The Basics of Cyber Threats and Types of Threats

What is a cyber threat?

For an expert on cybersecurity, the definition of a cyber threat in the Oxford Dictionary is not enough: “the possibility of a malicious attempt to damage or destroy a computer network or system.”

This definition is incomplete without including attempts to access files and infiltrate or steal data.

In this definition, the threat is explained as an opportunity.

However, in the cybersecurity community, the threat is more closely associated with the attacker or opponent attempting to gain access to the system.

Or the threat can be detected as a result of the damage, ie how the attack was carried out and what tactics, methods and procedures were used.

Types of cyber threats

In 2012, Roger A. Grimes provided this list, published in Infoworld, of the five most common cyber threats:

Social Trojans
Zero Day Vulnerabilities (eg Java, Adobe Reader, Flash)
Phishing
Networked worms
Advanced persistent threats

But since the publication of this list, it has been widely accepted the introduction of several different types of technologies: cloud computing, large amounts of data and the use of mobile devices.

In September 2016, Bob Gurley shared a video that contained comments from Rand’s corporation’s internal security committee, subcommittee on cybersecurity, infrastructure and security technologies for new cyber threats and their consequences.

The video highlights two technological trends that drive a cyber threat in 2016:

Internet of things – separate devices that connect to the Internet or other networks
Rapid growth of data – stored on devices, desktop computers and elsewhere

Today, the list of cyber threats can look something like this:

Phishing
Trojans
, botnets
Extortioners
Distributed Denial of Service (DDoS)
attacks wiper
Intellectual Property Theft
Theft of money
manipulation data
destruction data
Spyware / Malware
man in the middle (MITM)
jokingly n rogrammnoe software 
unpatched software

Unpatched software, it would seem, is the simplest vulnerability, yet it can lead to the biggest leaks.

Sources of Cyber Threats

Technologies and methods of threat organizers are constantly evolving.

But the sources of cyber threats remain the same. There is always a human element; someone who comes across a clever trick.

But take one more step in this matter, and you will find someone with a motive.

This is a real source of cyber threats.

For example, in June 2016, SecureWorks revealed tactical details of attacks by the Russian Threat Group-4127 on emails with Hillary Clinton’s election campaign.

Then, in September, Bill Hertz of The Washington Times reported another cyber attack on Hillary Clinton’s e-mails, allegedly “hostile to foreign players”, probably from China or Russia.

At present, there is a US policy towards foreign cyber threats, known as “containment by refusal”.

In this case, denial means preventing foreign opponents from accessing data in the United States.

But not all cyber threats come from abroad.

Pieruligi Paganini @securityaffairs recently reported that the police arrested two people from North Carolina who are allegedly members of the notorious hacking group called “Crackas With Attitude”, which leaked into personal information about 31,000 US agents and their families.

The most common sources of cyber threats

National states or national governments
Terrorists
Industrial spies
Organized criminal groups
Hacktivists and hackers
Business competitors
Dissatisfied insiders

The need for knowledge about cyberthreats for enterprises

Strengthening contemporary threats, such as nation states, organized cybercriminals and cyber-espionage, is the greatest threat to information security for businesses today.

Many organizations are trying to identify these threats because of their secret nature, the sophistication of resources and their deliberate “low and slow” approach and efforts.

For businesses, these more complex, organized and persistent threats perform only digital footprints that they leave.

For these reasons, businesses need to know beyond their network boundaries about advanced threats specifically designed for such organizations and infrastructure.

Researchers of cyberthreats can begin by studying the background profile of assets outside the boundaries of the network and realizing offline threats, such as those reported by Luke Rodenhähler of Global Risk Insights.

They must then track critical IP addresses, domain names and ranges of IP addresses (for example, CIDR blocks).

This can provide an extended warning of the IS threat while the opponents are in the planning stages.

Thanks to this improved readiness, you can get a better understanding of the current exploits, the identification of cyberthreats and the actors behind them.

This allows you to take proactive measures to protect against these threats with consequential consequences.

 

The SecureWorks Counter Threat Unit (CTU) ™ consists of a group of professionals with experience in private security, military and intelligence communities, and since 2005 has published a threat analysis.

CTUs provide an overview of threats to thousands of customer networks to identify emerging threats and many other resources, including:

Attack of telemetry from clients
Examples of malicious programs
Research
Public and private sources of information
Monitoring of sites
Social Media
Communication channels used by participants in threats of the
Community for Security
Governmental agencies

The data from these sources enter the intelligence intelligence management system, which selects such threat indicators, such as:

Signatures
Domain
Names Host Names
IP Addresses
File Names
Registry Data
Vulnerabilities
Cataloged Malware

The threat indicators are then enriched with contextual metadata to determine how they relate to threat subjects and attack methods.

The system then helps researchers identify relationships that can not be found manually.

Their research shows who is attacking, how and why.

This information then leads to valid representations, such as:

What does the threat mean? 
How do you resist? 
What actions should you take?

The exchange of knowledge in the field of intelligence is taking place among the leading organizations on cyber threats in both the public and private sectors.

SecureWorks believes that they are the most informed and active organizations and are in constant communication with them.

Below is a partial list of these organizations:

Incident and Safety Response Team (FIRST)
National Cybercriminal and Training Alliance (NCFTA)
Microsoft Active Protections Program (MAPP) 
Financial Services Information Exchange and Analysis Center (FS-ISAC) The 
National Center for Health Information Exchange and Analysis (NH- ISAC)

Level of cyberthreats

The cybersecurity directory (or the threat level indicator) can be found in various public sources.

Some of these directories, such as CyberSecurityIndex.org, are updated monthly.

Others, such as the NH-ISAC threat level or the MS-ISAC alert level, are updated more often, based on general threat information.

Most of these indexes correspond to the same format as the original security code of Cyber ​​Security. It is evaluated daily by the CTU and updated accordingly based on the current activity of the threats.

The reason that indicates the current status of the index generally includes reliable and effective information about the software, networks, infrastructures or key assets for threats.

When there is a serious discussion about the threat that corresponds to the level of the cybersecurity index, CTU will use the criteria in the definitions of the cybersecurity index in decision-making. The CTU takes a very serious and reasonable approach in determining the cybersecurity index.

 

The SecureWorks Cyber ​​Security security catalog was previously published publicly, but is now available only to customers through a dedicated portal.

New threats

Threat recommendations report new vulnerabilities that could lead to new incidents. They are published as soon as possible to help someone better protect their devices or systems.

Methods of the most successful practice for protection and protection

Today’s methods of the most successful practice for cybersecurity are a hybrid approach.

The key is to keep up with the rapid advances in the sophistication of cyberthreats that develop beyond what the security service can now perform and provide.

Internal efforts to ensure IT security:

Serious end-user training – the practice of complying with data processing requirements, recognizing phishing attempts and procedures to counter attempts at socialization
Updating the software
Firewall and antivirus *
IDS / IPS * – intrusion detection systems and intrusion prevention systems 
Monitoring security events * 
Incident response plan *

Requirement for security partners:

Infiltration and vulnerability scanning
Advanced monitoring of threats to the ultimate targets of the attack
Always up-to-date information about the threat
Presence of employees of the service for responding to information security incidents

* If resources are not available within the company, any of these jobs can be redirected to the security solutions provider.

Leave a Reply