Cyber Threat
Cyber Threat
Cyber Threat
INTELLIGENCE
Syllabus
Welcome
Instructor’s bio
Objectives of Threat Intelligence
What's in a name?
How do Organisations Use CTI
The role of a CTI analyst
Introduction to threat actors
Grey White and Black Hat Hackers
CIA Triad
Threat vectors
The attack surface
Solarwinds Hack
The intelligence cycle
Core of CTI
Introduction to law and ethics
Responsible Disclosures
Conclusion
End of Course Assessment
WELCOME
The purpose of this course is to provide a short introduction to some of the key
concepts you will likely come across whilst operating in the role of a cyber threat
intelligence analyst.
Instructor’s Bio
Objectives of Threat Intelligence
Threat
A threat is a statement indicating the will to cause harm to or create some other
kind of negative consequences for someone.
Threat can also mean a warning or sign that harm or trouble is coming.
What’s in a name?
Intelligence
Have a go at the following question and let's see if you were paying
attention to the lecture.
Question: In the lecture, we introduced you to the basic concept of web layers. Can
you place these layers in the correct order?
DARK
SURFACE
DEEP
How do Organisations Use CTI?
They create short-term and long-term evaluations to help security teams better
understand the threats they face and what they can do to prevent attacks and
breaches in the future.
Question: Conducts hacking activities without owner consent but usually stops short
of malicious activities.
Black Hat
White Hat
Grey Hat
Which of the following...
Black Hat
White Hat
Grey Hat
Have a look at the following question and see if you have been paying attention.
Question: Which of the following statements could be considered true when talking
about Cyber Criminals? There are two correct answers.
They are often concerned with political affairs
They are motivated by financial gain
They can operate with impunity within their country of origin
They are known to attack critical and national infrastructure
They are likely to create and disseminate malware
ADDITIONAL RESEARCH
If you are interested in learning more about black, grey and white hat hackers. Here
are a few interesting names that a simple search will return a lot of information on:
Tim Berners-Lee - Famous for inventing the World Wide Web and a member of the
white hat hacking camp.
Gary McKinnon - Gained access to over 97 military networks and left the message on
their system "your security is crap". He says he was looking for a UFO cover up.
Michael Calce (AKA MafiaBoy) - He launched a series of highly publicised DoS attacks
against some pretty large organisations.
There are many names and many stories out there for you to read about... a big part
of being a CTI Analyst is curiosity after all!
Threat Vectors
When we talk about the attack surface within the context of cyber threat
intelligence, what we mean is the sum total of all the ways a malicious actor or
hacker could potentially gain unauthorised access to a target system or
network. This includes everything from the visible interfaces like websites or
apps, to the underlying protocols and technologies that enable communication
and data exchange.
Think of it like a house - the attack surface would be all the doors, windows,
vents, and any other potential points of entry that someone could use to break
in. In the same way, the attack surface in cyber security refers to all the entry
points a hacker could use to gain access to a target's sensitive information.
So, the goal of understanding the attack surface is to identify the potential
weaknesses in a system and prioritise the most pressing threats. This
information is then used to inform and guide the development of mitigation
strategies that can help prevent successful attacks and keep the target system
and its data secure.
THE SOLARWINDS HACK
Analysis
Dissemination
Direction
Collection
Introduction to Law and Ethics
Organisations may also produce their own internal ethics and guidelines that they
expect employees to adhere to. Though there may be no legal consequences for
choosing not to follow them, ignoring them could result in the loss of employment.
Specific legal articles that you should be aware of includes
Data Protection Act 1998
Computer Misuse Act 1990
Police and Justice Act 2006
Bribery Act 2010
Regulation of Investigatory Powers Act 2000
Proceeds of Crime Act 2002
Official Secrets Act 1989
Telecommunications 2000
Human Rights Act 1998
RESPONSIBLE DISCLOSURES - AND WHY
HONESTY IS THE BEST POLICY
In 2018, Zoetop - holding company behind Shein and Romwe suffered
a data breach that saw the names, emails and hashed passwords of a
combined customer base around 46 million people, stolen. You would
think that was bad enough!
Zoetop did not adequately inform their affected customers and tried to keep the
impact of the data breach quiet, which has resulted in a fine this year to the tune
of $1.9 million dollars.
How would you feel if your personal information was stolen? Now... how would
you feel if the company that allowed your personal information to be stolen lied
about it too?
Honesty is always the best policy when it comes to these sorts of things. The
sooner a data breach is disclosed to the relevant customers and authorities, the
sooner a business can begin fixing their issues and repairing reputational
damage. According to a Kaspersky report 'How businesses can minimize the cost
of a data breach’, small and medium sized business that voluntarily disclose
breaches to their stakeholders and the public, are likely to lose 40% less
financially than their peers that saw the incident leaked to the media. A similar
trend has been found among enterprise cases too.
Conclusion
In conclusion, this Cyber Threat Intelligence (CTI) course has provided a
comprehensive understanding of the critical role CTI plays in enhancing
organizational security. Through this course, participants have gained insights into
the fundamentals of CTI, including the collection, analysis, and dissemination of
actionable intelligence.
Key takeaways include the importance of timely and relevant intelligence in
mitigating threats, the integration of CTI into security operations for proactive
defense, and the strategic value CTI brings to informed decision-making and long-
term planning. By leveraging CTI, organizations can not only respond effectively to
current threats but also anticipate and prepare for future challenges, thereby
significantly improving their overall cybersecurity posture.
We hope that the knowledge and skills acquired through this course will empower
you to implement robust CTI practices within your organizations, contributing to a
more secure and resilient digital environment. Thank you for your participation and
commitment to advancing your understanding of cyber threat intelligence.
End of Course Assessment
Q1. The paper considers that the Stuxnet worm may have been transferred to computers at the
reactor site via?
A drop box account
A successful email phishing attempt
CDs and flash memory sticks
Q2. What was the name of the project that took place to simulate computer-based attacks on a
power generator's control system?
Bushehr
Smart Grid
Aurora
Q3. How many IP addresses does the paper suggest were infected by Stuxnet?
50,000
30,000
40,000
Q4. Cyber threat intelligence has only one definition.
True
False
Q5. Which team or specialty would an organisation request help from in the event of a
breach occurring?
The board
Threat intelligence
Incident response
Penetration testing
Q18. Which Threat Actor group would typically be considered as having the most
resources at their disposal?
Insider Threats
Nation State
Hacktivists
Cyber Criminals
Q19. What would be considered a typical motivation for a Cyber Criminal?
Money
Political Affairs
Activism
LuIz
Q20. What was the name of the malware used to insert a backdoor into software
builds of the SolarWinds Orion IT management product?
Sunset
Sunspot
Sunbrust
Sunshine
Q21. Which of the following is a Common Vulnerability and Exposure (CVE) related
to the SolarWinds attack?
CVE-2020-1139
CVE-2020-10148
CVE-2020-13095
CVE-2020-1192