Threat intelligence is the techniques used to gather information about both potential and actual security threats within a network.
Threat intelligence helps security professionals to better identify and analyze security events and improve on incident handling.
This information is publicly available to anyone on the Internet.
Threat actors uses various tools and techniques to gather OSINT data about their targets using the Internet.
Threat actors can use this information to look for a potential vulnerability.
Security engineers can use this information to secure their infrastructure and improve their policies.
Examples OSINT sources are:
Job websites
Social media
Forums
Vulnerability databases
Dark web
WHOIS lookup
DNS records
A threat map is a real-time map which provides a graphical visualization of threat that are happening on the Internet.
Security organization uses data that is gathered from various security sensors around the world to create threat feeds.
The threat feeds are then presented on the threat map to display the malware, source and destination, the type of threat, country and so on.
Indicators of compromises are used to identify any malicious activities or threats on a system
When a security sensor detects a threat, it sends the data to a Security Information and Event Management (SIEM) system.
Structured Threat Information eXpression (STIX) is a standard used to identify and indicator of compromise on a system or network.
Trusted Automated eXchange of Intelligence Information (TAXII) is a standard used to exchange the threat intelligence information with other systems.
Automated Indicator Sharing (AIS) is a system which is used by the U.S. Federal government and private sector for exchanging threat intelligence.
Security professionals uses various trusted sources to gather information about new and emerging threats on the Internet.
Vendor websites - The vendor websites usually contains the security disclosure of known security issues that affect their products
Vulnerability feeds - These are security news feeds which provide information on new vulnerabilities as they are found by the security community.
Conferences - There are many security conferences where security researchers discusses new vulnerabilities, malware and hacking techniques.
Academic journals - There are many persons within the academic field who provide a lot of research data on various security threats and cyber-attacks.
Threat actors are the persons who are responsible for a threat or cyber-attack.
APTs are special hacking groups which ensure they cyber-attacks are very stealthy.
APTs are very difficult to be detected.
APTs are designed to remain on the network while further exploiting systems and exfiltrating data.
This is an attacker who is within the organization's network.
They are already behind the organization's security controls and can direct attack any vulnerable machines.
Sometimes a disgruntled employee can create a cyber-threat which may affect the entire organization's network.
This type of hackers are hired by the government
Their job role is focused on nation security and performing hacks on another nation.
They well-funded and has the best hacking tools to develop Advanced Persistent Threats (APTs) malware to infect their targets.
This term is a combination between a hacker and an activist.
They usually use their hacking skills to serve either a political or social agenda.
Some of their actions may include defacing website, creating denial of service attacks, disclosure of confidential documents and so on.
The script kiddies are the type which usually download hacking tools and follow tutorials or instructions on how to perform certain cyber-attacks.
Scripts kiddies often does not understand how the hacking tools work or what is really happening.
However their actions can cause a lot of harm on a system or network.
These types of hacker as well-funded to acquire the best hacking tools money can buy.
Their motivation is financial gain
Group of hacker where each person has their own role and duties during the attack.
White Hat - These are security professionals who uses their hacking skills to help organizations secure their systems and networks.
Black Hat - These are hackers who uses their skills for malicious purposes.
Gray Hat - This type of hacker uses their skills for both good and bad intentions.
This is the technique to using systems, devices and applications without authorization from the IT department.
Competitors are always looking for many ways to ensure their opponents in the business industry loose reputation
Creates a competitive advantage to gain new customers
Sometimes a competitor may hire a hacker to exfiltrate confidential data from another company or even leak financial records on the Internet.
Threat vectors are simply defined as the areas at which a system or network can be compromised by a threat actor.
Direct access
Wireless
Supply chain
Social media
Removable media
Cloud