It makes me cringe when I hear operators or security practitioners say, “I don’t care who the attacker is, I just want them to stop.” I would like to believe that we have matured past this idea as a security community, but I still find this line of thinking prevalent across many organizations – regardless of their cyber threat operation’s maturity level.
Attribution is important, and we as Cyberthreat Intelligence (CTI) professionals need to do a better job explaining across all lines of business and security operations how the pursuit of attribution, manifesting itself in adversary analysis, can be employed to improve an organization’s resource allocation and security posture.
According to the Verisign 2014 Cyberthreats and Trends Report, cyber intelligence has matured from an industry buzzword to a formal discipline, which has implications for vendors and security leaders. As few as seven years ago, cyberthreat intelligence was the purview of a small handful of practitioners, limited mostly to only the best-resourced organizations—primarily financial institutions that faced large financial losses due to cybercrime—and defense and intelligence agencies involved in computer network operations. Fast forward to today, and just about every business, large and small, is dependent on the internet in some way for day-to-day operations, making cyber intelligence a critical component of a successful business plan. That said, there are a wide variety of ways organizations can go about creating a cyber intelligence program.
I have the unique opportunity to speak with clients and partners on this topic from a variety of different industries as a part of my support for Verisign’s Intelligence-Driven Security program. I’d like to share some pragmatic tactical and strategic approaches to sourcing and applying cyber intelligence that I have gleaned through these activities and my own experience. The following is a brief overview of six approaches, along with key considerations that can help organizations of all types create a cyber intelligence program, build and align to a desired strategy, and create frameworks that — if executed properly — can become a defensive force multiplier.
With the ease of access to the internet and prevalence of social media today, unsuspecting computer users are making it easier than ever for malicious actors to target them with malcode. This trend has helped provide the perfect environment for Distributed Denial of Service (DDoS) attacks to grow in size, complexity and range of targets. Today’s attacks are not limited to web infrastructure; attackers are increasingly targeting the Domain Name System (DNS) infrastructure as well. This trend has been particularly noticeable in the financial industry, which has been hit hard over the last year.