sy0-601-02.pptx

Transcript

Lesson 2
Explaining Threat Actors and Threat Intelligence
Topic 2A
Explain Threat Actor Types and Attack Vectors

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 2
Syllabus Objectives Covered

1.5 Explain different threat actors, vectors and intelligence sources

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 3
Vulnerability, Threat, and Risk

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 4
Attributes of Threat Actors

Known threats versus adversary behaviors
Internal/external
Intent/motivation
Maliciously targeted versus opportunistic
Accidental/unintentional
Level of sophistication
Resources/funding
Adversary capability levels

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 5
Hackers, Script Kiddies, and Hacktivists

The “Lone Hacker”
White hats versus black hats versus gray hats
Authorized versus non-authorized versus semi-authorized
Script kiddies
Hacker teams and hacktivists

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 6
State Actors and Advanced Persistent Threats

State-backed groups
Attached to military/secret
services
Highly sophisticated
Advanced Persistent Threat
(APT)
Espionage and strategic
advantage
Deniability
False flag operations
Screenshot used with permission from fireeye.com.

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 7
Criminal Syndicates and Competitors

Criminal syndicates
Operate across legal jurisdictions
Motivated by criminal profit
Can be very well resourced and funded
Competitors
Cyber espionage
Combine with insider threat

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 8
Insider Threat Actors

Malicious insider threat
Has or has had authorized access
Employees, contractors, partners
Sabotage, financial gain, business advantage
Unintentional insider threat
Weak policies and procedures
Weak adherence to policies and procedures
Lack of training/security awareness
Shadow IT

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 9
Attack Surface and Vectors

Attack surface
Points where an attacker can discover/exploit vulnerabilities in
a network or application
Vectors
Direct access
Removable media
Email
Remote and wireless
Supply chain
Web and social media
Cloud

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 10
Threat Actor Types and Attack Vectors

Review
Activity
CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 11
Topic 2B
Explain Threat Intelligence Sources

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 12
Syllabus Objectives Covered

1.5 Explain different threat actors, vectors and intelligence sources

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 13
Threat Research Sources

Counterintelligence
Tactics, techniques, and
procedures (TTPs)
Threat research sources
Academic research
Analysis of attacks on customer
systems
Honeypots/honeynets
Dark nets and the dark web

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 14
Threat Intelligence Providers

Narrative analysis and commentary
Reputation/threat data feeds—cyber threat intelligence
(CTI)
Platforms and feeds
Closed/proprietary
Vendor websites
Public/private information sharing centers
Open source intelligence (OSINT) threat data sources
OSINT as reconnaissance and monitoring

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 15
Other Threat Intelligence Research Sources

Academic journals
Conferences
Request for Comments (RFC)
Social media

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 16
Tactics, Techniques, and Procedures and
Indicators of Compromise
Tactics, Techniques, and Procedures (TTPs)
Generalized statement of adversary behavior
Campaign strategy and approach (tactics)
Generalized attack vectors (techniques)
Specific intrusion tools and methods (procedures)
Indicator of compromise (IoC)
Specific evidence of intrusion
Individual data points
Correlation of system and threat data
AI-backed analysis
Indicator of attack (IoA)

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 17
Threat Data Feeds

Structured Threat
Information exchange (STIX)
Trusted Automated Exchange
of Indicator Information
(TAXII)
Automated Indicator Sharing
(AIS)
Threat maps
File/code repositories Icon images © Copyright 2016 Bret Jordan. Licensed under the Creative Commons
Attribution-ShareAlike (CC BY-SA) License, Version 4.0. (
freetaxii.github.io/stix2-icons.html.
Vulnerability databases and
feeds

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 18
Artificial Intelligence and Predictive Analysis

Correlation between security intelligence/event monitoring and
threat data
Artificial intelligence (AI) and machine learning (ML)
Expert systems
Artificial neural networks (ANN)
Inputs, outputs, and feedback
Objectives and error states
Predictive analysis
Threat forecasting
Monitor “chatter”

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 19
Threat Intelligence Sources

Review
Activity
CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 20
Lesson 2
Summary

CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 21