‘There are now three certainties in life – there’s death, there’s taxes and there’s a foreign intelligence service on your system’ – Head of Cyber at MI5 (2013)
Over the last two decades, the scale and severity of cyber attacks has been very variable. It is probably safe to suggest that the secret sabotage of a nuclear facility by the Stuxnet worm is in a slightly different league to the theft of payment card data held by a commercial brand like Chipotle. Nonetheless, there are several underlying attributes that provide a common framework to compare unconnected incidents. The Diamond Model of Intrusion Analysis indicates that for every incident, there is:
- An Adversary
- The Capabilities of the Adversary
- A Victim
- Infrastructure over which the attack occurs
Some industries are more likely to attract particular kinds of threat actors than others. The retail and hospitality industries for instance are very attractive targets for cyber criminals as both collect and process large quantities of personal and financial data. This is similar to the banking industry but, whereas major bank breaches are now considered to require sophisticated operational procedures and have become the preserve of highly specialised groups, the retail and hospitality industries remain prime targets for criminals of all capabilities.
The Russian Federation is currently pursuing a radical transformation to internet connectivity within the country. RuNet 2020 is an ambitious project to establish a national government-controlled network which is intended to function in an insulated environment from the broader internet in the event of a crisis.
The State of Israel has developed exceptional cyber capabilities that surpass all other nations within the MENA region. In January 2017, Prime Minister Benjamin Netanyahu declared that Israel had become one of the top five global cyber powers. Israel conducts covert cyber operations that are strictly classified and rarely formally acknowledged. So, beyond the infamous Stuxnet virus, what do publicly available sources reveal about state-sponsored hackers within Israel?
ThreatMatch is a cyber threat intelligence platform that provides users with relevant, actionable and timely threat intelligence that can be tailored to their unique environments. Using a diverse and extensive range of sources, ThreatMatch provides continuous alerts on how an organisation’s attack surface correlates with the threat posed by the malicious actors targeting it.
John Beale, founder of Security Alliance comments: “We were delighted to be invited to launch ThreatMatch at the official opening of the UK Cyber Demonstration Centre.
The SANS Cyber Threat Intelligence Summit 2017 was held in Arlington Virginia on January 31, 2017 and February 1, 2017.
Watch Rob Dartnall, Cyber Intelligence Director at Security Alliance present : The Use of conventional intelligence methodologies in Cyber Threat Intelligence
Rob Dartnall, Cyber Intelligence Director at Security Alliance talks to The Banker’s Joy Macknight about intelligence-driven cyber security and the threat of IoT zombies.
Generally when conducting threat assessments, a tried and tested method is to assess the threat from four categories of threat actor:
- Nation state / Nation state proxies / Intelligence services
- Organised criminal gangs
- Hacktivists and hackers
- Malicious and unintentional insider
“Amazing”, “extreme”, “one of the coolest things I’ve ever seen.” These were the words of a cyber forensics expert who was tasked with investigating the biggest breach of an insurance company in history. Respectively, these words describe the operational security, stealth tactics, and malware engineering of the group that stole the personal information of almost 79 million policyholders in the US in 2015. The forensic team claim that 1000 boxes were infected, and roughly 7000 MD5 hashes (distinct file identifying numbers) were assigned to the ever-changing malware used to conduct the breach. What the details of this breach show is that the insurance sector has become a particularly attractive target for well-resourced and highly skilled cybercriminals.
Last year saw a plethora of sophisticated cyber attacks including the infiltration of Oracle’s MICROS point of sale customer portal, the string of multi-million dollar thefts that leveraged the SWIFT banking network, and the US election hacks
Meanwhile in West Africa, cyber criminals continue their ongoing operations.