Getty
Researchers this week disclosed a serious new cybersecurity threat that could affect nearly every PC device, including those made and sold by industry leaders. And what simple mistake puts your PC at risk from this new threat? Just pushing its “on” button. The new threat, dubbed LogoFAIL, seems much more insidious than familiar cybersecurity problems that come from clicking on a link in a questionable email, or downloading unapproved software onto your company PC……Story continues…
Source: Inc
.
Critics:
The process of developing cyber threat intelligence is a circular and continuous process, known as the intelligence cycle, which is composed of five phases,carried out by intelligence teams to provide to leadership relevant and convenient intelligence to reduce danger and uncertainty.The five phases are: 1) planning and direction; 2) collection; 3) processing; 4) analysis; 5) dissemination.
In planning and directing, the customer of the intelligence product requests intelligence on a specific topic or objective. Then, once directed by the client, the second phase begins, collection, which involves accessing the raw information that will be required to produce the finished intelligence product. Since information is not intelligence, it must be transformed and therefore must go through the processing and analysis phases:
In the processing (or pre-analytical phase) the raw information is filtered and prepared for analysis through a series of techniques (decryption, language translation, data reduction, etc.); In the analysis phase, organized information is transformed into intelligence. Finally, the dissemination phase, in which the newly selected threat intelligence is sent to the various users for their use.
There are three overarching, but not categorical – classes of cyber threat intelligence: 1) tactical; 2) operational; 3) strategic. These classes are fundamental to building a comprehensive threat assessment.
Tactical: Typically used to help identify threat actors. Indicators of compromise (such as IP addresses, Internet domains or hashes) are used and the analysis of tactics, techniques and procedures (TTP) used by cybercriminals is beginning to be deepened. Insights generated at the tactical level will help security teams predict upcoming attacks and identify them at the earliest possible stages.
Operational: This is the most technical level of threat intelligence. It shares hard and specific details about attacks, motivation, threat actor capabilities, and individual campaigns. Insights provided by threat intelligence experts at this level include the nature, intent, and timing of emerging threats.
This type of information is more difficult to obtain and is most often collected through deep, obscure web forums that internal teams cannot access. Security and attack response teams are the ones that use this type of operational intelligence.
Strategic: Usually tailored to non-technical audiences, intelligence on general risks associated with cyberthreats. The goal is to deliver, in the form of white papers and reports, a detailed analysis of current and projected future risks to the business, as well as the potential consequences of threats to help leaders prioritize their responses.
Cyber threats involve the use of computers, storage devices, software networks and cloud-based repositories. Prior to, during or after a cyber attack technical information about the information and operational technology, devices, network and computers between the attacker(s) and the victim(s) can be collected, stored and analyzed.
However, identifying the person(s) behind an attack, their motivations, or the ultimate sponsor of the attack, – termed attribution is sometimes difficult. Recent efforts in threat intelligence emphasize understanding adversary TTPs. A number of recent cyber threat intelligence analytical reports have been released by public and private sector organizations which attribute cyber attacks.
This includes Mandiant’s APT1 and APT28 reports, US CERT’s APT29 report, and Symantec’s Dragonfly, Waterbug Group and Seedworm reports. In 2015 U.S. government legislation in the form of the Cybersecurity Information Sharing Act encouraged the sharing of CTI indicators between government and private organizations. This act required the U.S. federal government to facilitate and promote four CTI objectives:
Sharing of “classified and declassified cyber threat indicators in possession of the federal government with private entities, nonfederal government agencies, or state, tribal, or local governments”;
Sharing of “unclassified indicators with the public”;
Sharing of “information with entities under cybersecurity threats to prevent or mitigate adverse effects”;
Sharing of “cybersecurity best practices with attention to the challenges faced by small businesses.
In 2016, the U.S. government agency National Institute of Standards and Technology (NIST) issued a publication (NIST SP 800-150) which further outlined the necessity for Cyber Threat Information Sharing as well as a framework for implementation.
Leave a Reply