Chapter 2 cyber security threat landscape

cyber security threats 

1. Internal vs external 

2. Level of sophistication/capability 

3. Resources/funding 

4. intent/ motivation 

1. White-hat Hackers

2. Black-hat hackers

3. Gray-hat Hackers

1. authorized, seeking to discover security vulnerabilities  

2. unauthorized, those with malicious intent 

3. unauthorized, those who fall in between but inform target of vulnerabilities  

Threat actors (6 different types)

1. Script kiddies

2. Hacktivists

3. Criminal syndicates 

4. Advanced persistent Threats (ATPs)

5. Insiders

6. Competitors

Zero Day attacks

conduct their own security vulnerability research that is not known to other attackers or teams, store this info for later use  

shadow IT

seek out their own tech solutions that is not approved by the organization  

what is a Threat Vector?

Means used by threat actors to gain access

6 examples of Threat vectors

1. Email and social media- most commonly exploited 

2. Direct Access- through network of physically entering facilities  

3. Wireless Networks 

4. Removable media- USB drives to spread malware to launch attack 

5. Cloud 

6. Third-party risk-interfere with an organizations IT supply chain (when device is in transit) 

Threat data and intelligence

activities and resources for CS professionals seeking to learn about changes in threat environment 

Predictive analysis

to identify likely risks to the organization 

Open-source intelligence (OSINT)

gather intelligence from publicly available sources to commercial services  

Closed source/Proprietary intelligence

inside based info gathering, research and use of custom tools (threat feed) 

Threat maps

provide a geographic view of threat intelligence 

Vulnerability databases

insight into the types of exploits that can be used against an organization 

Assessing Threat intelligence 

1. Is the information timely? 

2. Is it accurate? 

3. Is it relevant? 

confidence score

summarizing the threat intelligence assessment data 

Threat indicator management and exchange 

structured Threat information eXpression (STIX)- XML language originally sponsored by the US department of homeland security. Current version: STIX 2.0 

Public and Private Information Sharing Centers 

ISAC’s) help infrastructure owners and operators share treat info and provide tools and assistance to their members 

Script kiddies

those who use hacking techniques but have limited skills 

Hacktivists

use of a variety of techniques, skills and resources to achieve a goal

Criminal Syndicates

appear where money is to be made

Advanced persistent Threats (ATPs)

focused on foreign gov or corporations, patient, well funded

insider threat actor

employee, contractor or vendor

Competitor threat actor

use stolen information for the use in its own business advantages