Scribd
Upload
0 views

Chapter_2

The document outlines the cybersecurity threat landscape, detailing various threat actors such as unskilled attackers, hacktivists, organized crime, nation-state attacks, and insiders, along with their motivations and methods. It also discusses common threat vectors, the importance of threat intelligence, and the need for timely, accurate, and relevant information. Additionally, it emphasizes the significance of conducting research and utilizing information sharing centers for enhanced cybersecurity awareness and management.

Uploaded by

j.f.khouryati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0 views

Chapter_2

The document outlines the cybersecurity threat landscape, detailing various threat actors such as unskilled attackers, hacktivists, organized crime, nation-state attacks, and insiders, along with their motivations and methods. It also discusses common threat vectors, the importance of threat intelligence, and the need for timely, accurate, and relevant information. Additionally, it emphasizes the significance of conducting research and utilizing information sharing centers for enhanced cybersecurity awareness and management.

Uploaded by

j.f.khouryati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Cybersecurity Threat Landscape

Chapter 2
OBJECTIVES COVERED

Domain 2.0: Threats, Attacks, and Vulnerabilities


• 2.1. Compare and contrast common threat
actors and motivations.
• 2.2. Explain common threat vectors and attack
surfaces.
• 2.3. Explain various types of vulnerabilities.
Domain 4.0 Security Operations
• 4.3. Explain various activities associated with
vulnerability management.
EXPLORING CYBERSECURITY
THREATS
CLASSIFYING CYBERSECURITY THREATS

Level of sophistication/
Internal vs. external
capability

Characteristics that
differentiate cybersecurity
threat actors

Resources/funding Intent/motivation
THREAT ACTORS

Unskilled Attackers
• Sometimes called script kiddies, a derogatory term
for people who use hacking techniques but have
limited skills
• Script kiddies can be a real threat because simplistic
hacking tools are freely available on the Internet and
they are plentiful and unfocused in their work

Hacktivists
• People who use hacking techniques to accomplish
some activist goal.
• The motivations, skill levels, and resources of
hacktivists vary widely.
• There are some organized group of hacktivists, such
as the hacking group Anonymous
ORGANIZED CRIME

Cyber-dependent crim

Cybercrime categories
Child sexual exploitation

Payment fraud

Dark web

Terrorism

Cross-cutting crime factors


NATION STATE ATTACKS AND ADVANCED
PERSISTENT THREATS (APTS)

Attackers used advanced techniques, not


1
simply tools downloaded from the Internet
Attacks are persistent, occurring over a
2
significant period of time

Political Economic
Motivation Motivation
INSIDERS

1 Insider attacks occur when an employee,


contractor, vendor or other individual with
authorized access to information and systems
uses that access to wage an attack against the
organization.

2 Insiders’ skill levels and motivations vary


widely.

3 An insider will usually be working alone and


have limited financial resources and time;
however, he or she might have significant
access and knowledge based on the job role.
Attacker motivations
• Data exfiltration
• Espionage
• Service disruption
• Blackmail
• Financial
• Philosophical/political beliefs
• Ethical attacks
• Revenge attacks
• Disruption/chaos
• War
THREAT VECTORS

Message-based

Removable Devices

Wired and Wireless Networks

Files and Images

Cloud

Supply Chain
THREAT DATA AND
INTELLIGENCE
OPEN-SOURCE INTELLIGENCE
PROPRIETARY AND CLOSED-SOURCE
INTELLIGENCE
ASSESSING THREAT INTELLIGENCE

1. Is it timely? A feed that is operating on delay can


cause you to miss a threat, or to react after the
threat is no longer relevant.
2. Is the information accurate? Can you rely on
what it says, and how likely is it that the
assessment is valid? Does it rely on a single
source, or multiple sources? How often are those
sources correct?
3. Is the information relevant? If it describes the
wrong platform, software, or reason for the
organization to be targeted, the data may be very
timely, very accurate, and completely irrelevant
to your organization.
THREAT INDICATOR MANAGEMENT AND
EXCHANGE

STIX

TAXII OpenIOC
PUBLIC AND PRIVATE INFORMATION
SHARING CENTERS

• Information Sharing and Analysis Centers


• Specific US agencies or department partners
for each critical infrastructure area
• https://www.dhs.gov/cisa/critical-
infrastructure-sectors
• Outside the US - The UK’s Centre for Protection
of National Infrastructure
• https://www.cpni.gov.uk/
CONDUCTING YOUR OWN RESEARCH

Vendor security information websites

Vulnerability and threat feeds from vendors,


government agencies, and private organizations

Academic journals and technical publications

Professional conferences and local industry group


meetings

Social media accounts of prominent security


professionals

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy