Cyber threat intelligence / Martin Lee.

Format:

Book

Author/Creator:

Lee, Martin (Computer security expert), author.

Contributor:

Wiley InterScience (Online service)

Language:

English

Subjects (All):

Cyber intelligence (Computer security).

Cyberterrorism--Prevention.

Cyberterrorism.

Cyberspace operations (Military science).

Physical Description:

1 online resource (xx, 284 pages) : illustrations (some color)

Place of Publication:

Hoboken, New Jersey : John Wiley & Sons, Inc., [2023]

Contents:

Cover

Title Page

Copyright Page

Contents

Preface

About the Author

Abbreviations

Endorsements for Martin Lee's Book

Chapter 1 Introduction

1.1 Definitions

1.1.1 Intelligence

1.1.2 Cyber Threat

1.1.3 Cyber Threat Intelligence

1.2 History of Threat Intelligence

1.2.1 Antiquity

1.2.2 Ancient Rome

1.2.3 Medieval and Renaissance Age

1.2.4 Industrial Age

1.2.5 World War I

1.2.6 World War II

1.2.7 Post War Intelligence

1.2.8 Cyber Threat Intelligence

1.2.9 Emergence of Private Sector Intelligence Sharing

1.3 Utility of Threat Intelligence

1.3.1 Developing Cyber Threat Intelligence

Summary

References

Chapter 2 Threat Environment

2.1 Threat

2.1.1 Threat Classification

2.2 Risk and Vulnerability

2.2.1 Human Vulnerabilities

2.2.1.1 Example

Business Email Compromise

2.2.2 Configuration Vulnerabilities

2.2.2.1 Example

Misconfiguration of Cloud Storage

2.2.3 Software Vulnerabilities

2.2.3.1 Example

Log4j Vulnerabilities

2.3 Threat Actors

2.3.1 Example

Operation Payback

2.3.2 Example

Stuxnet

2.3.3 Tracking Threat Actors

2.4 TTPs

Tactics, Techniques, and Procedures

2.5 Victimology

2.5.1 Diamond Model

2.6 Threat Landscape

2.6.1 Example

Ransomware

2.7 Attack Vectors, Vulnerabilities, and Exploits

2.7.1 Email Attack Vectors

2.7.2 Web-Based Attacks

2.7.3 Network Service Attacks

2.7.4 Supply Chain Attacks

2.8 The Kill Chain

2.9 Untargeted versus Targeted Attacks

2.10 Persistence

2.11 Thinking Like a Threat Actor

Chapter 3 Applying Intelligence

3.1 Planning Intelligence Gathering

3.1.1 The Intelligence Programme

3.1.2 Principles of Intelligence

3.1.3 Intelligence Metrics

3.2 The Intelligence Cycle

3.2.1 Planning, Requirements, and Direction.

3.2.2 Collection

3.2.3 Analysis and Processing

3.2.4 Production

3.2.5 Dissemination

3.2.6 Review

3.3 Situational Awareness

3.3.1 Example

2013 Target Breach

3.4 Goal Oriented Security and Threat Modelling

3.5 Strategic, Operational, and Tactical Intelligence

3.5.1 Strategic Intelligence

3.5.1.1 Example

Lazarus Group

3.5.2 Operational Intelligence

3.5.2.1 Example

SamSam

3.5.3 Tactical Intelligence

3.5.3.1 Example

WannaCry

3.5.4 Sources of Intelligence Reports

3.5.4.1 Example

Shamoon

3.6 Incident Preparedness and Response

3.6.1 Preparation and Practice

Chapter 4 Collecting Intelligence

4.1 Hierarchy of Evidence

4.1.1 Example

Smoking Tobacco Risk

4.2 Understanding Intelligence

4.2.1 Expressing Credibility

4.2.2 Expressing Confidence

4.2.3 Understanding Errors

4.2.3.1 Example

the WannaCry Email

4.2.3.2 Example

the Olympic Destroyer False Flags

4.3 Third Party Intelligence Reports

4.3.1 Tactical and Operational Reports

4.3.1.1 Example

Heartbleed

4.3.2 Strategic Threat Reports

4.4 Internal Incident Reports

4.5 Root Cause Analysis

4.6 Active Intelligence Gathering

4.6.1 Example

the Nightingale Floor

4.6.2 Example

the Macron Leaks

Chapter 5 Generating Intelligence

5.1 The Intelligence Cycle in Practice

5.1.1 See it, Sense it, Share it, Use it

5.1.2 F3EAD Cycle

5.1.3 D3A Process

5.1.4 Applying the Intelligence Cycle

5.1.4.1 Planning and Requirements

5.1.4.2 Collection, Analysis, and Processing

5.1.4.3 Production and Dissemination

5.1.4.4 Feedback and Improvement

5.1.4.5 The Intelligence Cycle in Reverse

5.2 Sources of Data

5.3 Searching Data

5.4 Threat Hunting

5.4.1 Models of Threat Hunting

5.4.2 Analysing Data.

5.4.3 Entity Behaviour Analytics

5.5 Transforming Data into Intelligence

5.5.1 Structured Geospatial Analytical Method

5.5.2 Analysis of Competing Hypotheses

5.5.3 Poor Practices

5.6 Sharing Intelligence

5.6.1 Machine Readable Intelligence

5.7 Measuring the Effectiveness of Generated Intelligence

Chapter 6 Attribution

6.1 Holding Perpetrators to Account

6.1.1 Punishment

6.1.2 Legal Frameworks

6.1.3 Cyber Crime Legislation

6.1.4 International Law

6.1.5 Crime and Punishment

6.2 Standards of Proof

6.2.1 Forensic Evidence

6.3 Mechanisms of Attribution

6.3.1 Attack Attributes

6.3.1.1 Attacker TTPs

6.3.1.2 Example

HAFNIUM

6.3.1.3 Attacker Infrastructure

6.3.1.4 Victimology

6.3.1.5 Malicious Code

6.3.2 Asserting Attribution

6.4 Anti-Attribution Techniques

6.4.1 Infrastructure

6.4.2 Malicious Tools

6.4.3 False Attribution

6.4.4 Chains of Attribution

6.5 Third Party Attribution

6.6 Using Attribution

Chapter 7 Professionalism

7.1 Notions of Professionalism

7.1.1 Professional Ethics

7.2 Developing a New Profession

7.2.1 Professional Education

7.2.2 Professional Behaviour and Ethics

7.2.2.1 Professionalism in Medicine

7.2.2.2 Professionalism in Accountancy

7.2.2.3 Professionalism in Engineering

7.2.3 Certifications and Codes of Ethics

7.3 Behaving Ethically

7.3.1 The Five Philosophical Approaches

7.3.2 The Josephson Model

7.3.3 PMI Ethical Decision Making Framework

7.4 Legal and Ethical Environment

7.4.1 Planning

7.4.1.1 Responsible Vulnerability Disclosure

7.4.1.2 Vulnerability Hoarding

7.4.2 Collection, Analysis, and Processing

7.4.2.1 PRISM Programme

7.4.2.2 Open and Closed Doors

7.4.3 Dissemination

7.4.3.1 Doxxing

7.5 Managing the Unexpected.

7.6 Continuous Improvement

Chapter 8 Future Threats and Conclusion

8.1 Emerging Technologies

8.1.1 Smart Buildings

8.1.1.1 Software Errors

8.1.1.2 Example

Maroochy Shire Incident

8.1.2 Health Care

8.1.2.1 Example

Conti Attack Against Irish Health Sector

8.1.3 Transport Systems

8.2 Emerging Attacks

8.2.1 Threat Actor Evolutions

8.2.1.1 Criminal Threat Actors

8.2.1.2 Nation State Threat Actors

8.2.1.3 Other Threat Actors

8.3 Emerging Workforce

8.3.1 Job Roles and Skills

8.3.2 Diversity in Hiring

8.3.3 Growing the Profession

8.4 Conclusion

Chapter 9 Case Studies

9.1 Target Compromise 2013

9.1.1 Background

9.1.2 The Attack

9.2 WannaCry 2017

9.2.1 Background

9.2.1.1 Guardians of Peace

9.2.1.2 The Shadow Brokers

9.2.1.3 Threat Landscape

Worms and Ransomware

9.2.2 The Attack

9.2.2.1 Prelude

9.2.2.2 Malware

9.3 NotPetya 2017

9.3.1 Background

9.3.2 The Attack

9.3.2.1 Distribution

9.3.2.2 Payload

9.3.2.3 Spread and Consequences

9.4 VPNFilter 2018

9.4.1 Background

9.4.2 The Attack

9.5 SUNBURST and SUNSPOT 2020

9.5.1 Background

9.5.2 The Attack

9.6 Macron Leaks 2017

9.6.1 Background

9.6.2 The Attack

Index

EULA.

Notes:

Includes bibliographical references and index.

Electronic reproduction. Hoboken, N.J. Available via World Wide Web.

Description based on online resource; title from digital title page (viewed on April 25, 2023).

Other Format:

Print version: Lee, Martin Cyber threat intelligence

ISBN:

9781119861768

1119861764

9781119861751

1119861756

9781119861775

1119861772

Publisher Number:

99995914665

Access Restriction:

Restricted for use by site license.