STRATEGIC PERSPECTIVE INTO THE TRADECRAFT 0F THREAT ACTORS

A STRATEGIC PERSPECTIVE INTO THE TRADECRAFT OF THREAT ACTORS Dr Ozkaya
25Oct
By Cyber Security, Forensics, Free Events , , , , , , , , , , , , 0 Comments

STRATEGIC PERSPECTIVE INTO THE TRADECRAFT OF THREAT ACTORS

Phishing and ransomware have been effective weapons for hackers. Even the most sophisticated cybersecurity measures have not been able to tackle these simple yet serious threats.

In this upcoming GISEC virtual interactive forum, powered by CyberKnight, we will be uncovering the trade secrets of cyber-attackers. A panel of technology advocates and end-user critics will be discussing the effectiveness of cyber threat intelligence in to expose the threat actors, as well as, their tactics, techniques & procedures (TTPs).

This is one of the few forums that will highlight the critical nature of CTI to Cybersecurity Leaders – don’t miss out!

Oct 27, 2020

10:00 AM Berlin

2:00 PM in Dubai

9:00 PM in Sydney

Register here -click-

Speakers :

Avinash Advani,  CyberKnight

Olesya Pavlova , CrowdStrike

Herro Zoutendijk, RiskIQ

Kevin Tongs

Bahi Hour

and 🙂

Dr. Erdal Ozkaya Standard Chartered Bank

For more evets :

https://www.erdalozkaya.com/category/free-events/

Know Your Enemy: Understanding Threat Actors

Sun Tzu wrote in his famous book, The Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

In my previous article, “Are you Aware of Your Cyber Situation,” I discussed how important it is for you to understand your business as it relates to your digital environment. This includes knowing what data you produce, how and where it is used, and where it is stored, and what devices are on your network. Understanding your internal processes, location and vulnerabilities of your essential digital resources is half the battle.

The other half is to know your enemy. Preparing to defend your organization against a known antagonist is significantly easier and more effective than trying to defend yourself against the unknown.

Threat Actors

It is important to know who means you harm, what they want, and how they plan to get it. While there are many threat actors out there today, most of them fit into the following categories.

Government Sponsored: These groups are well funded and often build sophisticated, targeted attacks. They are typically motivated by political, economic, technical, or military agendas. They are often looking for competitive information, resources or users that can be exploited for espionage purposes.

Organized Crime: Most often, these cybercriminals engage in targeted attacks driven by profits. They are typically either looking for the personally identifiable information (PII) of your customers or employees, such as social security numbers, health records, credit cards, and banking information, or to hijack and ransom critical digital resources.

Hacktivists: These attackers have a political agenda. Their goal is to either create high-profile attacks that help them distribute propaganda, or to cause damage to organizations they are opposed to. The ultimate goal is to find a way to benefit their cause or gain awareness for their issue.

Insider Threat: Attackers operating inside your organization are typically disgruntled employees or ex-employees either looking for revenge or some type of financial gain. They sometimes collaborate with other threat actors, such as organized crime or government sponsored hackers, out of a sense of loyalty, or in exchange for money or prestige.

Opportunistic: These attackers are usually amateur criminals, often referred to as script kiddies, who are driven by the desire for notoriety. Sometimes, however, they can legitimate security researchers trying to help organizations find and close security vulnerabilities, or even professional hackers (sometimes known as gray hat hackers) looking to profit from finding and exposing flaws and exploits in network systems and devices.

Internal User Error: Users making mistakes with configurations are actually the largest threat organizations face. These threat actors exist largely due to failing to design flaws out of the network, or by providing privileges to individuals who should not have them. Internal user errors have been known to bring down critical resources such as firewalls, routers, and servers, causing widespread or departmental company outages.

Of course, listing all possible threat actors isn’t enough. You need to evaluate your organization so you can determine which of these threat actors you are most likely to encounter so you can prioritize your defense and response preparations.

Types of Threat Intelligence

Once you know your potential threat actors, you need to ensure that your network is able to provide you with the intelligence you need to identify when you are under surveillance or attack by them.

Threat Intelligence (TI) is any external information about a threat that an organization can consume and integrate into its defensive decision-making process that results in something actionable, such as a new policy, configuration, or design, or leads to the selection and deployment of a new device. This intelligence can be Strategic, Tactical, or Operational.

Here is more information about each type of TI.

Strategic: This type of TI is usually provided in the form of printed or online reports that focus on threat actors, their intentions, motivations, capabilities, and their plans – now and in the future.

This information is usually used by CISOs and IT management to determine what types of additional administrative, physical, or technology controls may need to be budgeted for.

Tactical: This type of TI focuses on understanding the Tactics, Techniques, and Procedures of threat actors. It asks the question, “How are they accomplishing their cyber mission?”

Security and Network Operations teams use this intelligence to understand and prioritize vulnerabilities, establish alert escalations, and inform design considerations and configuration changes in order to design flaws and vulnerabilities out of the network itself.

Operational: This type of TI is usually consumed by a SIEM or Threat intelligence platform where it is cross-referenced with network logs and other collected data to determine if a threat actor is planning to engage your organization, or has already breached your defenses.

This sort of intelligence often includes Indicators of Compromise (IOC) that can help an organization know if they are under attack, or if they have particular vulnerabilities that they need to address. This information is usually used by an Incident Response team or forensics analysts to determine the scope of a breach, as well as for “hunting” for threat actors.

Where Do You Start?

The security resources at companies are simply not mature enough to fully leverage all types of threat intelligence. So as a first step, we recommend that companies focus on Tactical TI. This will provide some insight as to how the threat actors are accomplishing their goals, which will in turn help you focus when selecting security controls.

To further take advantage of this type of TI, organizations can use it to map the anatomy of an attack – more commonly known as the “Kill Chain,” a term coined by Lockheed Martin a few years back.

While there are many variations of these attack steps, nearly all attacks use most or all of them. Knowing how a threat actor operates, and the specific tactics they use to achieve their goals, will help your organization more effectively plan and deploy countermeasures.

Share this post

Author

Named among Top 50 Technology Leaders 2021 by CIO Online & IDC, working with an ardent passion for raising cyber awareness and leveraging new & innovative approaches. He is committed to the delivery of accurate, accessible resources to inform individuals and organizations of cybersecurity and privacy matters in the internet age. Dr Erdal is a collaborative team leader with the key areas of his expertise spanning end-to-end IT solutions, management, communications, and innovation. In addition, he is a well-known public speaker, an award-winning technical expert, a book author, and writer of certifications (courseware and exams) for prestigious organizations such as Microsoft, EC Council, and other expert-level vendors. Some of his recent awards are: 2021: Best CISO for Banking and Financial Sector CIO Online & IDC : Top 50 Technology Leaders, Security Magazine Top CISO, Tycoon Success Magazine, Most Powerful 10 Middle East Businessman EC Council CEH Hall of Fame 2020: Khaleej Times "CISO Power List" , Cybersecurity Legend by GEC Media Group, "Super Hero CISO", by Enterprise IT Top CISO by Security ME Magazine 2019: CISO Mag " Hall of Fame" and Cybersecurity Influencer of the year , Microsoft Regional Director 2018 : NATO Center of Excellence Award 2017: Microsoft Platinum Club (employee of the year ), Security Professional of the year and more...

Leave a Reply

Your email address will not be published.

Related Posts

hackers mindset
12Apr

Understanding hackers mindset in 2021

Understanding hackers mindset in 2021 There has been an accelerated growth of cybercrime over the last decade. Costs related to cybersecurity... read more

Artificial Intelligence Erdal Ozkaya
26Apr

Artificial Intelligence The Ultimate Weapon in the War

Artificial Intelligence  The Ultimate Weapon in the War against Cyber Criminals For a legion of cybersecurity experts from across the globe,... read more

Cryptolocker and Incident Response Bir Saldırının Anatomisi: Cryptolocker
16May

Cryptolocker and Incident Response – Free Webinar 3/6/21 :

Cryptolocker and Incident Response This webinar will be hosted by Turkeys biggest IT Community Cozum Park in Turkish Bir Saldırının Anatomisi:... read more

Zombies in Social Networks Erdal Ozkaya
04May

Zombies in Social Networks – watch 4 Free

Zombies in Social Networks We have arrived in a time where social networks have become an essential part of our lives.... read more

The Art of Cyber Defense by Erdal Ozkaya
14Sep

The Art of Cyber Defense – Free Video Training 7

The Art of Cyber Defense If you want to learn how to defend your infrastructure against hackers , this session may... read more

International Cyber Warfare Erdal Ozkaya
23Nov

International Cyber Warfare Conference

International Cyber Warfare Conference , proud to be awarded ! It was an honor speaking at The International Cyber Warfare Conference... read more

Best Speaker at Microsoft Digital Evolution Forum
15Nov

Best Speaker at Microsoft Digital Evolution Forum 17

Best Speaker at Microsoft Digital Evolution Forum Thank you very much for the wonderful feedback Ukraine. The two session that I have... read more

Digital Transformation Summit Dr Ozkaya
15Oct

Importance of Cybersecurity during Digital Transformation : Free Vide0 Training

Importance of Cybersecurity during Digital Transformation Here is my session from the Digital Transformation Summit : Enjoy https://youtu.be/T8S2jv_GNbk Watch it in  You Tube : https://youtu.be/T8S2jv_GNbk More... read more

System Information Discovery Erdal Ozkaya
10Sep

System Information Discovery – Free Video Tra1ning

System Information Discovery Join Dr. Carlo Tarantini, Dr Suleyman Ozarslan and myself via watching this on-demand webinar recording  which can help... read more

Siber Güvenlikte Tehdit Avcılığı Erdal Ozkaya
08May

Siber Güvenlikte Tehdit Avcılığı -Free Webinar May 2020

Siber Güvenlikte Tehdit Avcılığı (Threat Hunting) This webinar will be in Turkish ... Siber tehditlerin artması ve saldırı vektörlerinin çeşitlilik göstermesiyle birlikte,... read more