Threat actors do not exist in a cyber vacuum. Hackers, organised criminal gangs, and nation states all operate within the same cyberspace and have access to the same systems and vulnerabilities. Whilst the tactics, techniques and procedures (TTPs) vary between different threat actor categories (in terms of method, capability and sophistication), the infection vectors they target remain the same.Continue reading
The UK’s Ministry of Defence defines intelligence as the directed and co-ordinated acquisition and analysis of information to assess capabilities, intent and opportunities for exploitation by decision-makers at all levels.
Information, on the other hand, is defined as unprocessed data of every description that may be used in the production of intelligence.
I describe intelligence as actionable information
The key question to ask when presented with ‘intelligence’ is:
“what can I do with it?”Continue reading
Within the corporate world, the spectre of insider threat is one that is difficult to come to terms with. A malicious insider in an organisation has, by virtue of their position, access to privileged information and functionality that an outside attacker would be able to leverage only with great difficulty.Continue reading
There is a general consensus that Russia interfered in the 2016 US Presidential Elections. According to the US intelligence community, it has been assessed with ‘high confidence’ that Russia used nation state proxy groups to influence the outcome of the presidential election in favour of Donald Trump.Continue reading
In April 2017, PwC and BAE Systems released a report that investigated the activities of a Chinese advanced persistent threat (APT) actor, known as APT10 or Stone Panda (amongst other things).
The report assesses that this group’s primary technique is to target managed service providers (MSPs) as a pivot point to gain a foothold into the network of their clients. In other words, this threat actor is using the supply chain as the infection vector into their target’s environment.Continue reading
The use of biometric information for security is on the rise, as every week a new article proclaims that the biometric revolution is just around the corner. Is it time to bid farewell to conventional passwords?Continue reading
It’s easy to forget that cybercrime is a relatively new term that didn’t exist 30 years ago. Today, excluding some violent crimes, it appears that almost every conceivable crime can have a cyber element to it. Cybercrime can be described as any illegal activity that is dependent on a computer or network-connected device. But as devices are increasingly network connected, could we see a blurring of the line between traditional crime and cybercrime?Continue reading
Online anonymity has become very popular with users becoming concerned about their privacy when using the Internet. TOR is one of the most widely used (and arguably, most effective) ways of maintaining a level of online anonymity. Although TOR has some great advantages, it nevertheless has its limitations.
One possible alternative to TOR is the Riffle anonymity network. But how does it the answer to the call for better online privacy?Continue reading
Generally when conducting threat assessments, a tried and tested method is to assess the threat from four categories of threat actor:
- Nation state / Nation state proxies / Intelligence services
- Organised criminal gangs
- Hacktivists and hackers
- Malicious and unintentional insider
What is the Dark Web?
Like ‘machine learning’ and ‘quantum computing’, ‘dark web’ is a term that has achieved buzzword status in recent times. But what are the dark web, deep web, and dark net – besides a vague place where the bad guys live?Continue reading