BADAN SIBER DAN SANDI NEGARA

CYBER THREAT INTELLIGENCE

INTRO & BENEFIT
JAKARTA, 23 FEBRUARI 2023

DINISFUSYA’BAN
SANDIMAN MUDA
DIREKTORAT KEAMANAN SIBER DAN SANDI
2
3
4
5
 TRENANCAMAN&TIMELINEINSIDENSIBER 1

Technology Trend Economic Trend

Cross-platform malware, Security incidents will rise, Economy is stimulated by mobile devices, (mobile
DDoS, Loss of Situational Awareness banking, mobile medicine, farming, agriculture)
Technological,
Social protest, reach voters, influence public policy. Cultural, Economic espionage; cyber offensive capability is an
Economic, and element of geopolitical superiority and command;
Corruption, mobile technology, and transnational
Geopolitical
organized crime. Shifts*
cyber operations are very attractive to actors

Cultural Trend Geopolitical Trend

Agustus November
Mei 2020 Mei 2020 Mei 2020 Juni 2020 Juni 2020 Mei 2021 Mei 2021 Mei 2021
2020 2020
Tokopedia Bhinneka.com KPU Bukalapak Data Covid-19 Kreditplus Cermati.com Colonial Pipeline HSE Irlandia BPJS
91 data pengguna 1,2 Juta data 2,3 juta data 13 juta data 230 ribu data 819K data 2,9 juta data Serangan Serangan (Investigasi)
& 7 juta merchant pengguna pemilih pemilu pengguna pasien nasabah pengguna ransomware, ransomware, RS 100K data dari
(EmpireMarket) (Darkweb) 2014 (RaidForums) (RaidForums) (RaidForums) tebusan 75 & Faskes 279 juta data
(RaidForums) (darkweb)
bitcoin, (Rp 71 terganggu (RaidForums)
* Cyber Threat! How to Manage the Growing Risk of Cyber Attacks, MacDonnell Ulsch miliar)

6
 Sumber :
Laporan Honeynet
BSSN 2021
https://bssn.go.id/h
oneynet/

7
Future Cyber Threat

8
9
 Sliding Scale Cyber Security Early Warning
Detection System 3
Security Control
Based on Incident Continuous Collaboration & Sharing
Monitoring & Detection Scheme

Passive Security Reactive Security Proactive Security Collaborative Security

Incident 1 Incident 2 Collaborative Sharing

• Collective
• Voluntary
• Automation

Campaign Playbook
Impact
• TTP
1. Financial Loss 4. Legal Action • Indicators
2. Reputational Damage 5. Loss of Sensitive • Security Control
3. Operational Downtime Data

10
11
12
 Cyber Threat Intelligence(CTI)
“Threat intelligence is evidence-based knowledge,
including context, mechanisms, indicators, Direction
implications and action-oriented advice about an
existing or emerging menace or hazard to assets. This
intelligence can be used to inform decisions regarding
the subject’s response to that menace or hazard.”
-Gartner- Collectiong

Processing
“Analyzed information about the hostile intent,
Analysis
capability, and opportunity of an adversary that
Dissemination
satisfies a requirement.”
-SANS-

Source: recordedfuture

13
14
Intrusion Analysis
Intrusion
Pyramid Analysis
of Pain (David Bianco) Cyber Kill Chain (Lockheed Martin)
Pyramid of Pain (David Bianco)

15
Mapping the Adversary

16
17
18
MITRE ATT&CK® Framework
 CTI Process BSSN

20
21
 Role of The Community
Direction PERSEBARAN INFORMASI CEPAT

TERJALIN TRUST YANG KUAT

COMMUNITY SALING DUKUNG / BANTU

Collection
g

Processing ENCRICH CTI

Analysis

Dissemination REDUCE
RESOURCE

Source: recordedfuture
22
 GOAL

HARING THREAT DATA & RESOURCE

FFECTIVE & EFFICIENT

OLLABORATIVE ANALYSIS

UNDER CONTROL AND CONTINUOUSLY

ELIABLE INTEROPERABILITY

NHANCE COURCE OF ACTION

23
Key Takeaways

24
Benefits

25