ThreatConnect Unveils The Most Common Threat Personas in Cyber Security

ThreatConnect Unveils The Most Common Threat Personas in Cyber Security
10.04.2017 10:00 am

ThreatConnect Unveils The Most Common Threat Personas in Cyber Security

Security and Compliance , Security

Recognising that security operations and threat intelligence are not one-size-fits-all, Ian Schenkel, Head of EMEA Operations at ThreatConnect, provider of the industry’s only intelligence-driven and extensible security platform, examines some of the top threat personas that organisations are defending against.

It is the duty of security operations directors to ensure that they have complete visibility into their security posture. With threat actors’ tactics evolving all the time, a comprehensive and flexible threat response is a must – neither governments nor enterprises can afford to leave the back door open. So what are the top threat personas that organisations need to be wary of?

·         State sponsored hackers – These are the big dogs. The anonymity of web-based attacks means that nation-states can achieve their more ethically questionable aims via puppet actors, making it extremely difficult to prove links between individual hacks and state-sponsored campaigns.

However, state-sponsored hackers are sometimes identifiable by their attack patterns and dedication to a specific target. They’re a tenacious breed - if you think you’re being targeted by a state-backed hacker (and aren’t a conspiracy theorist), you should be ready for a long struggle to throw them off.

·         Ideological attackers – these threat actors, for example the hackers that targeted Dyn DNS systems, are intent on propagating their views with noisy, public attacks - website defacements and DDoS attacks, for example.

If after this sort of petulant demonstration they feel their message is not being heard, then they may look for a more spectacular platform upon which to propagate their doctrines. For some, that means espionage activity or strategic leaks of confidential documents in support of a broader information operations campaign; for others, it might simply mean a particularly mean series of insults on Twitter…

·         Criminally motivated – Criminals have always been attracted to an easy buck, so it’s hardly a surprise that they’d take advantage of the way technology has evolved to fill our lives. So for example, malware with moderate antivirus detection that only looks for credit card data and point of sale services may indicate a moderately resourced attacker who is likely criminally motivated.

That’s a fairly well-prepared example. As well as the slightly bumbling phishing emails we’ve all encountered, cyber criminals can also come in two particularly dangerous forms:

o    A) The silent attacker – cyber criminals may lay silently within an enterprise for months, biding their time until it’s the right moment to attack. Since some malware can edit its code once installed to mask its presence, these quiet lurkers embed themselves on a network to gather sensitive data in secret, either extracting personal details or monitoring communications, constantly feeding the results back while they wait for the opportune moment to strike.

o    B) Sophisticated cyber criminals - on other occasions, the strategy of threat actors transitions from watching to attack. The tools in use are getting to sci-fi levels of sophistication. Highly resourced fraudsters can now use custom malware that surreptitiously replicates itself to thumbdrives to jump air-gapped networks and automatically looks for and collects documents with the keyword “SECRET”. Anything you try to hide is all the more likely to be found.

Not all adversaries are created equal and intent is rarely consistent across the board. For example, if your adversary is driven by espionage then you wouldn’t expect to see any defacement or ransomware activity. Instead, you need to be wary of sensitive information leaving your network.

Organisations that have a strong understanding of their adversaries and can develop persona-based intelligence capabilities will be better placed to automate their security operations, mitigate threats faster and adapt more quickly. Many question whether adversary intelligence is really a must-have, but knowing what they are up against will allow organisations to build more comprehensive mitigation strategies at a tactical level.


Related News

Speechmatics and Veritone Unveil Availability of Secure Transcription as a Cognitive Service Within Veritone’s aiWARE Government Operating System for AI

Speechmatics, a UK leader in any-context speech recognition technology has announced that... Read more »

The CFO SUMMIT XXXVIII Will Be taking place in San Diego, US

This marcus evans premium summit will look at how CFOs must take a proactive approach to pursuing growth while mitigating risk. The CFO ... Read more »

Kompli-Global helps companies expose bad actors within their customer base

Every major organisation in the United Kingdom has customers that are up to no good, potentially with criminal intentions. Fraudsters and money launderers are clever and, once... Read more »

NICE Actimize launches advanced SURVEIL-X Conduct risk capabilities to uncover employee misconduct and market abuse

With more employees working from home or remote sites, financial services organizations (FSOs) are facing new compliance and regulatory challenges.

Read more »

Kroll adds consumer credit monitoring to suite of UK data breach notification services

Kroll, a division of Duff & Phelps, a global leader in risk mitigation, investigations,... Read more »

RegTech and SupTech: Innovation, Evolution and FCA development

In the latest episode of the RegTech 20:20 podcast from... Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel