𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Cyber Threat Intelligence

✍ Scribed by Martin Lee

Publisher
Wiley
Year
2023
Tongue
English
Leaves
307
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

CYBER THREAT INTELLIGENCE

β€œMartin takes a thorough and focused approach to the processes that rule threat intelligence, but he doesn’t just cover gathering, processing and distributing intelligence. He explains why you should care who is trying to hack you, and what you can do about it when you know.”
―Simon Edwards, Security Testing Expert, CEO SE Labs Ltd., Chair AMTSO

Effective introduction to cyber threat intelligence, supplemented with detailed case studies and after action reports of intelligence on real attacks

Cyber Threat Intelligence introduces the history, terminology, and techniques to be applied within cyber security, offering an overview of the current state of cyberattacks and stimulating readers to consider their own issues from a threat intelligence point of view. The author takes a systematic, system-agnostic, and holistic view to generating, collecting, and applying threat intelligence.

The text covers the threat environment, malicious attacks, collecting, generating, and applying intelligence and attribution, as well as legal and ethical considerations. It ensures readers know what to look out for when considering a potential cyber attack and imparts how to prevent attacks early on, explaining how threat actors can exploit a system’s vulnerabilities. It also includes analysis of large scale attacks such as WannaCry, NotPetya, Solar Winds, VPNFilter, and the Target breach, looking at the real intelligence that was available before and after the attack.

Topics covered in Cyber Threat Intelligence include:

  • The constant change of the threat environment as capabilities, intent, opportunities, and defenses change and evolve
  • Different business models of threat actors, and how these dictate the choice of victims and the nature of their attacks
  • Planning and executing a threat intelligence programme to improve an organistation’s cyber security posture
  • Techniques for attributing attacks and holding perpetrators to account for their actions

Cyber Threat Intelligence describes the intelligence techniques and models used in cyber threat intelligence. It provides a survey of ideas, views and concepts, rather than offering a hands-on practical guide. It is intended for anyone who wishes to learn more about the domain, particularly if they wish to develop a career in intelligence, and as a reference for those already working in the area.

✦ Table of Contents

Cover
Title Page
Copyright Page
Contents
Preface
About the Author
Abbreviations
Endorsements for Martin Lee’s Book
Chapter 1 Introduction
1.1 Definitions
1.1.1 Intelligence
1.1.2 Cyber Threat
1.1.3 Cyber Threat Intelligence
1.2 History of Threat Intelligence
1.2.1 Antiquity
1.2.2 Ancient Rome
1.2.3 Medieval and Renaissance Age
1.2.4 Industrial Age
1.2.5 World War I
1.2.6 World War II
1.2.7 Post War Intelligence
1.2.8 Cyber Threat Intelligence
1.2.9 Emergence of Private Sector Intelligence Sharing
1.3 Utility of Threat Intelligence
1.3.1 Developing Cyber Threat Intelligence
Summary
References
Chapter 2 Threat Environment
2.1 Threat
2.1.1 Threat Classification
2.2 Risk and Vulnerability
2.2.1 Human Vulnerabilities
2.2.1.1 Example – Business Email Compromise
2.2.2 Configuration Vulnerabilities
2.2.2.1 Example – Misconfiguration of Cloud Storage
2.2.3 Software Vulnerabilities
2.2.3.1 Example – Log4j Vulnerabilities
2.3 Threat Actors
2.3.1 Example – Operation Payback
2.3.2 Example – Stuxnet
2.3.3 Tracking Threat Actors
2.4 TTPs – Tactics, Techniques, and Procedures
2.5 Victimology
2.5.1 Diamond Model
2.6 Threat Landscape
2.6.1 Example – Ransomware
2.7 Attack Vectors, Vulnerabilities, and Exploits
2.7.1 Email Attack Vectors
2.7.2 Web-Based Attacks
2.7.3 Network Service Attacks
2.7.4 Supply Chain Attacks
2.8 The Kill Chain
2.9 Untargeted versus Targeted Attacks
2.10 Persistence
2.11 Thinking Like a Threat Actor
Summary
References
Chapter 3 Applying Intelligence
3.1 Planning Intelligence Gathering
3.1.1 The Intelligence Programme
3.1.2 Principles of Intelligence
3.1.3 Intelligence Metrics
3.2 The Intelligence Cycle
3.2.1 Planning, Requirements, and Direction
3.2.2 Collection
3.2.3 Analysis and Processing
3.2.4 Production
3.2.5 Dissemination
3.2.6 Review
3.3 Situational Awareness
3.3.1 Example – 2013 Target Breach
3.4 Goal Oriented Security and Threat Modelling
3.5 Strategic, Operational, and Tactical Intelligence
3.5.1 Strategic Intelligence
3.5.1.1 Example – Lazarus Group
3.5.2 Operational Intelligence
3.5.2.1 Example – SamSam
3.5.3 Tactical Intelligence
3.5.3.1 Example – WannaCry
3.5.4 Sources of Intelligence Reports
3.5.4.1 Example – Shamoon
3.6 Incident Preparedness and Response
3.6.1 Preparation and Practice
Summary
References
Chapter 4 Collecting Intelligence
4.1 Hierarchy of Evidence
4.1.1 Example – Smoking Tobacco Risk
4.2 Understanding Intelligence
4.2.1 Expressing Credibility
4.2.2 Expressing Confidence
4.2.3 Understanding Errors
4.2.3.1 Example – the WannaCry Email
4.2.3.2 Example – the Olympic Destroyer False Flags
4.3 Third Party Intelligence Reports
4.3.1 Tactical and Operational Reports
4.3.1.1 Example – Heartbleed
4.3.2 Strategic Threat Reports
4.4 Internal Incident Reports
4.5 Root Cause Analysis
4.6 Active Intelligence Gathering
4.6.1 Example – the Nightingale Floor
4.6.2 Example – the Macron Leaks
Summary
References
Chapter 5 Generating Intelligence
5.1 The Intelligence Cycle in Practice
5.1.1 See it, Sense it, Share it, Use it
5.1.2 F3EAD Cycle
5.1.3 D3A Process
5.1.4 Applying the Intelligence Cycle
5.1.4.1 Planning and Requirements
5.1.4.2 Collection, Analysis, and Processing
5.1.4.3 Production and Dissemination
5.1.4.4 Feedback and Improvement
5.1.4.5 The Intelligence Cycle in Reverse
5.2 Sources of Data
5.3 Searching Data
5.4 Threat Hunting
5.4.1 Models of Threat Hunting
5.4.2 Analysing Data
5.4.3 Entity Behaviour Analytics
5.5 Transforming Data into Intelligence
5.5.1 Structured Geospatial Analytical Method
5.5.2 Analysis of Competing Hypotheses
5.5.3 Poor Practices
5.6 Sharing Intelligence
5.6.1 Machine Readable Intelligence
5.7 Measuring the Effectiveness of Generated Intelligence
Summary
References
Chapter 6 Attribution
6.1 Holding Perpetrators to Account
6.1.1 Punishment
6.1.2 Legal Frameworks
6.1.3 Cyber Crime Legislation
6.1.4 International Law
6.1.5 Crime and Punishment
6.2 Standards of Proof
6.2.1 Forensic Evidence
6.3 Mechanisms of Attribution
6.3.1 Attack Attributes
6.3.1.1 Attacker TTPs
6.3.1.2 Example – HAFNIUM
6.3.1.3 Attacker Infrastructure
6.3.1.4 Victimology
6.3.1.5 Malicious Code
6.3.2 Asserting Attribution
6.4 Anti-Attribution Techniques
6.4.1 Infrastructure
6.4.2 Malicious Tools
6.4.3 False Attribution
6.4.4 Chains of Attribution
6.5 Third Party Attribution
6.6 Using Attribution
Summary
References
Chapter 7 Professionalism
7.1 Notions of Professionalism
7.1.1 Professional Ethics
7.2 Developing a New Profession
7.2.1 Professional Education
7.2.2 Professional Behaviour and Ethics
7.2.2.1 Professionalism in Medicine
7.2.2.2 Professionalism in Accountancy
7.2.2.3 Professionalism in Engineering
7.2.3 Certifications and Codes of Ethics
7.3 Behaving Ethically
7.3.1 The Five Philosophical Approaches
7.3.2 The Josephson Model
7.3.3 PMI Ethical Decision Making Framework
7.4 Legal and Ethical Environment
7.4.1 Planning
7.4.1.1 Responsible Vulnerability Disclosure
7.4.1.2 Vulnerability Hoarding
7.4.2 Collection, Analysis, and Processing
7.4.2.1 PRISM Programme
7.4.2.2 Open and Closed Doors
7.4.3 Dissemination
7.4.3.1 Doxxing
7.5 Managing the Unexpected
7.6 Continuous Improvement
Summary
References
Chapter 8 Future Threats and Conclusion
8.1 Emerging Technologies
8.1.1 Smart Buildings
8.1.1.1 Software Errors
8.1.1.2 Example – Maroochy Shire Incident
8.1.2 Health Care
8.1.2.1 Example – Conti Attack Against Irish Health Sector
8.1.3 Transport Systems
8.2 Emerging Attacks
8.2.1 Threat Actor Evolutions
8.2.1.1 Criminal Threat Actors
8.2.1.2 Nation State Threat Actors
8.2.1.3 Other Threat Actors
8.3 Emerging Workforce
8.3.1 Job Roles and Skills
8.3.2 Diversity in Hiring
8.3.3 Growing the Profession
8.4 Conclusion
References
Chapter 9 Case Studies
9.1 Target Compromise 2013
9.1.1 Background
9.1.2 The Attack
9.2 WannaCry 2017
9.2.1 Background
9.2.1.1 Guardians of Peace
9.2.1.2 The Shadow Brokers
9.2.1.3 Threat Landscape – Worms and Ransomware
9.2.2 The Attack
9.2.2.1 Prelude
9.2.2.2 Malware
9.3 NotPetya 2017
9.3.1 Background
9.3.2 The Attack
9.3.2.1 Distribution
9.3.2.2 Payload
9.3.2.3 Spread and Consequences
9.4 VPNFilter 2018
9.4.1 Background
9.4.2 The Attack
9.5 SUNBURST and SUNSPOT 2020
9.5.1 Background
9.5.2 The Attack
9.6 Macron Leaks 2017
9.6.1 Background
9.6.2 The Attack
References
Index
EULA

πŸ“œ SIMILAR VOLUMES

Cyber Threat Intelligence
πŸ“ Cyber Threat Intelligence
✍ Ali Dehghantanha, Mauro Conti, Tooska Dargahi πŸ“‚ Library πŸ“… 2018 πŸ› Springer International Publishing 🌐 English

<p><p>This book provides readers with up-to-date research of emerging cyber threats and defensive mechanisms, which are timely and essential. It covers cyber threat intelligence concepts against a range of threat actors and threat tools (i.e. ransomware) in cutting-edge technologies, i.e., Internet

Cyber Threat Intelligence
πŸ“ Cyber Threat Intelligence
✍ Martin Lee πŸ“‚ Library πŸ“… 2023 πŸ› Wiley 🌐 English

<span>CYBER THREAT INTELLIGENCE</span><p><span>"Martin takes a thorough and focused approach to the processes that rule threat intelligence, but he doesn't just cover gathering, processing and distributing intelligence. He explains why you should care who is trying to hack you, and what you can do a

Cyber Threat Intelligence
πŸ“ Cyber Threat Intelligence
✍ Martin Lee πŸ“‚ Library πŸ“… 2023 πŸ› Wiley 🌐 English

<span>CYBER THREAT INTELLIGENCE</span><p><span>"Martin takes a thorough and focused approach to the processes that rule threat intelligence, but he doesn't just cover gathering, processing and distributing intelligence. He explains why you should care who is trying to hack you, and what you can do a

Cyber Threat Intelligence
πŸ“ Cyber Threat Intelligence
✍ Martin Lee πŸ“‚ Library πŸ“… 2023 πŸ› Wiley 🌐 English

<b>Effective introduction to cyber threat intelligence, supplemented with detailed case studies and after action reports of intelligence on real attacks</b> <i>Cyber Threat Intelligence</i> introduces the history, terminology, and techniques to be applied within cyber security, offering an overview