Scribd Logo
Upload

Welcome to Scribd!

  • Sy0 601 02

    Uploaded by

    linuxandra rafii
    9 views21 pages

    Original Title

    sy0-601-02

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views21 pages

    Sy0 601 02

    Uploaded by

    linuxandra rafii

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    Lesson 2

    Explaining Threat Actors and Threat Intelligence


    Topic 2A
    Explain Threat Actor Types and Attack Vectors

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 2
    Syllabus Objectives Covered

    • 1.5 Explain different threat actors, vectors and intelligence sources

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 3
    Vulnerability, Threat, and Risk

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 4
    Attributes of Threat Actors

    • Known threats versus adversary behaviors


    • Internal/external
    • Intent/motivation
    • Maliciously targeted versus opportunistic
    • Accidental/unintentional
    • Level of sophistication
    • Resources/funding
    • Adversary capability levels

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 5
    Hackers, Script Kiddies, and Hacktivists

    • The “Lone Hacker”


    • White hats versus black hats versus gray hats
    • Authorized versus non-authorized versus semi-authorized
    • Script kiddies
    • Hacker teams and hacktivists

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 6
    State Actors and Advanced Persistent Threats

    • State-backed groups
    • Attached to military/secret
    services
    • Highly sophisticated
    • Advanced Persistent Threat (APT)
    • Espionage and strategic advantage
    • Deniability
    • False flag operations

    Screenshot used with permission from fireeye.com.

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 7
    Criminal Syndicates and Competitors

    • Criminal syndicates
    • Operate across legal jurisdictions
    • Motivated by criminal profit
    • Can be very well resourced and funded
    • Competitors
    • Cyber espionage
    • Combine with insider threat

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 8
    Insider Threat Actors

    • Malicious insider threat


    • Has or has had authorized access
    • Employees, contractors, partners
    • Sabotage, financial gain, business advantage
    • Unintentional insider threat
    • Weak policies and procedures
    • Weak adherence to policies and procedures
    • Lack of training/security awareness
    • Shadow IT

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 9
    Attack Surface and Vectors

    • Attack surface
    • Points where an attacker can discover/exploit vulnerabilities in a
    network or application
    • Vectors
    • Direct access
    • Removable media
    • Email
    • Remote and wireless
    • Supply chain
    • Web and social media
    • Cloud

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 10
    Threat Actor Types and Attack Vectors

    Review Activity

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 11
    Topic 2B
    Explain Threat Intelligence Sources

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 12
    Syllabus Objectives Covered

    • 1.5 Explain different threat actors, vectors and intelligence sources

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 13
    Threat Research Sources

    • Counterintelligence
    • Tactics, techniques, and
    procedures (TTPs)
    • Threat research sources
    • Academic research
    • Analysis of attacks on customer
    systems
    • Honeypots/honeynets
    • Dark nets and the dark web

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 14
    Threat Intelligence Providers

    • Narrative analysis and commentary


    • Reputation/threat data feeds—cyber threat intelligence (CTI)
    • Platforms and feeds
    • Closed/proprietary
    • Vendor websites
    • Public/private information sharing centers
    • Open source intelligence (OSINT) threat data sources
    • OSINT as reconnaissance and monitoring

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 15
    Other Threat Intelligence Research Sources

    • Academic journals
    • Conferences
    • Request for Comments (RFC)
    • Social media

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 16
    Tactics, Techniques, and Procedures and Indicators of
    Compromise
    • Tactics, Techniques, and Procedures (TTPs)
    • Generalized statement of adversary behavior
    • Campaign strategy and approach (tactics)
    • Generalized attack vectors (techniques)
    • Specific intrusion tools and methods (procedures)
    • Indicator of compromise (IoC)
    • Specific evidence of intrusion
    • Individual data points
    • Correlation of system and threat data
    • AI-backed analysis
    • Indicator of attack (IoA)

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 17
    Threat Data Feeds

    • Structured Threat Information


    exchange (STIX)
    • Trusted Automated Exchange
    of Indicator Information (TAXII)
    • Automated Indicator Sharing
    (AIS)
    • Threat maps
    • File/code repositories
    Icon images © Copyright 2016 Bret Jordan. Licensed under the Creative Commons Attribution-
    • Vulnerability databases and ShareAlike (CC BY-SA) License, Version 4.0. (freetaxii.github.io/stix2-icons.html.

    feeds

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 18
    Artificial Intelligence and Predictive Analysis

    • Correlation between security intelligence/event monitoring and threat data


    • Artificial intelligence (AI) and machine learning (ML)
    • Expert systems
    • Artificial neural networks (ANN)
    • Inputs, outputs, and feedback
    • Objectives and error states
    • Predictive analysis
    • Threat forecasting
    • Monitor “chatter”

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 19
    Threat Intelligence Sources

    Review Activity

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 20
    Lesson 2
    Summary

    CompTIA Security+ Lesson 2 | Copyright © 2020 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 21

    You might also like