reflection

profiletamerrabee3
sy0-601-02v1.0.pptx

Explaining Threat Actors and Threat Intelligence

Lesson 2

1

Explain Threat Actor Types and Attack Vectors

Topic 2A

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

2

2

1.5 Explain different threat actors, vectors and intelligence sources

Syllabus Objectives Covered

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

3

Vulnerability, Threat, and Risk

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

4

Attributes of Threat Actors

Known threats versus adversary behaviors

Internal/external

Intent/motivation

Maliciously targeted versus opportunistic

Accidental/unintentional

Level of sophistication

Resources/funding

Adversary capability levels

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

5

Hackers, Script Kiddies, and Hacktivists

The “Lone Hacker”

White hats versus black hats versus gray hats

Authorized versus non-authorized versus semi-authorized

Script kiddies

Hacker teams and hacktivists

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

6

State Actors and Advanced Persistent Threats

State-backed groups

Attached to military/secret services

Highly sophisticated

Advanced Persistent Threat (APT)

Espionage and strategic advantage

Deniability

False flag operations

Screenshot used with permission from fireeye.com.

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

7

Criminal Syndicates and Competitors

Criminal syndicates

Operate across legal jurisdictions

Motivated by criminal profit

Can be very well resourced and funded

Competitors

Cyber espionage

Combine with insider threat

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

8

8

Insider Threat Actors

Malicious insider threat

Has or has had authorized access

Employees, contractors, partners

Sabotage, financial gain, business advantage

Unintentional insider threat

Weak policies and procedures

Weak adherence to policies and procedures

Lack of training/security awareness

Shadow IT

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

9

9

Attack Surface and Vectors

Attack surface

Points where an attacker can discover/exploit vulnerabilities in a network or application

Vectors

Direct access

Removable media

Email

Remote and wireless

Supply chain

Web and social media

Cloud

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

10

10

Threat Actor Types and Attack Vectors

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

11

Review Activity

Explain Threat Intelligence Sources

Topic 2B

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

12

12

1.5 Explain different threat actors, vectors and intelligence sources

Syllabus Objectives Covered

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

13

Threat Research Sources

Counterintelligence

Tactics, techniques, and procedures (TTPs)

Threat research sources

Academic research

Analysis of attacks on customer systems

Honeypots/honeynets

Dark nets and the dark web

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

14

14

Threat Intelligence Providers

Narrative analysis and commentary

Reputation/threat data feeds—cyber threat intelligence (CTI)

Platforms and feeds

Closed/proprietary

Vendor websites

Public/private information sharing centers

Open source intelligence (OSINT) threat data sources

OSINT as reconnaissance and monitoring

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

15

15

Academic journals

Conferences

Request for Comments (RFC)

Social media

Other Threat Intelligence Research Sources

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

16

16

Tactics, Techniques, and Procedures and Indicators of Compromise

Tactics, Techniques, and Procedures (TTPs)

Generalized statement of adversary behavior

Campaign strategy and approach (tactics)

Generalized attack vectors (techniques)

Specific intrusion tools and methods (procedures)

Indicator of compromise (IoC)

Specific evidence of intrusion

Individual data points

Correlation of system and threat data

AI-backed analysis

Indicator of attack (IoA)

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

17

Threat Data Feeds

Structured Threat Information exchange (STIX)

Trusted Automated Exchange of Indicator Information (TAXII)

Automated Indicator Sharing (AIS)

Threat maps

File/code repositories

Vulnerability databases and feeds

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

18

Icon images © Copyright 2016 Bret Jordan. Licensed under the Creative Commons Attribution-ShareAlike (CC BY-SA) License, Version 4.0. (freetaxii.github.io/stix2-icons.html.

18

Correlation between security intelligence/event monitoring and threat data

Artificial intelligence (AI) and machine learning (ML)

Expert systems

Artificial neural networks (ANN)

Inputs, outputs, and feedback

Objectives and error states

Predictive analysis

Threat forecasting

Monitor “chatter”

Artificial Intelligence and Predictive Analysis

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

19

19

Threat Intelligence Sources

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

20

Review Activity

Summary

Lesson 2

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

21

21