Threat Intelligence plays a key role in secure and efficient business operations, no matter the size and scale of your organization. Businesses are consistently under cyber-attack, yet to poor visibility into their environment, majority of these attacks go undetected until it is too late, with most businesses end up closing within 6 months of a breach or compromise. By identifying where your organization is exposed and vulnerable to cyber-attacks, and understanding the business risks associated with these may mean the difference between surviving closing your doors forever.
Some cyber-threat events that occur may affect you directly such as the WannaCry ransomware that propagated through the internet and internal networks of several large organizations by exploiting unpatched vulnerabilities. Even though WannaCry occurred in 2017, many organizations are still vulnerable to the EternalBlue, EternalRomance and DoublePulsar exploits used to deliver the ransomware. It is possible these organizations are unaware of these unpatched systems within their environment, and through poor patch management and governance processes perhaps these and other legacy systems have been forgotten. Regardless of the reason this could still be an attack vector used by threat actors to gain a foot hold within your organization.
Other events such as supply chain attacks may also negatively impact on your operations. Examples of this would include the website card-skimming activities of a threat actor group known as MageCart. MageCart was attributed with the 2018 credit card breach of TicketMaster UK, British Airways and many more through the a vulnerable third-party plugin used on all victim’s websites. First the plugin developer was compromised, and when this update was downloaded and installed, this allowed MageCart to capture user details from payments forms. Just by having this plugin loaded on a payment page was enough to allow MageCart to capture the payment details before they were submitted for credit card processing.
The key to protecting you organization is simply awareness of external cyber threats and campaigns that are active in the wild and what is occurring internally within your organization. This awareness provides insight into the cyber-threat landscape, as well as the vulnerabilities, exploits and Tools, Techniques and Procedures (TTPs) threat actor are using, and helps identify security controls that can mitigate any exposure or risk to your IT infrastructure and brand.
The NIST Cyber Security Framework provides a means to structure the Threat Intelligence process for an effective program within your organization.
- Identify – Critical assets including People, Process and Technologies within your organization that may be exposed to risk and what types of threats are they are vulnerable to.
- Protect – Apply security controls to mitigate any gaps within your existing security controls
- Detect – Develop means and processes to detect when your organization or brand is at risk
- Respond –Support internal teams including SOC Analysts and Incident Response teams during cyber investigations
- Recover – Communicate findings to various stakeholders through Intelligence Advisories and identify improvements in overall Threat Intelligence process.
InfoTransec can assist to develop or improve your existing Cyber Threat Intelligence (CTI) program, to provide your organization with Strategic, Operational, Tactical, and Technical Intelligence based on the risks and threats your organization is exposed to. This knowledge plays a significant role to empower organizations in taking proactive steps to enhance their security posture towards these threats.