Introduction
Cyberspace is an unpredictable domain, with cybercriminals constantly devising advanced techniques and technologies to exploit system vulnerabilities and networks.
In a recent Microsoft survey, 22% of organizations across the world ranked cyber risks to be the top concern over other significant business risks. A lack of robust cyber defense led to companies being extorted by cybercriminals. To this end, many organizations have started to explore threat intelligence to better understand the motive/techniques behind an attack and mount a counterattack before it escalates.
As the famous saying goes, “The best defense is a good offense.” In this article, we will breakdown everything you need to know about cyber counterintelligence and how to implement it.
What Is Threat Intelligence?
Threat intelligence is essentially data analysis using tools and techniques to gather information about existing and emerging cyber threats that might target an organization and mitigate risks. Furthermore, cyber intelligence provides organizations with a faster and more informed security decision in an effort to change their behavior from reactive to proactive for combatting attacks.
Cyber Threat Data Collection
Data acquired on IOC systems may be malicious and can compromise the network security system of an organization, which can leave sensitive data compromised. That’s why organizations need to routinely collect real-time intelligence data from both internal and external sources. One of the important steps for creating cyber threat intelligence is to gather relevant data threats for analysis and processing.
The data collection is conducted via several sources by using the predefined TTP (Tactics, Techniques, and Procedures).
Sources of Threat Data
Internal Sources: These are network logs, security lapses, reports on past cyber incidents, risk analysis reports, etc.
External sources: These include threat feeds from communities and forums, the dark web, open web, and other online sources.
Tools & Techniques for Data Collection
Here are some tools that you can use to gather data for threat intelligence.
◉ Human intelligence such as interrogation, interviews, and social engineering.
◉ Open-source intelligence (OSINT) such as web services, emails, search engines, URL/IP/DNS lookup, website footprinting, etc.
◉ Indicators of Compromise (IoCs) like internal, external, and custom built IoCs.
◉ Cyber counterintelligence such as passive DNS monitoring, malware sinkholes, honeypots, adversary’s infrastructure, YARA rules, etc.
◉ Existing malware analysis.
Cyber Counterintelligence
Cyber counterintelligence (CCI) is the umbrella term for the efforts taken by an organization to prevent cyberattacks on its infrastructure from adversaries. These include competitor intelligence advances, malicious actors, nation-states, or criminal organizations that are involved in sensitive information gathering and exploitation of an organization’s IT weaknesses.. Furthermore, while the major objective of cyber counterintelligence is to defend, much of the methods are usually offensive.
This simply means that for cyber counterintelligence to be effective, it must be on both the defensive and offensive sides.
Data Collection Through Cyber Counterintelligence
CCI’s main purpose is to identify, degrade, neutralize, and protect organizations from adversarial intelligence activities. This can be done by utilizing both passive and active counterintelligence approaches to gather data.
Defensive cyber counterintelligence
Defensive cyber counterintelligence is used to identify and understand cyber threats and minimize the threat landscape a cyber attacker can exploit. This helps protect the organization against vulnerabilities from internal and external threats. Cyber intelligence analysts can gather data through a variety of venues, such as penetration testing, threat hunting, vulnerability assessment, threat management, etc.
Offensive cyber counterintelligence
Offensive cyber counterintelligence is a term used for active interaction with attackers. This includes gathering information about the hostile intelligence gathering process, capabilities, and techniques, and devising deceit tactics to trick attackers into thinking they have successfully accessed confidential information.
There are numerous ways of data collection using offensive cyber counterintelligence like honeypots, honeynets, sock puppets, false flags, publishing false reports and information to deceive adversarial intrusion attempts, and so on. Moreover, these efforts can be performed from both inside and outside your networks.
Source: eccouncil.org
0 comments:
Post a Comment