Know Thy EnemyKnow thy enemy and know yourself; in a hundred battles, you will never be defeated. When you are ignorant of the enemy but know yourself, your chances of winning or losing are equal. If ignorant both of your enemy and of yourself, you are sure to be defeated in every battle. — Sun Tzu, The Art of War In cybersecurity, how well do you really know your enemy and yourself? This is definitely a difficult task given the nature of the threat landscape and how organizations have adopted remote work and migrated to the cloud. Threat actors have many tactics and techniques they use to target people within the organization. And the accessibility of Google and LinkedIn makes it easy for them to conduct quick research on key people, people who might have privileges and their network. Proofpoint Threat Research shows that threat actors are targeting people rather than infrastructure. Consider that more than 99% of threats need some sort of human interaction to trigger them. So, to build a successful security program today, you need to understand who is targeting you and your people, how, and what their objectives are. Threat Actor Tracking in Targeted Attack Protection (TAP)Proofpoint recently released a new feature within TAP called Threat Actor Tracking. It helps you understand the dynamics of threat actors, their objectives, techniques and tools, and the people they’re targeting. You can also see how specific threat actors’ behaviors change over time based on how they are targeting people within the organization. This visibility can help organizations adhere to the advice given by Sun Tzu centuries ago by allowing them to know their enemy — and know themselves better, too. For example, if a threat actor targets a specific user or group of users in your organization, you would know who those users are and who the threat actor is. And you’d be able to understand the following, as well:
Now, let’s take a look how this feature appears in the TAP Dashboard. To navigate to Threat Actor Tracking in the Targeted Attack Protection dashboard, simply go to threatinsight.proofpoint.com. From there, you can click the “Reports” button on the left-hand side and then click the “Threat Actor Tracking” tab inside the dashboard.  Figure 1. Threat Actor Tracking Dashboard On the main page, you’ll be able to see all the threat actors targeting your organization. Each threat actor is assigned an attack index score based on the volume of threats, type of threats and severity of the threat actor. This is similar to how we calculate the Attack Index for Very Attacked People™ (VAPs). Figure 2. Threat Actor Profile Dashboard Next, you can click on each threat actor profile to get a detailed description of the actor, the tactics and techniques they use, their motivations, the attack progression, the long-term trends, and the people in your organization they’re targeting. We’re very excited about this new feature release and the additional visibility it will provide to our customers. Threat Actor Tracking will help them prioritize additional remediation steps. Some of these steps could include but aren’t limited to:
Learn moreWant to use our unique insights to improve your organization’s security? Learn more about Proofpoint TAP here.
A threat actor is any inside or external attacker that could affect data security. Anyone can be a threat actor from direct data theft, phishing, compromising a system by vulnerability exploitation, or creating malware. Security infrastructure detects, contains, and eradicates threat actors and their various attacks.
There are several types of threat actors, people who build malware and perform attacks on your infrastructure and applications. Typically, each type has a specific goal, whether it’s financial or simply to destroy your data. Understanding the different types of threat actors helps you build better detection methods and investigate possible attacks.
The type of threat actor targeting your business also has specific motivations. The motivation might not seem important when you build security infrastructure, but understanding attackers helps you develop better planning. The security tools you install are built to defend against specific attacks and target specific threat actors. For many attackers, the primary focus is financial gain. Ransomware is a valuable tool for threat actors to extort money from targeted businesses and governments. Ransomware targeting individuals may demand a few hundred dollars in Bitcoin, while ransomware targeting businesses and governments typically demands millions in payment. Once ransomware encrypts files, businesses cannot recover their data without either paying the ransom or restoring files from backups. Ransomware is common and effective, so security infrastructure must be built to detect and stop ransomware. Political motivation fuels state-sponsored attackers and cyber terrorists. These motivations might have an element of financial gain, but the main goal is to disrupt business services and cause harm to governments. Attackers are usually outside the country they are targeting, so they are hard to locate, investigate, and indict on criminal charges. Some attackers do it entirely for fun or research. Finding vulnerabilities in software is a job for some threat actors, but these white hat hackers will not cause harm intentionally. White hat hackers inform organisations when a vulnerability is found to help them identify issues and patch their systems before attackers steal data. Attackers who do it for fun use the same methods as other attackers but can do enough damage to impact business productivity. Threat actors hacking for fun might also want notoriety, making them easier to target if they leave a calling card. Others do it for revenge, which could lead to better identification if the attacker makes mistakes and leaves an audit trail. Most attackers aim to hide their activities, but attackers seeking revenge or notoriety might purposely leave information about themselves. Motivations may overlap, too. State-sponsored attackers might do it for political purposes but also might want financial gain. Ransomware can extort businesses and governments for millions of dollars, but it also cripples business productivity and can potentially shut down governments for weeks.
Because most attacks are financially motivated, threat actors target businesses and governments with plenty of money to pay ransoms or ones that can pay to get their data back. Some threat actors target individuals, but these attacks rely on volume instead of targeting quality businesses with plenty of revenue. Attackers know that individuals have fewer funds than businesses. Most attacks like ransomware target individuals and ask for small amounts. Threat actors also target individuals for financial data or identity theft. Businesses and individuals must be aware of threats, but businesses are specifically targeted for large data breaches and high ransom payments. Small and large businesses are targets of threat actors. Unlike individuals, businesses also have numerous employees and contractors who contribute to the risks of a data breach due to human error. Insider threats often cause a data breach or ransomware infection, but external threat actors using various vectors are also a cause for data breaches. Threat actors take more time to target specific businesses, often performing reconnaissance to gather information about a target before launching an attack. For example, threat actors use spear-phishing techniques to improve their chances of compromising a high-privileged user account or trick an accounting person into sending money to the attacker. An attacker could be a disgruntled employee, an employee paid off by a competitor to steal data, or an external threat actor attempting a compromise for a data breach. Governments are targets for state-sponsored threat actors, using the same exploits as threat actors targeting businesses, but these attackers have better monetary backing and usually work in groups. They are just as dangerous and can cause severe downtime for government agencies, aiming to disrupt country infrastructure and harm residents.
Security infrastructure is expensive, but being the victim of a data breach is even more expensive. Most businesses store customer information and have at least one compliance regulation that they must follow. Being non-compliant comes at a high cost of paying fines should the business become the victim of a data breach from a non-compliant vulnerability. Most compliance regulations require organisations to have reasonably secure infrastructure to protect consumer data. Losing data and paying for non-compliance violations are not the only two consequences of ignoring threat actors. After a data breach, the damage to your brand could have long-term consequences. If consumers lose trust in your brand, the organisation could see a drop in customer sales and a loss in customer loyalty. Litigation costs are also long-term as class action and consumer lawsuits are a real possibility. These lawsuits could last years after the initial data breach. Data protection requires daily updates and continual maintenance. Cybersecurity infrastructure must stay updated because the cybersecurity landscape changes daily, and threat actors continue to change their methods to overcome current defences. Threat intelligence systems focus on the evolution of cybersecurity and changes in threat actor methods. These systems are integral for proper defences for any organisation to ensure that their data is protected from current and future threats.
Current cybersecurity standards advise corporations to transition from a reactive approach to data security to a more proactive approach. Proactive controls monitor, detect, and automatically contain a threat before it leads to a data breach. Older security models gave information to analysts to review a possible data breach, but intrusion detection, prevention, and monitoring are much better at lowering risks and keeping data secure.
|
Why does a threat actor target you or your Organisation?
zusammenhängende Posts
Urheberrechte © © 2024 frojeostern Inc.
