Cyber threat intelligence /

"This book describes the intelligence techniques and models used in cyber threat intelligence. It provides a survey of ideas, views and concepts, rather than offering a hands-on practical guide. It is intended for anyone who wishes to learn more about the domain, possibly because they wish to d...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Lee, Martin (Computer security expert) (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Hoboken, New Jersey : John Wiley & Sons, Inc., [2023]
Temas:
Cyber intelligence (Computer security)
Cyberterrorism > Prevention.
Cyberspace operations (Military science)
Surveillance des menaces informatiques.
Cyberguerre (Science militaire)
Cyberterrorism > Prevention
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright Page
  • Contents
  • Preface
  • About the Author
  • Abbreviations
  • Endorsements for Martin Lee's Book
  • Chapter 1 Introduction
  • 1.1 Definitions
  • 1.1.1 Intelligence
  • 1.1.2 Cyber Threat
  • 1.1.3 Cyber Threat Intelligence
  • 1.2 History of Threat Intelligence
  • 1.2.1 Antiquity
  • 1.2.2 Ancient Rome
  • 1.2.3 Medieval and Renaissance Age
  • 1.2.4 Industrial Age
  • 1.2.5 World War I
  • 1.2.6 World War II
  • 1.2.7 Post War Intelligence
  • 1.2.8 Cyber Threat Intelligence
  • 1.2.9 Emergence of Private Sector Intelligence Sharing
  • 1.3 Utility of Threat Intelligence
  • 1.3.1 Developing Cyber Threat Intelligence
  • Summary
  • References
  • Chapter 2 Threat Environment
  • 2.1 Threat
  • 2.1.1 Threat Classification
  • 2.2 Risk and Vulnerability
  • 2.2.1 Human Vulnerabilities
  • 2.2.1.1 Example
  • Business Email Compromise
  • 2.2.2 Configuration Vulnerabilities
  • 2.2.2.1 Example
  • Misconfiguration of Cloud Storage
  • 2.2.3 Software Vulnerabilities
  • 2.2.3.1 Example
  • Log4j Vulnerabilities
  • 2.3 Threat Actors
  • 2.3.1 Example
  • Operation Payback
  • 2.3.2 Example
  • Stuxnet
  • 2.3.3 Tracking Threat Actors
  • 2.4 TTPs
  • Tactics, Techniques, and Procedures
  • 2.5 Victimology
  • 2.5.1 Diamond Model
  • 2.6 Threat Landscape
  • 2.6.1 Example
  • Ransomware
  • 2.7 Attack Vectors, Vulnerabilities, and Exploits
  • 2.7.1 Email Attack Vectors
  • 2.7.2 Web-Based Attacks
  • 2.7.3 Network Service Attacks
  • 2.7.4 Supply Chain Attacks
  • 2.8 The Kill Chain
  • 2.9 Untargeted versus Targeted Attacks
  • 2.10 Persistence
  • 2.11 Thinking Like a Threat Actor
  • Summary
  • References
  • Chapter 3 Applying Intelligence
  • 3.1 Planning Intelligence Gathering
  • 3.1.1 The Intelligence Programme
  • 3.1.2 Principles of Intelligence
  • 3.1.3 Intelligence Metrics
  • 3.2 The Intelligence Cycle
  • 3.2.1 Planning, Requirements, and Direction.
  • 3.2.2 Collection
  • 3.2.3 Analysis and Processing
  • 3.2.4 Production
  • 3.2.5 Dissemination
  • 3.2.6 Review
  • 3.3 Situational Awareness
  • 3.3.1 Example
  • 2013 Target Breach
  • 3.4 Goal Oriented Security and Threat Modelling
  • 3.5 Strategic, Operational, and Tactical Intelligence
  • 3.5.1 Strategic Intelligence
  • 3.5.1.1 Example
  • Lazarus Group
  • 3.5.2 Operational Intelligence
  • 3.5.2.1 Example
  • SamSam
  • 3.5.3 Tactical Intelligence
  • 3.5.3.1 Example
  • WannaCry
  • 3.5.4 Sources of Intelligence Reports
  • 3.5.4.1 Example
  • Shamoon
  • 3.6 Incident Preparedness and Response
  • 3.6.1 Preparation and Practice
  • Summary
  • References
  • Chapter 4 Collecting Intelligence
  • 4.1 Hierarchy of Evidence
  • 4.1.1 Example
  • Smoking Tobacco Risk
  • 4.2 Understanding Intelligence
  • 4.2.1 Expressing Credibility
  • 4.2.2 Expressing Confidence
  • 4.2.3 Understanding Errors
  • 4.2.3.1 Example
  • the WannaCry Email
  • 4.2.3.2 Example
  • the Olympic Destroyer False Flags
  • 4.3 Third Party Intelligence Reports
  • 4.3.1 Tactical and Operational Reports
  • 4.3.1.1 Example
  • Heartbleed
  • 4.3.2 Strategic Threat Reports
  • 4.4 Internal Incident Reports
  • 4.5 Root Cause Analysis
  • 4.6 Active Intelligence Gathering
  • 4.6.1 Example
  • the Nightingale Floor
  • 4.6.2 Example
  • the Macron Leaks
  • Summary
  • References
  • Chapter 5 Generating Intelligence
  • 5.1 The Intelligence Cycle in Practice
  • 5.1.1 See it, Sense it, Share it, Use it
  • 5.1.2 F3EAD Cycle
  • 5.1.3 D3A Process
  • 5.1.4 Applying the Intelligence Cycle
  • 5.1.4.1 Planning and Requirements
  • 5.1.4.2 Collection, Analysis, and Processing
  • 5.1.4.3 Production and Dissemination
  • 5.1.4.4 Feedback and Improvement
  • 5.1.4.5 The Intelligence Cycle in Reverse
  • 5.2 Sources of Data
  • 5.3 Searching Data
  • 5.4 Threat Hunting
  • 5.4.1 Models of Threat Hunting
  • 5.4.2 Analysing Data.
  • 5.4.3 Entity Behaviour Analytics
  • 5.5 Transforming Data into Intelligence
  • 5.5.1 Structured Geospatial Analytical Method
  • 5.5.2 Analysis of Competing Hypotheses
  • 5.5.3 Poor Practices
  • 5.6 Sharing Intelligence
  • 5.6.1 Machine Readable Intelligence
  • 5.7 Measuring the Effectiveness of Generated Intelligence
  • Summary
  • References
  • Chapter 6 Attribution
  • 6.1 Holding Perpetrators to Account
  • 6.1.1 Punishment
  • 6.1.2 Legal Frameworks
  • 6.1.3 Cyber Crime Legislation
  • 6.1.4 International Law
  • 6.1.5 Crime and Punishment
  • 6.2 Standards of Proof
  • 6.2.1 Forensic Evidence
  • 6.3 Mechanisms of Attribution
  • 6.3.1 Attack Attributes
  • 6.3.1.1 Attacker TTPs
  • 6.3.1.2 Example
  • HAFNIUM
  • 6.3.1.3 Attacker Infrastructure
  • 6.3.1.4 Victimology
  • 6.3.1.5 Malicious Code
  • 6.3.2 Asserting Attribution
  • 6.4 Anti-Attribution Techniques
  • 6.4.1 Infrastructure
  • 6.4.2 Malicious Tools
  • 6.4.3 False Attribution
  • 6.4.4 Chains of Attribution
  • 6.5 Third Party Attribution
  • 6.6 Using Attribution
  • Summary
  • References
  • Chapter 7 Professionalism
  • 7.1 Notions of Professionalism
  • 7.1.1 Professional Ethics
  • 7.2 Developing a New Profession
  • 7.2.1 Professional Education
  • 7.2.2 Professional Behaviour and Ethics
  • 7.2.2.1 Professionalism in Medicine
  • 7.2.2.2 Professionalism in Accountancy
  • 7.2.2.3 Professionalism in Engineering
  • 7.2.3 Certifications and Codes of Ethics
  • 7.3 Behaving Ethically
  • 7.3.1 The Five Philosophical Approaches
  • 7.3.2 The Josephson Model
  • 7.3.3 PMI Ethical Decision Making Framework
  • 7.4 Legal and Ethical Environment
  • 7.4.1 Planning
  • 7.4.1.1 Responsible Vulnerability Disclosure
  • 7.4.1.2 Vulnerability Hoarding
  • 7.4.2 Collection, Analysis, and Processing
  • 7.4.2.1 PRISM Programme
  • 7.4.2.2 Open and Closed Doors
  • 7.4.3 Dissemination
  • 7.4.3.1 Doxxing
  • 7.5 Managing the Unexpected.
  • 7.6 Continuous Improvement
  • Summary
  • References
  • Chapter 8 Future Threats and Conclusion
  • 8.1 Emerging Technologies
  • 8.1.1 Smart Buildings
  • 8.1.1.1 Software Errors
  • 8.1.1.2 Example
  • Maroochy Shire Incident
  • 8.1.2 Health Care
  • 8.1.2.1 Example
  • Conti Attack Against Irish Health Sector
  • 8.1.3 Transport Systems
  • 8.2 Emerging Attacks
  • 8.2.1 Threat Actor Evolutions
  • 8.2.1.1 Criminal Threat Actors
  • 8.2.1.2 Nation State Threat Actors
  • 8.2.1.3 Other Threat Actors
  • 8.3 Emerging Workforce
  • 8.3.1 Job Roles and Skills
  • 8.3.2 Diversity in Hiring
  • 8.3.3 Growing the Profession
  • 8.4 Conclusion
  • References
  • Chapter 9 Case Studies
  • 9.1 Target Compromise 2013
  • 9.1.1 Background
  • 9.1.2 The Attack
  • 9.2 WannaCry 2017
  • 9.2.1 Background
  • 9.2.1.1 Guardians of Peace
  • 9.2.1.2 The Shadow Brokers
  • 9.2.1.3 Threat Landscape
  • Worms and Ransomware
  • 9.2.2 The Attack
  • 9.2.2.1 Prelude
  • 9.2.2.2 Malware
  • 9.3 NotPetya 2017
  • 9.3.1 Background
  • 9.3.2 The Attack
  • 9.3.2.1 Distribution
  • 9.3.2.2 Payload
  • 9.3.2.3 Spread and Consequences
  • 9.4 VPNFilter 2018
  • 9.4.1 Background
  • 9.4.2 The Attack
  • 9.5 SUNBURST and SUNSPOT 2020
  • 9.5.1 Background
  • 9.5.2 The Attack
  • 9.6 Macron Leaks 2017
  • 9.6.1 Background
  • 9.6.2 The Attack
  • References
  • Index
  • EULA.

Ejemplares similares