STRATEGIC PERSPECTIVE INTO THE TRADECRAFT 0F THREAT ACTORS

A STRATEGIC PERSPECTIVE INTO THE TRADECRAFT OF THREAT ACTORS Dr Ozkaya
25Oct
By Cyber Security, Forensics, Free Events , , , , , , , , , , , , 2 Comments

STRATEGIC PERSPECTIVE INTO THE TRADECRAFT OF THREAT ACTORS

Phishing and ransomware have been effective weapons for hackers. Even the most sophisticated cybersecurity measures have not been able to tackle these simple yet serious threats.

In this upcoming GISEC virtual interactive forum, powered by CyberKnight, we will be uncovering the trade secrets of cyber-attackers. A panel of technology advocates and end-user critics will be discussing the effectiveness of cyber threat intelligence in to expose the threat actors, as well as, their tactics, techniques & procedures (TTPs).

This is one of the few forums that will highlight the critical nature of CTI to Cybersecurity Leaders – don’t miss out!

Oct 27, 2020

10:00 AM Berlin

2:00 PM in Dubai

9:00 PM in Sydney

Register here -click-

Speakers :

Avinash Advani,  CyberKnight

Olesya Pavlova , CrowdStrike

Herro Zoutendijk, ElecticIQ

Kevin Tongs

Bahi Hour

and 🙂

Dr. Erdal Ozkaya Standard Chartered Bank

For more evets :

https://www.erdalozkaya.com/category/free-events/

Know Your Enemy: Understanding Threat Actors

Sun Tzu wrote in his famous book, The Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

In my previous article, “Are you Aware of Your Cyber Situation,” I discussed how important it is for you to understand your business as it relates to your digital environment. This includes knowing what data you produce, how and where it is used, and where it is stored, and what devices are on your network. Understanding your internal processes, location and vulnerabilities of your essential digital resources is half the battle.

The other half is to know your enemy. Preparing to defend your organization against a known antagonist is significantly easier and more effective than trying to defend yourself against the unknown.

Threat Actors

It is important to know who means you harm, what they want, and how they plan to get it. While there are many threat actors out there today, most of them fit into the following categories.

Government Sponsored: These groups are well funded and often build sophisticated, targeted attacks. They are typically motivated by political, economic, technical, or military agendas. They are often looking for competitive information, resources or users that can be exploited for espionage purposes.

Organized Crime: Most often, these cybercriminals engage in targeted attacks driven by profits. They are typically either looking for the personally identifiable information (PII) of your customers or employees, such as social security numbers, health records, credit cards, and banking information, or to hijack and ransom critical digital resources.

Hacktivists: These attackers have a political agenda. Their goal is to either create high-profile attacks that help them distribute propaganda, or to cause damage to organizations they are opposed to. The ultimate goal is to find a way to benefit their cause or gain awareness for their issue.

Insider Threat: Attackers operating inside your organization are typically disgruntled employees or ex-employees either looking for revenge or some type of financial gain. They sometimes collaborate with other threat actors, such as organized crime or government sponsored hackers, out of a sense of loyalty, or in exchange for money or prestige.

Opportunistic: These attackers are usually amateur criminals, often referred to as script kiddies, who are driven by the desire for notoriety. Sometimes, however, they can legitimate security researchers trying to help organizations find and close security vulnerabilities, or even professional hackers (sometimes known as gray hat hackers) looking to profit from finding and exposing flaws and exploits in network systems and devices.

Internal User Error: Users making mistakes with configurations are actually the largest threat organizations face. These threat actors exist largely due to failing to design flaws out of the network, or by providing privileges to individuals who should not have them. Internal user errors have been known to bring down critical resources such as firewalls, routers, and servers, causing widespread or departmental company outages.

Of course, listing all possible threat actors isn’t enough. You need to evaluate your organization so you can determine which of these threat actors you are most likely to encounter so you can prioritize your defense and response preparations.

Types of Threat Intelligence

Once you know your potential threat actors, you need to ensure that your network is able to provide you with the intelligence you need to identify when you are under surveillance or attack by them.

Threat Intelligence (TI) is any external information about a threat that an organization can consume and integrate into its defensive decision-making process that results in something actionable, such as a new policy, configuration, or design, or leads to the selection and deployment of a new device. This intelligence can be Strategic, Tactical, or Operational.

Here is more information about each type of TI.

Strategic: This type of TI is usually provided in the form of printed or online reports that focus on threat actors, their intentions, motivations, capabilities, and their plans – now and in the future.

This information is usually used by CISOs and IT management to determine what types of additional administrative, physical, or technology controls may need to be budgeted for.

Tactical: This type of TI focuses on understanding the Tactics, Techniques, and Procedures of threat actors. It asks the question, “How are they accomplishing their cyber mission?”

Security and Network Operations teams use this intelligence to understand and prioritize vulnerabilities, establish alert escalations, and inform design considerations and configuration changes in order to design flaws and vulnerabilities out of the network itself.

Operational: This type of TI is usually consumed by a SIEM or Threat intelligence platform where it is cross-referenced with network logs and other collected data to determine if a threat actor is planning to engage your organization, or has already breached your defenses.

This sort of intelligence often includes Indicators of Compromise (IOC) that can help an organization know if they are under attack, or if they have particular vulnerabilities that they need to address. This information is usually used by an Incident Response team or forensics analysts to determine the scope of a breach, as well as for “hunting” for threat actors.

Where Do You Start?

The security resources at companies are simply not mature enough to fully leverage all types of threat intelligence. So as a first step, we recommend that companies focus on Tactical TI. This will provide some insight as to how the threat actors are accomplishing their goals, which will in turn help you focus when selecting security controls.

To further take advantage of this type of TI, organizations can use it to map the anatomy of an attack – more commonly known as the “Kill Chain,” a term coined by Lockheed Martin a few years back.

While there are many variations of these attack steps, nearly all attacks use most or all of them. Knowing how a threat actor operates, and the specific tactics they use to achieve their goals, will help your organization more effectively plan and deploy countermeasures.

Share this post

Author

Named among Top 50 Technology Leaders 2021 by CIO Online & IDC, working with an ardent passion for raising cyber awareness and leveraging new & innovative approaches. He is committed to the delivery of accurate, accessible resources to inform individuals and organizations of cybersecurity and privacy matters in the internet age. Dr Erdal is a collaborative team leader with the key areas of his expertise spanning end-to-end IT solutions, management, communications, and innovation. In addition, he is a well-known public speaker, an award-winning technical expert, a book author, and writer of certifications (courseware and exams) for prestigious organizations such as Microsoft, EC Council, and other expert-level vendors. Some of his recent awards are: 2021: Best CISO for Banking and Financial Sector CIO Online & IDC : Top 50 Technology Leaders, Security Magazine Top CISO, Tycoon Success Magazine, Most Powerful 10 Middle East Businessman EC Council CEH Hall of Fame 2020: Khaleej Times "CISO Power List" , Cybersecurity Legend by GEC Media Group, "Super Hero CISO", by Enterprise IT Top CISO by Security ME Magazine 2019: CISO Mag " Hall of Fame" and Cybersecurity Influencer of the year , Microsoft Regional Director 2018 : NATO Center of Excellence Award 2017: Microsoft Platinum Club (employee of the year ), Security Professional of the year and more...

Comments (2)

  • Herro Reply

    Hi Erdal, pls correct the company mention by my name. I never worked for RiskIQ. I worked for EclecticIQ when I did this session with you.

    19/10/2022 at 15:04
    • Erdal Reply

      apologies, corrected

      25/10/2022 at 12:02

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Phishing
17Jan

How to protect yourself from phishing ? 6 Effective Tips

How to protect yourself from phishing ? A phishing attack is an attack vector that cybercriminals use it mainly for identity... read more

CISO -Cybersecurity Hero Erdal
12Dec

CISO Challenges to learn from – Watch 4 Free

CISO Challenges to learn from - Watch 4 Free Watch in you Tube  https://youtu.be/0nOpEwMyAyY  https://www.youtube.com/watch?v=0nOpEwMyAyY       (more…) read more

10Sep

HexCon21 Free to attend

HexCon21 Free to attend and listen to me :)  There is an exiting and FREE conference coming to You. HexCon 2021,... read more

14May

Cybersecurity Roadshow Algeria

Cybersecurity Roadshow Algeria This week I spend my time explaining our Oil & Gas customers the importance of Cybersecurity and how... read more

18Jul

Microsoft Turkey – Cybersecurity Webinar Recording : Watch 4 Free

This post has the links for my "Turkish Webinar which was recorded for Microsoft Turkey, therefore the post will... read more

enterprise it world mea
19Apr

UAE Banks Enhances Cyber Security Posture by Emphasizing on User Education

UAE Banks Enhances Cyber Security Posture by Emphasizing on User Education “It’s really important to educate the employees and communicate about... read more

KSA Cloud Summit Erdal Ozkaya
08Sep

KSA Cloud Summit -2020 Free Online Event

KSA Cloud Summit 2020 Cloud computing has enabled companies to continue operating seamlessly throughout an unprecedented crisis of COVID19 that could... read more

THE EVOLUTION OF CLOUD SECURITY – Dr Erdal Ozkaya
25Apr

THE EVOLUTION OF CLOUD SECURITY – THEN, NOW AND TO C0ME -Join us for free

THE EVOLUTION OF CLOUD SECURITY – THEN, NOW AND TO COME Join this teissTalk to answer some of the biggest questions... read more

01May

Speaking at TechEd North America 14

Speaking at TechEd North America I am proud to announce I will be speaking at Microsoft TechEd North America this year... read more

Colorado State University Cybersecurity Erdal
25May

Text Book at Colorado State University – ENGR 569

Text Book at Colorado State University  ENGR 569 - Cybersecurity Awareness for Systems Engineers I am extremely proud to announce that, I... read more