Dr. Erdal Ozkaya
Search
  • Home
  • Cybersecurity, Forensics, Free Events
  • STRATEGIC PERSPECTIVE INTO THE TRADECRAFT 0F THREAT ACTORS

STRATEGIC PERSPECTIVE INTO THE TRADECRAFT 0F THREAT ACTORS

A STRATEGIC PERSPECTIVE INTO THE TRADECRAFT OF THREAT ACTORS Dr Ozkaya
Erdal2022-10-25T12:01:59-04:00

STRATEGIC PERSPECTIVE INTO THE TRADECRAFT OF THREAT ACTORS

Phishing and ransomware have been effective weapons for hackers. Even the most sophisticated cybersecurity measures have not been able to tackle these simple yet serious threats.

In this upcoming GISEC virtual interactive forum, powered by CyberKnight, we will be uncovering the trade secrets of cyber-attackers. A panel of technology advocates and end-user critics will be discussing the effectiveness of cyber threat intelligence in to expose the threat actors, as well as, their tactics, techniques & procedures (TTPs).

This is one of the few forums that will highlight the critical nature of CTI to Cybersecurity Leaders – don’t miss out!

Oct 27, 2020

10:00 AM Berlin

2:00 PM in Dubai

9:00 PM in Sydney

Register here -click-

Speakers :

Avinash Advani,  CyberKnight

Olesya Pavlova , CrowdStrike

Herro Zoutendijk, ElecticIQ

Kevin Tongs

Bahi Hour

and 🙂

Dr. Erdal Ozkaya Standard Chartered Bank

For more evets :

Table of Contents

      • For more evets :
  • Know Your Enemy: Understanding Threat Actors
    • Threat Actors
    • Types of Threat Intelligence
    • Where Do You Start?

https://www.erdalozkaya.com/category/free-events/

Know Your Enemy: Understanding Threat Actors

Sun Tzu wrote in his famous book, The Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

In my previous article, “Are you Aware of Your Cyber Situation,” I discussed how important it is for you to understand your business as it relates to your digital environment. This includes knowing what data you produce, how and where it is used, and where it is stored, and what devices are on your network. Understanding your internal processes, location and vulnerabilities of your essential digital resources is half the battle.

The other half is to know your enemy. Preparing to defend your organization against a known antagonist is significantly easier and more effective than trying to defend yourself against the unknown.

Threat Actors

It is important to know who means you harm, what they want, and how they plan to get it. While there are many threat actors out there today, most of them fit into the following categories.

Government Sponsored: These groups are well funded and often build sophisticated, targeted attacks. They are typically motivated by political, economic, technical, or military agendas. They are often looking for competitive information, resources or users that can be exploited for espionage purposes.

Organized Crime: Most often, these cybercriminals engage in targeted attacks driven by profits. They are typically either looking for the personally identifiable information (PII) of your customers or employees, such as social security numbers, health records, credit cards, and banking information, or to hijack and ransom critical digital resources.

Hacktivists: These attackers have a political agenda. Their goal is to either create high-profile attacks that help them distribute propaganda, or to cause damage to organizations they are opposed to. The ultimate goal is to find a way to benefit their cause or gain awareness for their issue.

Insider Threat: Attackers operating inside your organization are typically disgruntled employees or ex-employees either looking for revenge or some type of financial gain. They sometimes collaborate with other threat actors, such as organized crime or government sponsored hackers, out of a sense of loyalty, or in exchange for money or prestige.

Opportunistic: These attackers are usually amateur criminals, often referred to as script kiddies, who are driven by the desire for notoriety. Sometimes, however, they can legitimate security researchers trying to help organizations find and close security vulnerabilities, or even professional hackers (sometimes known as gray hat hackers) looking to profit from finding and exposing flaws and exploits in network systems and devices.

Internal User Error: Users making mistakes with configurations are actually the largest threat organizations face. These threat actors exist largely due to failing to design flaws out of the network, or by providing privileges to individuals who should not have them. Internal user errors have been known to bring down critical resources such as firewalls, routers, and servers, causing widespread or departmental company outages.

Of course, listing all possible threat actors isn’t enough. You need to evaluate your organization so you can determine which of these threat actors you are most likely to encounter so you can prioritize your defense and response preparations.

Types of Threat Intelligence

Once you know your potential threat actors, you need to ensure that your network is able to provide you with the intelligence you need to identify when you are under surveillance or attack by them.

Threat Intelligence (TI) is any external information about a threat that an organization can consume and integrate into its defensive decision-making process that results in something actionable, such as a new policy, configuration, or design, or leads to the selection and deployment of a new device. This intelligence can be Strategic, Tactical, or Operational.

Here is more information about each type of TI.

Strategic: This type of TI is usually provided in the form of printed or online reports that focus on threat actors, their intentions, motivations, capabilities, and their plans – now and in the future.

This information is usually used by CISOs and IT management to determine what types of additional administrative, physical, or technology controls may need to be budgeted for.

Tactical: This type of TI focuses on understanding the Tactics, Techniques, and Procedures of threat actors. It asks the question, “How are they accomplishing their cyber mission?”

Security and Network Operations teams use this intelligence to understand and prioritize vulnerabilities, establish alert escalations, and inform design considerations and configuration changes in order to design flaws and vulnerabilities out of the network itself.

Operational: This type of TI is usually consumed by a SIEM or Threat intelligence platform where it is cross-referenced with network logs and other collected data to determine if a threat actor is planning to engage your organization, or has already breached your defenses.

This sort of intelligence often includes Indicators of Compromise (IOC) that can help an organization know if they are under attack, or if they have particular vulnerabilities that they need to address. This information is usually used by an Incident Response team or forensics analysts to determine the scope of a breach, as well as for “hunting” for threat actors.

Where Do You Start?

The security resources at companies are simply not mature enough to fully leverage all types of threat intelligence. So as a first step, we recommend that companies focus on Tactical TI. This will provide some insight as to how the threat actors are accomplishing their goals, which will in turn help you focus when selecting security controls.

To further take advantage of this type of TI, organizations can use it to map the anatomy of an attack – more commonly known as the “Kill Chain,” a term coined by Lockheed Martin a few years back.

While there are many variations of these attack steps, nearly all attacks use most or all of them. Knowing how a threat actor operates, and the specific tactics they use to achieve their goals, will help your organization more effectively plan and deploy countermeasures.

Comments (2)

  • Herro Reply

    Hi Erdal, pls correct the company mention by my name. I never worked for RiskIQ. I worked for EclecticIQ when I did this session with you.

    19/10/2022 at 15:04
    • Erdal Reply

      apologies, corrected

      25/10/2022 at 12:02

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *


Related Posts

Cloud Roadshow Series 2021 Egypt Edition

Cloud Roadshow Series 2021 Egypt Edition -Register for FREE

Cloud Roadshow Series 2021 Egypt Edition Get ready for a day of disruptive ideas and ground-breaking insights as we bring together... read more
Feedback

Does Apple spy on your iPhone? Feedback from Gartner / Microsoft (2019)

Does Apple spy ? I am sure most of you read by now my article "Apple and Privacy ", for the... read more
Fighting against Cybercrime Erdal Ozkaya NATO

Fight against Cybercrime :

Fight against Cybercrime : The importance of the fight Fighting against Cybercrime Erdal Ozkaya NATO Cybercrime has been on the rise the... read more
Microsoft Windows Erdal

Windows 7 Firestarter Event – Free to join

Windows 7 FirestarterEvent And Windows 7 is ready for release. Of course as a Lead Springboard Member and Microsoft Most Valuable... read more
Vulnerability Scanner Tools

Top 10 Paid and Free Vulnerability Scanner Tools 2022

Top 10 Paid and Free Vulnerability Scanner Tools 2022 There are many tools that you can use to scan your organizations... read more
Combatting cybercriminals GISEC Erdal Ozkaya

Combatting cybercriminals banking on financial vulnerabilities : GISEC Free Event 2020

Combatting cybercriminals banking on financial vulnerabilities Unprecedented 238% spike reported in cyberattacks against banks and financial institutions from February to April... read more
Datacenter and Cloud Summit Dr Erdal Ozkaya

2nd Datacenter and Cloud Summit – Free to join

2nd Datacenter and Cloud Summit Join us at the 2nd Middle East Data Center and Cloud Summit, where I will deliver... read more
Be prepared

Incident Response and Management – Free Guide 2 learn

A successful approach to incident response and management ensures that an organization is set up for success to protect their... read more

Hacking tools which you will love – Great opportunity 2 learn for Free

Hacking tools which you will love I am delivering CEH class for years, and every time I deliver the class my... read more

Cybersecurity Attack and Defense Strategies (Korean Edition) (사이버 보안 0)

Cybersecurity Attack and Defense Strategies (Korean Edition)  This is an awesome feeling, finally, our award-winning book Cybersecurity: Attack and Defense Strategies... read more

Categories

  • About Dr Erdal Ozkaya (300)
    • Awards (97)
    • Erdal in the news (121)
    • Feedback (88)
    • My Books (53)
    • Who is Dr Erdal Ozkaya ? (2)
  • Announcemets (305)
  • Artificial Intelligence AI (11)
  • Certification (52)
  • Cloud Computing (73)
  • Cybersecurity (325)
  • Cybersecurity Leadership (58)
  • Digital Transformation (2)
  • Financial Sector (31)
  • Forensics (17)
  • Free Events (166)
  • General (138)
  • How to …? (61)
  • ISO 2700x (12)
  • News (38)
  • Reviews (77)
    • Book Reviews (32)
    • Free E-Books (14)
    • Hardware Review (9)
    • Security Review / Reports (10)
    • Software Review (8)
  • Siber Güvenlik (17)
  • Video Tutorials (101)
  • What is new? (27)
  • Windows (30)

Recent Comments

  • Sabri Kızmaz on Finans Sektörü Odaklı Siber Tatbikat
  • celal bayar on Finans Sektörü Odaklı Siber Tatbikat
  • Erdal on Free EDR Certification Training
  • SANDEEP SHRIVASTAV on Free EDR Certification Training
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)

Archives

Dr. Erdal Ozkaya © Copyright 2023. All Rights Reserved.