security and compliance initiatives. Which is why a successful Chief Information Security Officer (CISO) needs to comply with those initiatives, while having a firm grasp on what it means to remain secure and realizing security is a fundamental requirement for business today.
Calling attention to the threats
Making sure you are letting your C-Suite management know exactly what threats you as a security professional are presenting to them can be challenging. Especially when trying to avoid diving into the weeds of the technicalities of those threats. To better convey the message it helps by using Intelligence gathered through your corporate communities and incorporate any visual aids that help the reader quickly asses the key points your CTIP is covering.
Example
As industries and other governments are implementing new and revised security policies, many organizations will continue to face an uphill battle in achieving an optimal balance between operational security and compliance initiatives. Which is why a successful chief information security officer (CISO) needs to comply with those initiatives, while having a firm grasp on what it means to remain secure and realizing security is a fundamental requirement for business today.
As shown in the report there is compelling research that will illustrate how ransomware and other endpoint attacks are still on the rise, and systems directly exposed to the internet remain prime targets for cyber threats. As an organization, to address this we must include best use of the information and intelligence sources that are available to us in order to help organize and prioritize these threats in an effective manner. We must work to increase opportunities for our organization to mitigate threats before they result in a significant impact. Additionally, our organizations should apply a fair balance of endpoint and network-based controls, as well as ensure incident response capabilities are suited to handle a wide range of scenarios. Along with these proactive controls, we should continue to monitor network and host activity, to address threats traversing our environments.
The intention is that this report will enable you to adjust your strategic vision, improve your own daily security practices, and help you with data points and citations in your business conversations. All organizations have different risk thresholds, and although the recommendations included in this report apply to many, it is best to refer to our own risk profile and implement defensive measures as appropriate.
Making sure you are letting your C-Suite management know exactly what threats you as a security professional are presenting to them can be challenging. Especially when trying to avoid diving into the weeds of the technicalities of those threats. To better convey the message it helps by using Intelligence gathered through your corporate communities and incorporate any visual aids that help the reader quickly asses the key points your CTIP is covering.
Example
As industries and other governments are implementing new and revised security policies, many organizations will continue to face an uphill battle in achieving an optimal balance between operational security and compliance initiatives. Which is why a successful chief information security officer (CISO) needs to comply with those initiatives, while having a firm grasp on what it means to remain secure and realizing security is a fundamental requirement for business today.
As shown in the report there is compelling research that will illustrate how ransomware and other endpoint attacks are still on the rise, and systems directly exposed to the internet remain prime targets for cyber threats. As an organization, to address this we must include best use of the information and intelligence sources that are available to us in order to help organize and prioritize these threats in an effective manner. We must work to increase opportunities for our organization to mitigate threats before they result in a significant impact. Additionally, our organizations should apply a fair balance of endpoint and network-based controls, as well as ensure incident response capabilities are suited to handle a wide range of scenarios. Along with these proactive controls, we should continue to monitor network and host activity, to address threats traversing our environments.
The intention is that this report will enable you to adjust your strategic vision, improve your own daily security practices, and help you with data points and citations in your business conversations. All organizations have different risk thresholds, and although the recommendations included in this report apply to many, it is best to refer to our own risk profile and implement defensive measures as appropriate.
Threat Findings
This section is where you can incorporate data points to help re-enforce the recommendations for mitigation's later on. Even if you're entire infrastructure is in an air-gaped network, letting your C-Suite management know where else in the world these threats occur can assist in their decision making on approving your plan.
Example
With advancements in predictive and behavioral analytics, we will be able to spot insider threats in real time. By analyzing massive amounts of digital information, to include IoT devices and public and private clouds, and a multitude of global interconnected network systems simultaneously and in real time would allow for us to visualize insights to thwart cyber-attacks before they occur. There are efficiency benefits from a threat hunting platform for security analysts to use as well.
Industry Sectors
• Technology sector increased about 25 percent. This helped make technology the only sector to rank in the top five attacked industries for all regions, while ranking second globally for volume of attacks, at 19 percent
• Business and professional services sector is on the top five globally attacked industry sectors
• Finance has become the most attacked sector, with 26 percent of all attacks
Malware Types
• Spyware/key loggers ranked first in volume of malware, at 26 percent. Regional differences were significant, with spyware/key loggers at 39 percent of malware in the Americas but only three percent in Europe, Middle East, and Asia (EMEA)
• Trojans/droppers ranked second globally at 25 percent
• Globally, virus/worms were the third most common form of malware at 23 percent
• Ransomware volume was up 350 percent, rising from less than one percent of global malware in 2016, to nearly seven percent. But in EMEA, ransomware was the leading malware type at 29 percent, focusing mainly on gaming, business and professional services, and health care industry sectors.
• Ransomware-related incident response engagements dropped from 22 percent in 2016 to five percent in 2017.
• Globally, 75 percent of ransomware detected was Locky (45 percent) or WannaCry (30 percent).
Attack Source Countries
• The United States ranked as the first or second most common attack source in all five regions.
• China ranked first as an attack source country only for EMEA, and second or third for the remaining regions.
• The Netherlands ranked among the top five attack source countries in four regions, missing the EMEA region by less than a quarter percent.
• Top attack sources were often located in the same region as their victims, except that the Russian Federation was ranked fourth in the Americas, Romania was ranked fourth in APAC, and Ukraine was ranked fourth in Japan.
United States Findings
• Finance sector attacks increased to 43 percent of attacks in the Americas, up from 15 percent in 2016.
• Finance faced 59 percent of phishing attacks in the Americas. Over three quarters of phishing campaign attachments were malicious Microsoft Word documents.
• Increased attacks against technology raised that sector to 27 percent of attacks in the Americas, up from the 11 percent observed in 2016.
• The finance and technology sectors together accounted for 70 percent of all attacks against targets in the Americas
• Manufacturing attacks dropped from 23 percent to five percent of attacks.
• Activity from two source countries – the United States and China – accounted for 62 percent of attacks in the Americas. In the finance sector, 70 percent of attacks came from the United States.
With advancements in predictive and behavioral analytics, we will be able to spot insider threats in real time. By analyzing massive amounts of digital information, to include IoT devices and public and private clouds, and a multitude of global interconnected network systems simultaneously and in real time would allow for us to visualize insights to thwart cyber-attacks before they occur. There are efficiency benefits from a threat hunting platform for security analysts to use as well.
When we think about our IT infrastructure it is fair to say that the perimeter has left the premises. With our growing attack surface new challenges arise our need to reduce our cyber exposure becomes more precedent. This brings us to adapting micro-segmentation in our infrastructures. As we are able to deploy a server or container in a matter of 60 seconds and removed even faster. It enables fine-grained security policies to be assigned to data center applications, down to the workload level and security models to be deployed deep inside a data center using a virtualized, software-only approach.
This section is where you can incorporate data points to help re-enforce the recommendations for mitigation's later on. Even if you're entire infrastructure is in an air-gaped network, letting your C-Suite management know where else in the world these threats occur can assist in their decision making on approving your plan.
Example
With advancements in predictive and behavioral analytics, we will be able to spot insider threats in real time. By analyzing massive amounts of digital information, to include IoT devices and public and private clouds, and a multitude of global interconnected network systems simultaneously and in real time would allow for us to visualize insights to thwart cyber-attacks before they occur. There are efficiency benefits from a threat hunting platform for security analysts to use as well.
Industry Sectors
• Technology sector increased about 25 percent. This helped make technology the only sector to rank in the top five attacked industries for all regions, while ranking second globally for volume of attacks, at 19 percent
• Business and professional services sector is on the top five globally attacked industry sectors
• Finance has become the most attacked sector, with 26 percent of all attacks
Malware Types
• Spyware/key loggers ranked first in volume of malware, at 26 percent. Regional differences were significant, with spyware/key loggers at 39 percent of malware in the Americas but only three percent in Europe, Middle East, and Asia (EMEA)
• Trojans/droppers ranked second globally at 25 percent
• Globally, virus/worms were the third most common form of malware at 23 percent
• Ransomware volume was up 350 percent, rising from less than one percent of global malware in 2016, to nearly seven percent. But in EMEA, ransomware was the leading malware type at 29 percent, focusing mainly on gaming, business and professional services, and health care industry sectors.
• Ransomware-related incident response engagements dropped from 22 percent in 2016 to five percent in 2017.
• Globally, 75 percent of ransomware detected was Locky (45 percent) or WannaCry (30 percent).
Attack Source Countries
• The United States ranked as the first or second most common attack source in all five regions.
• China ranked first as an attack source country only for EMEA, and second or third for the remaining regions.
• The Netherlands ranked among the top five attack source countries in four regions, missing the EMEA region by less than a quarter percent.
• Top attack sources were often located in the same region as their victims, except that the Russian Federation was ranked fourth in the Americas, Romania was ranked fourth in APAC, and Ukraine was ranked fourth in Japan.
United States Findings
• Finance sector attacks increased to 43 percent of attacks in the Americas, up from 15 percent in 2016.
• Finance faced 59 percent of phishing attacks in the Americas. Over three quarters of phishing campaign attachments were malicious Microsoft Word documents.
• Increased attacks against technology raised that sector to 27 percent of attacks in the Americas, up from the 11 percent observed in 2016.
• The finance and technology sectors together accounted for 70 percent of all attacks against targets in the Americas
• Manufacturing attacks dropped from 23 percent to five percent of attacks.
• Activity from two source countries – the United States and China – accounted for 62 percent of attacks in the Americas. In the finance sector, 70 percent of attacks came from the United States.
With advancements in predictive and behavioral analytics, we will be able to spot insider threats in real time. By analyzing massive amounts of digital information, to include IoT devices and public and private clouds, and a multitude of global interconnected network systems simultaneously and in real time would allow for us to visualize insights to thwart cyber-attacks before they occur. There are efficiency benefits from a threat hunting platform for security analysts to use as well.
When we think about our IT infrastructure it is fair to say that the perimeter has left the premises. With our growing attack surface new challenges arise our need to reduce our cyber exposure becomes more precedent. This brings us to adapting micro-segmentation in our infrastructures. As we are able to deploy a server or container in a matter of 60 seconds and removed even faster. It enables fine-grained security policies to be assigned to data center applications, down to the workload level and security models to be deployed deep inside a data center using a virtualized, software-only approach.
Defense Measures
Clearly calling out the optional defense measures will assist C-Suite Management in making a well informed decision based on your proposed solution.
Example
Cyber Kill Chain
Concept from Lockheed Martin in which its method is derived from the military’s kill chain. The theory that by understanding each of these stages, defenders can better identify and stop attacks at each of the stages.
Intrusion Detection Systems (IDS)
IDS systems are sometimes used to detect ransomware command-and-control communications to alert when a ransomware system calls out to a control server. This detection usually happens after ransomware has gained a foothold. File integrity monitoring can also serve as an indicator of a ransomware attack, as policies can be used to detect and alert on unusually high numbers of file changes.
Micro-segmentation
Micro-segmentation is typically done in software, which makes it easier to define fine-grained segments. And with micro-segmentation, IT can work to centralize network segmentation policy and reduce the number of firewall rules needed.
Quantum Cryptography Key Distribution (QKD)
While QKD would not mitigate the common security flaws in web applications, neither would it mitigate any other software flaws inherent in mobile devices or elsewhere. This means that all existing encryption techniques we use over the Internet are now insecure if we move to quantum computing. Enter homomorphic encryption (encryption you can compute on while preserving the structure of the data and encrypted). Can store in the cloud fully encrypted.
Clearly calling out the optional defense measures will assist C-Suite Management in making a well informed decision based on your proposed solution.
Example
Cyber Kill Chain
Concept from Lockheed Martin in which its method is derived from the military’s kill chain. The theory that by understanding each of these stages, defenders can better identify and stop attacks at each of the stages.
Intrusion Detection Systems (IDS)
IDS systems are sometimes used to detect ransomware command-and-control communications to alert when a ransomware system calls out to a control server. This detection usually happens after ransomware has gained a foothold. File integrity monitoring can also serve as an indicator of a ransomware attack, as policies can be used to detect and alert on unusually high numbers of file changes.
Micro-segmentation
Micro-segmentation is typically done in software, which makes it easier to define fine-grained segments. And with micro-segmentation, IT can work to centralize network segmentation policy and reduce the number of firewall rules needed.
Quantum Cryptography Key Distribution (QKD)
While QKD would not mitigate the common security flaws in web applications, neither would it mitigate any other software flaws inherent in mobile devices or elsewhere. This means that all existing encryption techniques we use over the Internet are now insecure if we move to quantum computing. Enter homomorphic encryption (encryption you can compute on while preserving the structure of the data and encrypted). Can store in the cloud fully encrypted.
Mitigation
This is where you provide a summary of what threats are to be mitigated and how you plan to achieve this. My snippet from the CSOL 580 final is specific to mitigation of Ransomware.
Example
Mitigation of ransomware
The security tools and practices proposed in this mitigation fall into four overarching steps – Predict, Prevent, Detect, and Respond.
Predict
Utilize threat intelligence gathering by multiple methods such as Human intelligence (HUMINT), Open-source intelligence (OSINT), and Cyber intelligence (CYBINT). Integrate our own threat feeds with other data sources to include third-party, public, and government channels. Analyze the data to better understand the current strains of ransomware and how to spot possible attacks. As ransomware authors are always innovating to stay one step ahead of our security controls, we must also innovate ways to prevent attacks.
Prevent
Once a system gets infected with ransomware, just paying the ransom is no guarantee that we’d get the data recovered. So, we make it a policy to back up. Having a robust back up strategy will help us recover the majority, if not all files affected. As part of the policy, it is important to not just have real time backups, but offline and offsite backups as well. Any backups that would be available over the network are vulnerable to the same ransomware attacks. These backups must also be verified and restorable. Outside of this, its key to know the differences in the difference between the types as well. Such as full backups, incremental, and differential. All of which should be thoroughly tested as well as best practice.
Another avenue in prevention is having a well-planned and thought out security awareness training. This allows us to reduce the chance of our organization falling victim to an attack and ensure our end users will follow proper security best practices.
Detect
As mentioned in the above defense options, common detection methods such as an anti-virus, IDS, and proper sand-boxing are important controls to help detect known attacks. For any unknown or new attacks, we would require an anomaly-based detection or machine learning appliances in our networks to help with catching ransomware in the early initial phases of an attack. Also, utilizing advanced analytics of our log to correlate attacks along with use of kill-chain methods can help keep information security teams apprised. This allows them to detect ransomware that would be moving laterally within our network, but would often be invisible to more traditional defenses.
That said, this shows how time consuming detecting all ransomware types can be. As such, we find it more cost effective and efficient to outsource this responsibility to an appropriate security vendor who has the global resources and expertise to constantly monitor the network around the clock, and apply and update to systems as needed.
Respond
Our organization will, at some point, suffer a breach so its important that incident response planning is embedded into our organization and must also be a key element of our business continuity planning.
The incident response plan should include components that define the incident response team(s), define our communications process, define the criteria to declare when an incident has started, document the incident, how to proceed with containment, the removal and restoration process, and lastly recovery.
This is where you provide a summary of what threats are to be mitigated and how you plan to achieve this. My snippet from the CSOL 580 final is specific to mitigation of Ransomware.
Example
Mitigation of ransomware
The security tools and practices proposed in this mitigation fall into four overarching steps – Predict, Prevent, Detect, and Respond.
Predict
Utilize threat intelligence gathering by multiple methods such as Human intelligence (HUMINT), Open-source intelligence (OSINT), and Cyber intelligence (CYBINT). Integrate our own threat feeds with other data sources to include third-party, public, and government channels. Analyze the data to better understand the current strains of ransomware and how to spot possible attacks. As ransomware authors are always innovating to stay one step ahead of our security controls, we must also innovate ways to prevent attacks.
Prevent
Once a system gets infected with ransomware, just paying the ransom is no guarantee that we’d get the data recovered. So, we make it a policy to back up. Having a robust back up strategy will help us recover the majority, if not all files affected. As part of the policy, it is important to not just have real time backups, but offline and offsite backups as well. Any backups that would be available over the network are vulnerable to the same ransomware attacks. These backups must also be verified and restorable. Outside of this, its key to know the differences in the difference between the types as well. Such as full backups, incremental, and differential. All of which should be thoroughly tested as well as best practice.
Another avenue in prevention is having a well-planned and thought out security awareness training. This allows us to reduce the chance of our organization falling victim to an attack and ensure our end users will follow proper security best practices.
Detect
As mentioned in the above defense options, common detection methods such as an anti-virus, IDS, and proper sand-boxing are important controls to help detect known attacks. For any unknown or new attacks, we would require an anomaly-based detection or machine learning appliances in our networks to help with catching ransomware in the early initial phases of an attack. Also, utilizing advanced analytics of our log to correlate attacks along with use of kill-chain methods can help keep information security teams apprised. This allows them to detect ransomware that would be moving laterally within our network, but would often be invisible to more traditional defenses.
That said, this shows how time consuming detecting all ransomware types can be. As such, we find it more cost effective and efficient to outsource this responsibility to an appropriate security vendor who has the global resources and expertise to constantly monitor the network around the clock, and apply and update to systems as needed.
Respond
Our organization will, at some point, suffer a breach so its important that incident response planning is embedded into our organization and must also be a key element of our business continuity planning.
The incident response plan should include components that define the incident response team(s), define our communications process, define the criteria to declare when an incident has started, document the incident, how to proceed with containment, the removal and restoration process, and lastly recovery.
Closing
Wrap-up the plan with a solid closing to your C-Suite management by quickly summarizing the intention of the CTIP and why they should support it.
Example
Cyber threats such as ransomware are not going away anytime soon as predictions indicate, new variations of emerging malware from attackers that are both knowledgeable and skilled in current threat prevention methodologies. As these attacks show no favoritism in just one industry, it isn’t just a problem we face alone. Attackers will continue to be successful in these endeavors as they increase their understanding of which organizations and individuals are likely to pay ransoms. This is even more prevalent today as we have vast anonymous network and payment services. Our best line of defense is to know an attack can and will happen to us at some point. As soon as we accept this, we can move on in taking every necessary precaution to mitigate the risk it presents
Wrap-up the plan with a solid closing to your C-Suite management by quickly summarizing the intention of the CTIP and why they should support it.
Example
Cyber threats such as ransomware are not going away anytime soon as predictions indicate, new variations of emerging malware from attackers that are both knowledgeable and skilled in current threat prevention methodologies. As these attacks show no favoritism in just one industry, it isn’t just a problem we face alone. Attackers will continue to be successful in these endeavors as they increase their understanding of which organizations and individuals are likely to pay ransoms. This is even more prevalent today as we have vast anonymous network and payment services. Our best line of defense is to know an attack can and will happen to us at some point. As soon as we accept this, we can move on in taking every necessary precaution to mitigate the risk it presents
The full report I created for the course can be found in the link below.
CSOL 580 Reflections
As continued Cyber Threats showing zero sign of decreasing, having a well defined CTIP is critical for a business to have. Throughout the CSOL 580 course I was able to become better informed on not only what true Threat Intelligence meant, but why it is so important. Being able to understand how to gather raw data on emerging or existing threats then compile those into an effective, reportable summary for C-Suite management is extremely valuable in my professional career. The course also required students to create a mock presentation to speak to and upload the recorded presentation to a video hosting site. This allowed for a practical example on how to present this information effectively to a management team.
Cyber threats such as ransomware are not going away anytime soon as predictions indicate, new variations of emerging malware from attackers that are both knowledgeable and skilled in current threat prevention methodologies. As these attacks show no favoritism in just one industry, it isn’t just a problem we face alone. Attackers will continue to be successful in these endeavors as they increase their understanding of which organizations and individuals are likely to pay ransoms. This is even more prevalent today as we have vast anonymous networks and payment services. Our best line of defense is to know an attack can and will happen to us at some point. As soon as we accept this, we can move on in taking every necessary precaution to mitigate the risk it presents.
Cyber threats such as ransomware are not going away anytime soon as predictions indicate, new variations of emerging malware from attackers that are both knowledgeable and skilled in current threat prevention methodologies. As these attacks show no favoritism in just one industry, it isn’t just a problem we face alone. Attackers will continue to be successful in these endeavors as they increase their understanding of which organizations and individuals are likely to pay ransoms. This is even more prevalent today as we have vast anonymous networks and payment services. Our best line of defense is to know an attack can and will happen to us at some point. As soon as we accept this, we can move on in taking every necessary precaution to mitigate the risk it presents.
Cyber Threat Intelligence References
NTT (2018) Global Threat Intelligence report
The Building Blocks of Threat Hunting: Understanding Cyber Threats and the Threat Life-cycle
Northrop Grumman (2010) Defense in Depth Fan
What Is Cyber Threat Intelligence, and Why Do You Need It?
What Are the Different Types of Cyber-threat Intelligence?
What is Cyber Threat Intelligence?