Recap of Advanced Cyber Threat Intelligence Paradigms & Countermeasures – NCAM Oct(10) 2023
1️⃣ CyberAI and its impact ?
What types of AI are poised for the most growth in 2021 , 2022 and 2023 ?
Why are self-service and predictive analytics growing so much?
How are companies using AI, and specifically virtual assistants, functionally?
Which AI platforms and analytics tools are companies using the most?
What kind of success metrics are they seeing, in areas such as revenue increase, cost decrease, and customer ratings?
2️⃣ Cybersec in Fintech
Despite pouring billions of dollars into security, financial institutions continue to be the number one target of cybercriminals.
The digital transformation undertaken by this industry is contributing to this challenge as it has opened new doors for attackers, making customer data management and protection increasingly difficult.
The huge amount of financial transactions generated by retail organisations poses an attractive target for threat adversaries. While the predominant threat to the retail industry has traditionally been from criminal adversaries leveraging malware designed to compromise Point-of-Sale (PoS) terminals, there has been a marked increase in major ransomware attacks affecting retailers.
3️⃣ Cyber Threat Intelligenc -Brief Analysis
True threat intelligence involves collaboration with peers in industry, cross industry, with law enforcement and with regulatory bodies. It is understood that to call it “intelligence,” TI has to be a public/private community effort. TI also has to be a human/machine community effort.
Fundamentally, organizations must be able to leverage their cyber security to protect everything. From firewalls and devices (whether at the edge or on-site), to data stored in the cloud and the configurations done to process it, policy management is ultimately the glue bonding this together.
Cyber security of the average global corporate enterprise has exponentially improved in recent years. In recent months unprecedented disruption along with unique and innovative threats have been unleashed. As identity has become the new perimeter, organizations have an acute need to further mature Identity & Access Management now.
Threat Intel reports are constantly being released which document the novel techniques and custom tooling that support real world operations. However, despite access to this information, the industry still lacks many of the fundamentals required to emulate nation state threats, opting instead for “off the shelf” tooling and click-once solutions.
Many Security and IT professionals continue to face the challenge of allowing access to employees while ensuring proactive security measures are in place.
The front lines of real-world attacks move faster than defenses can keep up. Public exploits, proof of concepts, defensive bypasses, attack methodologies, and “tricks of the trade” are readily available. To match, sophisticated adversaries are constantly building custom code, integrating public research, and researching 0-day techniques for their operations.
The evolution of the ability to think, operate, and develop tools just like sophisticated, real-world attackers is being observed. This includes the research of defensive bypasses, implementation of public research, and modification of toolkits to accomplish operational goals.
Many Malware Dev initiatives focus on the goals, challenges, architecture, and operations of advanced persistent threat (APT) tooling. Such initiatives dive deep into source code to gain a strong understanding of execution vectors, payload generation, automation, staging, command and control, and exfiltration. They also provide hands-on experience with black hat techniques currently used by hackers to bypass NIDS and HIPS systems, layer 7 web proxies, “next-gen” antivirus, and DLP solutions.
4️⃣ IT security management is critical for operational success — regardless of industry, market or vertical.
For managed security service providers (MSSPs), these expanding attack surfaces and evolving threat vectors represent significant opportunity: If they can provide agile, adaptive security provisioning to manage cloud, big data and mobile needs on-demand, they can capture consumer interest and boost customer conversion.
Threat actors continue to find new ways to use the technologies most integral to businesses – mobile devices, computers, servers, websites, wifi, and email – as entry points to breach networks for malicious purposes.
Remediation-based, orchestrated, automated and customized threat intelligence must be the goal. Most organizations have a few steps to go before reaching that goal. Cyber Security executives have realized that raw data is not intelligence. The discipline is not called Threat Raw Data, it’s called Threat Intelligence. Global corporate enterprise cyber security executives must move past a collective present ‘feed-based’ mindset. To ensure the cyber security community achieves this end-goal
Like APT groups, sophisticated cybercriminals gather as much information about their target before executing the actual attack. Key strategies need to be evolved to implement inorder to protect the SOC team members from social engineering attacks.
No one is immune to cyberattacks; organizations of all types and sizes continue to fall victim to cyberattacks despite all installed security solutions. The new threat landscape has forced organizations to invest in cyber defense, and having a SOC capability has become an essential countermeasure to respond to current and emerging threats.
Social engineering (SE) attacks, especially phishing email, remain the top threat that faces organizations. According to data, 95% of all attacks targeting enterprise networks are caused by spear phishing, and 30% of phishing emails are opened by targeted users, while 12% of these users click on a malicious URL within the email body. Suppose adversaries succeeded in convincing a key SOC member to give enterprise credentials through social engineering tricks. In that case, a security hole can open in the target organization’s defense wall, leading to penetrating its security solutions and possibly leading to a data breach.
Cyber adversaries are exploiting acute vulnerabilities accelerating attacks and introducing increasingly damaging tactics, techniques and procedures. Recently heard about Agnostic Cyber Threat Intelligence – Understanding the totality of your Threat Intel feeds.
As data becomes ever more important for decision making and battlefield control, securing and protecting it is a top priority for the Department of Defense. Technologically advanced competitors are pushing the limits of data security, forcing new strategies, tactics and technology to ensure data can be trusted to be accurate, unadulterated and protected from manipulation or deletion.
The U.S. Department of Defense (DoD) offers one potential profit pathway — according to MxD, the DoD is now spending more than $300 billion each year on contracts. There’s a caveat, however: DoD directive 8140 (formerly DoDD 8570) requires that any contractor satisfy specific training and certification provisions to ensure sensitive data remains secure.
The result? There’s opportunity for MSSPs under the umbrella of DoD — so long as staff have the right qualifications.
5️⃣ The Red Teamers
Red teaming, the practice of simulating a real-time cyber security attack, is often shrouded in secrecy and allure. While the secrecy and allure may have grown beyond the practice in reality, its benefits are very real. Still, red team culture can often be looked at with an air of skepticism and suspicion.
Despite the large investment many companies have made in detective controls, it’s still pretty for motivated Red Teams to take over an entire cyber network during a penetration test or red team engagement, and never trigger a single response ticket. Naturally this has generated some concern at the CISO level as to whether or not a real breach would be detected.
Testing the effectiveness of detective and preventative controls can be a challenge. However, the process can be a lot easier if common attack workflows are understood, and broken into manageable pieces.
Different techniques of ethical hackers are often used and the steps needed to reduce cyber risk through penetration testing, like
- Scoping strategies
- Incorporating vulnerability scans
- Post-test remediation measures 6️⃣ High Profile Breaches and Zero Trust Counter Measure.
In our increasingly cloud-first world, the idea of a trusted internal network zone and an untrusted external one is now outdated. The truth is, today’s cyberthreats often get past perimeter defenses undetected, so you can no longer trust data traffic no matter where it originates.
That’s where Zero Trust architectures come in. Zero Trust approaches are becoming an urgent priority for enterprise and government organizations alike.
Bird’s eye view –
The security trends fueling the adoption of Zero Trust architectures.
The critical role that DNS security plays in successful implementations.
The key elements you need to have in place and next steps to move forward.
Recent high-profile breaches have involved privileged user and service account compromises throughout a network, and 80% of breaches involve credentials and identity. The bottom line is that anyone can get hacked and have a persistent privileged user lurking somewhere on their network.
With a Zero Trust solution, you can add security to your identity store without having your users spend minutes every day authenticating into their basic systems — and a frictionless Zero Trust solution can also reduce security complexity, save money, and reduce time to identify and remediate breaches.
80% of breaches involve credentials. Any identity can be compromised to launch large scale, persistent attacks on enterprises. With the increase in digital transformation, enterprises are looking to implement and fine-tune the Zero Trust security strategy to prevent sophisticated cyber-attacks.
With the increase in digital transformation, enterprises are looking to implement and fine-tune the Zero Trust security strategy to prevent sophisticated cyber-attacks.
The importance of having an effective PAM strategy to tackle prominent challenges like insider threats, how to balance security and operational efficiency, and more.
➤ Getting PAM fundamentals like Zero Trust, the principle of least privilege (PoLP), and just-in-time (JIT) security models right.
➤ Today advanced analytics and forensic audits are important for all privileged access.
On the Job 24X7 – 365 days – Cybersecurity managers, architects and professionals tasked with keeping data safe even as their networks become increasingly borderless.
7️⃣ Secure Access Tools and MFA.
Secure access tools can only be effective if the business remains enabled. Users can only be as effective as the access they are granted allows.
Multi factor authentication’ of secure access technology should include not only architectural interoperability but interoperability with your human resources.
The Access Brokers play a pivotal role in eCrime ecosystem. Ransomware Actors are rapidly adopting Data Extortion methods. Highly anticipated updates on top cyber threats and adversaries by Global Cyber Intel Think Tank , reveals observed trends in attackers’ ever-evolving tactics, techniques and procedures and offers practical recommendations to protect your organization
The Sevens of MFA and ZTNA.
1.Examining everything through a risk management lens.
2.Auditing the end-to-end awareness program and doing more than rolling out the same thing again.
3.Unpacking desired behaviors and heat maps to gain more insight.
4.Expediting different yet active learning with nuanced targeted audiences.
5.Perfecting the art of the nudge.
6.Discovering the relationship between Secure Access technologies and Secure Access mindsets.
7.Realizing that Zero Trust technologies only work with Users’ Full Trust of the security operation.
8️⃣ Cloud Security
More companies are using the cloud — as noted by CIO, 96 percent of organizations now use some type of public, private, or hybrid cloud service to help streamline operations and boost IT impact.
As a result, the cloud market is diversifying, with frontrunner Amazon now challenged by up-and-coming cloud providers, including Google, Microsoft, and IBM. Smaller and more specific offerings have also emerged as companies look to tackle top-priority issues, including access management, information security, and big data analysis.
The cloud subjects the enterprise to new and different vulnerabilities. But it also presents the organization with new tools to secure the company via innovative means. And regarding insider threats, the cloud provides multiple layers of insight from which cyber security executives can glean and adapt according.
For IT professionals, this evolving technology landscape means a commensurate uptick in the number and types of cloud certifications available. While virtually all have value in the right circumstance, technology staff making the jump to cloud career tracks are best served by finding the best fit for current and future endeavors.
Cloud security architectural design decisions affect the ability of security vendors to provide a performant, scalable, and reliable platform.
About 48% of contact centers are using cloud platforms, whether multi-tenant CCaaS or single-server hosted and managed. And nearly half of those using cloud contact center say the implementation was better than expected. At the same time, 22% of those who have moved to the cloud say they prefer on-premises—and 7% of those changing architectures by 2022 are moving back to on premises.
Internal reflections on Cloud Network Adoption.
- If you’re platform is on-premises, is it time to move to the cloud?
- How can you leverage the cloud without moving the entire platform?
- How does CPaaS fit into the CX architecture decision? 9️⃣ Cybersecurity Automation.
While automation might happen with the click of a button, the quality of the data going in will determine the quality of the data coming out. But that’s just the data. The talent needed to work with the data going in and coming out- along with the continual tweaking of the automation tool itself must be in-house. So while one of the promises of automation is to reduce cost, adding automation-focused talent is necessary in order to gain true threat intelligence for the enterprise.
In moving past the feed-based mindset, the context of the evidence-based data being offered must be known. Sharing insights within the community is of paramount importance. The assessment of the insights coming out of that data can become proven organizational knowledge. That knowledge needs to be orchestrated so that action-based response and ultimately remediation can occur.
Cyber Threat Advanced Intelligence platforms like Google Chronicle are transforming petabyte-scale data into visual attack stories: MalOps (malicious operations). With built-in response capabilities and predictive AI, you can achieve 10x the security results without 10x the work. The result: prevent ransomware, find and end attacks across your full environment, and predict where attackers will strike next.
Advanced analytics and machine learning are powering threat intelligence, and enabling threat researchers to:
1.Conduct qualified and detailed threat assessments that can help keep a business secure.
2.Detect malicious anomalies in internet traffic and catch cyber security threats before they seriously impact cyber network.
3.Gaining total visibility of the attack surface and better determining what is needed to do to prevent future cyberattacks
4.Utilisation of the ATT&CK knowledge base in the security strategy.
🔟 DNS over TLS (DoT) and DNS over HTTPS (DoH)
Cyber attackers love targeting the Domain Name System (DNS) because of its pervasive nature and because security teams often overlook DNS as a line of defence.
Overlooking DNS as part of your organisation’s security posture is a mistake.
DOT and DOH have become increasingly newsworthy as some leading technology companies, including computer software and web browser developers, are now enabling these new protocols by default. Historically, communications between DNS clients and servers rarely are encrypted, leaving users vulnerable to spoofing, interception, and other attack types.
DoT and DoH were created to solve these issues, but there’s a catch. While DoT and DoH help improve DNS privacy, they can also cause significant changes to how browsers, applications and some operating systems function. This allows users to sidestep your traditional DNS controls – increasing exposure to risks and hampering enterprise visibility. Even worse: it’s probably happening on your network. Right now.
1️⃣1️⃣ Advanced enterprise approach by the security operation
It can be expedited by a Business Information Security Officer. And through expediting an advanced enterprise approach, that BISO can turn security into a bottom-line contributing operation. Aligning Privacy and IT Risk to Combat Cyber Threats is happening globally. Identify technology and processing methods to update data in real-time to categorize data elements across risk and control inventories for multi-dimensional risk reporting; Privacy-focused data minimization can help you decrease your overall attack surface; Engage your line of business stakeholders to guide and collaborate with risk managers to remediate risk at the source.
1️⃣2️⃣ Achieving Cyber Resilience – Connecting Dots beyond Cybersecurity.
Cyber security of the average global corporate enterprise has exponentially improved in recent years. In recent times unprecedented disruption along with unique and innovative threats have been unleashed. As identity has become the new perimeter, organizations have an acute need to further mature Identity & Access Management now.
When it comes to operational security, a holistic risk-based approach allows teams to break down every level of the business to provide first-class security for the organisation.
The evolution of essential, core pillars of an effective approach to security – Telemetry Science consolidated through XDR and SIEM. Analysts say XDR and SIEM are on a collision course. The cloud-native CTI platforms today enables a proactive, complete detection and response program. You’ll own your entire attack surface. Experience less noise, more signal with embedded threat intelligence, and automated response.
1️⃣3️⃣ Fortify your DSS
SQL stands for Structured Query Language and is used to store, manipulate, and retrieve databases. The SQL language can perform actions such as executing queries, retrieving data, inserting and deleting records, and so much more. Database system software such as MySQL, SQL Server, MS Access, Oracle, Sybase, Informix, and Postgres utilize SQL to store data for web sites. If an attacker can exploit a web sites SQL database, they will gain a plethora of information. This information can range from email addresses and phone numbers to passwords and social security numbers.
Now that we know what SQL is, what is SQL Injection? A SQL Injection (SQLI) is a vulnerability that gives an attacker the ability to view or alter data they couldn’t typically interact with.
Quick Look up –
data exfiltration and infiltration
- malware infiltration
- malware detection
- ecosystem integrations for streamlining operations
- Cyberthreat investigation and intelligence.
1️⃣4️⃣ Phishing is the number one type of cyber crime that remains a continuous threat because cybercriminals are always changing their phishing tactics.
Getting a phishing email does not mean you have to fall for it. There are ways to protect your workplace from phishing.
Managing Phishing through automated cyber counter measures –
1.Monitors top human attack vectors (Phishing, Passwords, Sensitive data handling, Physical security, Flexible working, Devices handling)
2.Identifyvulnerable departments and roles.
3.Provides actionable insights to identify vulnerabilities and inform strategy.
What makes such solutions unique?
Employees are assessed in a friendly and interactive environment that doesn’t set them up for failure (unlike phishing simulations). Instant feedback provides guidance and a chance to learn.
1️⃣5️⃣ Cybersecurity Industry and Critical Shortage of Skilled Professionals.
The cybersecurity industry is facing a critical shortage of skilled professionals, with a global demand for 3.4 million experts far exceeding the available supply. This shortage poses significant risks to organizations, as 60 percent of businesses are vulnerable to cyber breaches due to the lack of cybersecurity talent, and 74 percent of breaches involve a human element. Misconfigured systems, slow patches, poor risk assessment, and rushed deployments also contribute to the challenges. Additionally, high turnover rates and burnout among cybersecurity professionals impact long-term security strategies. Despite these challenges, emerging technologies such as generative artificial intelligence, quantum computing, automation, and blockchain offer potential solutions to support the strained cybersecurity workforce.
1️⃣6️⃣
CyberAI Analysis.
https://1powercyber.substack.com/p/advanced-cyber-threat-intelligence
https://1powercyber.substack.com/p/global-cyber-intelligence-research
https://1powercyber.substack.com/p/cyber-threat-intelligence-reflections
Global Cyber Defense Threat Intelligence Observations.
https://1powercyber.substack.com/p/cyberais-impact-on-cybersecurity
https://1powercyber.substack.com/p/the-evolving-cyber-landscape
Global Cyber Intelligence – Consecrated
CyberAI – Inter Continental Strategic Imperative.
https://1powercyber.blogspot.com/2023/06/ai-for-cybersecurity-and-cybersecurity.html?m=1
NATO – Strategic Competition in Cyberspace
Google Cloud Security Conference 2023
NATO Locked Shields
https://1powercyber.substack.com/p/nato-locked-shields-2022?utm_source=pocket_mylist
UNIDIR Cyber Stability Conference
Blog for work in progress updates on R&A
https://easytech4all.net/author/easytechonline/
White House National Cybersecurity Strategy
Countering Ransomware with Department of Homeland Security , Cybersecurity and infrastructure Security Agency , Federal Bureau of Investigation , SecretService Criminal Investigation Department
Cyber Essentials by Cybersecurity and Infrastructure Security Agency and Department of Homeland Security.
Ransomware Attackers Defenders – FBI’s perspective
US Cyberspace Solarium Commission
UK Cybersecurity Association with Digital Police Center.
Fourth Annual Cybersecurity Summit by Cybersecurity and Infrastructure Security Agency .
Challenges faced by Government and international LAW Enforcement
Intelligence and National Security Alliance (INSA) 2022 UPDATE
What is Advanced Cyber Threat Intelligence ?
Google Cloud Security Summit with Chris Inglis (National Cyber Director , Executive office of the US President)
https://1powercyber.substack.com/p/google-cloud-security-summit-with
CyberKinetic and 5G
Cyberattacks and Critical Infrastructure (Reading & Resources)
Space Threats and Satellite Navigation Systems
https://1powercyber.substack.com/p/space-threats-satellite-navigation?utm_source=pocket_mylist
Comsec Protocols and Paradigms
https://1powercyber.substack.com/p/comsec-protocols-and-paradigms?utm_source=pocket_mylist
Mapping Global CTI Landscape and Visual Trends
International Cyber Threat Intelligence Brainstorms
Safe and Secure Digital Ecosystem for Schools by US Department of Homeland Security and Department of Justice
Advanced Cyber Threat Intelligence Landscape and Updates via Digital Magazine by 1PowerCyber for Easytech4all.net
@NATO @nato.military @NATONews @usarmy @DeptofDefense @INSAEvents @ISSAIntl @NationalSecurityAgencyGov @unitednations
Global Cyber Defence Intelligence | Strategic Communications - CyberSpace AI | OS Hardening | Adv Integrated Modular Battlefield Management System | Research & Analysis 