Reverse Deception: Organized Cyber Threat Counter-Exploitation (76 page)

Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online

Authors: Sean Bodmer

Tags: #General, #security, #Computers

BOOK: Reverse Deception: Organized Cyber Threat Counter-Exploitation
8.19Mb size Format: txt, pdf, ePub
Actions
Well rehearsed, ad hoc, random, controlled versus uncontrolled
Attack origination points
Outside, inside, single point, diverse points
Numbers involved in attack
Solo, small group, big group
Knowledge source
Chat groups, web, oral, insider knowledge, espionage

 

It is legal to develop behavioral indicators of specific malicious IP addresses versus individuals. With respect to the preceding points of personality, it is very possible to observe malicious IP addresses with a standard operating procedure, method of entry, and goals or objectives. This information, when analyzed across large enterprises such as government networks, can show which areas of the production network need to be protected in order to increase defensive posture and protection levels.

Analyst Workflow
   It is important for an analyst to adhere to a clearly documented workflow to completely cover every aspect of the operational, intelligence, and technical impact of an attack against a production network. The workflow looks like this:

Event triage
        
Validation/threat assessment
Confirmation of the event of threat
Case overview
        
Assessments
            
History/hotspots
Correlation of prior activity to this network segment
            
Nature of information targeted
The observable goal of the attacker
            
Victim system functionality
Evaluation of the system that was affected
Attack
        
Vulnerability/exploit
Evaluation of the injection vector used by the attacker

Other books

The Last Magician by Janette Turner Hospital
Dating Big Bird by Laura Zigman
To Brew or Not to Brew by Joyce Tremel
A Fatal Debt by John Gapper
Loser's Town by Daniel Depp
It Began with Babbage by Dasgupta, Subrata