CYBER THREAT

“Cyber Threat Intelligence (CTI) is the gathering of information from various sources
about current or potential threats to an organization .”

OR
“Cyber Threat Intelligence is at its core, a structured analysis of the threat.”

CYBER
“Widespread interconnected digital network- not just internet”
This term was first coined by science fiction author William Gibson in his short story
"Burning Chrome" and later popularized in his novel "Neuromancer." Gibson used the
term to describe a virtual environment where communication and interaction between
computer systems occur. Over time, the term has been adopted to refer to the entire
interconnected digital realm of computers, networks, and online interactions.

WEB LAYERS: CYBER THREAT:

A cyber threat (also known

as a cyber security threat)
is a malicious act that seeks
to damage data, steal data,
or disrupt digital life in
general.
 CYBER THREAT INTELLIGENCE
Threat intelligence, or cyber threat intelligence, is information an organization uses to
understand the threats that have, will, or are currently targeting the organization. This
info is used to prepare, prevent, and identify cyber threats looking to take advantage of
valuable resources.

Data: Raw, unprocessed facts or figures. In the context of cyber

threat intelligence, data can include things like logs, network traffic,
or lists of known vulnerabilities.

Information: Data that has been processed, organized, or

contextualized to provide meaning or relevance. In cyber threat
intelligence, information could be a summary of recent security
incidents, a report on emerging threats, or analysis of patterns in
attack techniques.

Intelligence: Insights derived from analyzing information to

understand threats, predict potential risks, and inform decision-
making. In the realm of cyber threat intelligence, intelligence
involves understanding the motivations, capabilities, and tactics
of threat actors, as well as identifying vulnerabilities and potential
targets.
The principles of intelligence
Organizations use cyber threat intelligence in four main ways:

1. Predict: They use strategic threat intelligence to forecast upcoming threats before they
happen. This helps them plan ahead and avoid potential problems.
2. Prevent: They utilize threat intelligence to stop incidents from occurring in the first place.
For example, they can use information about malware signatures to update their
systems and block potential attacks.
3. Detect: They rely on intelligence to identify threats as they emerge or even ones that are
already lurking in their networks. This includes tactics, techniques, and procedures
(TTPs) that can help them hunt down threats.
4. Respond: When an incident does occur, organizations use intelligence to guide their
response. This could involve insights into how threat actors operate and what steps the
organization should take to limit the damage.

How cyber threat intelligence (CTI) is applied within an organization

1. Security Operations Center (SOC):

• CTI enriches SOC operations by providing up-to-date information on emerging threats,
tactics, and indicators of compromise (IOCs).
• SOC analysts use CTI to detect and respond to security incidents more effectively,
enabling proactive threat hunting and rapid incident response.
2. Incident Response (IR):
• CTI supports IR by providing contextual information about the nature and scope of an
incident, including the tactics, techniques, and procedures (TTPs) used by threat actors.
• IR teams leverage CTI to assess the severity of incidents, prioritize response efforts, and
develop effective remediation strategies.
3. Patch and Vulnerability Management:
• CTI informs patch and vulnerability management by identifying vulnerabilities actively
exploited in the wild and providing insights into emerging threats.
• By prioritizing patches based on threat intelligence, organizations can allocate resources
more effectively and reduce their exposure to cyber threats.
4. Human Resources (HR):
• CTI helps HR teams understand the evolving threat landscape and the potential risks
associated with employee behavior, such as phishing scams or social engineering
attacks.
• HR can use CTI to develop tailored training programs, raise awareness about emerging
threats, and promote best practices for cybersecurity hygiene among employees.
5. Business Risk Management (BRM):
• CTI provides insights into the specific threats and vulnerabilities that pose risks to the
organization's assets, operations, and reputation.
By integrating CTI into risk assessments and decision-making processes, BRM teams can
prioritize investments in security controls, allocate resources effectively, and align security
measures with business priorities.
 ACTIONABILITY

Threat intelligence that a decision maker can take action on

The roles and responsibilities of a CTI Analyst:

• Identifying organizational intelligence requirements
• Collecting relevant data and conducting all-source analysis to inform decision-
making process
• Identifying, monitoring, and assessing potential threats or weaknesses
• Validating that security qualifications and requirements are met
• Creating reports that highlight key findings for security teams and other members
of the organization
• Presenting findings to other teams and proposing counteractions to mitigate
threats

Hacker

A hacker is an individual who uses computer, networking or other skills to overcome a technical
problem. A hacker may, for example, steal information to hurt people via identity theft or bring
down a system and, often, hold it hostage in order to collect a ransom.

What are White-Hat, Gray-Hat and Black-Hat Hackers?

❖ A black-hat hacker is a person that illegally breaks into computer networks. They may be
aiming to steal log-in credentials, personal and bank information, modify or delete stolen
data, sell data on the dark web, or commit other malicious cybercrimes. A black-hat
hacker is most often acting for personal or financial gain, criminal intentions or employed
by rogue nations. A black-hat hacker will typically work alone or with other like-minded
hackers.
❖ A white-hat hacker or ethical hacker is a cybersecurity professional who finds
vulnerabilities in networks and software to secure weak spots. Their main objective is to
find and fix any security openings before black-hat hackers can get to them. Another
responsibility is to disclose vulnerabilities to software vendors so they can patch
customer systems. A white-hat hacker may be employed as a penetration tester or similar
profession, or they may work independently and freelance their skills.
❖ Gray-hat hackers are in the middle of the ethical spectrum. Not necessarily fueled by
malice, these hackers break into networks without permission to find vulnerabilities.
Some may be looking to profit by offering to fix the issue found. Some may hack into a
network just to see if they can. Oftentimes, gray-hat hackers will hold ransom a victim’s
personal information, but may or may not release it to the public. Gray-hat hackers
typically work alone or in small groups with like-minded hackers.
Types of black hat hackers:

1. NATION STATE ACTORS- Nation State Actors work for governments to disrupt or compromise
other target governments, organisations or individuals to gain access to intelligence or valuable
data. They have been known to create significant international incidents.
Generally speaking they can operate without fear of legal retribution in their home country and
are often part of 'hackers for hire' companies aligned to the aims of a government or dictatorship.
2. CYBER CRIMINALS- Cyber Criminals are individuals or teams of people who commit malicious
activities on networks and digital systems, with the intention of stealing sensitive organisation
data or personal data, and generating profit.
3. HACKTIVISTS- Hacktivists generally operate within the social or political sphere, breaking into
and causing damage to computer systems and networks.
Hacktivism is a combination of the words 'Hacking' and 'Activism'. One of the most (in)famous
hacktivist groups of recent times would have to be Anonymous

Attack vector OR Threat vector

In computer security, an attack vector is a specific path, method, or scenario that can be exploited to
break into an IT system, thus compromising its security.

Security controls

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security
risks to physical property, information, computer systems, or other assets.

Law & Ethics apply to CTI

Laws are structured rules that are used to govern society. Ethics are generally considered as moral
values that an individual may establish as their own personal rules to live by.

Law as it applies to CTI :

Relevant regulation includes: Human Rights Act 1998 (Article 8),Regulation of Investigatory Powers Act
2000 (RIPA), Computer Misuse Act 1990, Data Protection Act 1998 (DPA), Criminal Procedure and
Investigations Act 1996 (CPIA), Bribery Act 2010, and the Proceeds of Crime Act 2002 (POCA).