Abstract
Digital technologies used in digital transformation are essential for every industrial, public, and private organization. In industry, the automation with its connectedness has revolutionized the economic situation of work through the transition of the fourth technological wave, termed Industry 4.0. However, this also enables various types of threat event attacks. Therefore, this chapter introduces us to the virtual world of Threats and Threat Intelligence. The intention of threat event attacks is to inflict harm, intruding viruses, worms, malicious code, and others, to get unauthorized access to computer systems, networks, infrastructure resources, and others, misusing or manipulating operational tasks. Threat event attacks also tries to shut down targeted computer systems, networks, infrastructure resources, and others, making it inaccessible to regular operation tasks or users, which can be achieved by a Denial of Service attack or others, through flooding the targeted object with traffic, or sending it information that triggers a crash. Sometimes, targeted organizations incorporate threat data feeds as simple indicator of artifacts in their systems and/or networks that present a stream of information, e.g., on anomalies in their data flows but not knowing what to do with this additional data. For some reason, they potentially put an additional burden on analysts to decide what to consider dangerous and what to ignore. However, an important prerequisite is that the analysts have the appropriate tools in order to be able to make such decisions at all, which is a reason using Threat Intelligence. Threat Intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject’s response to that menace or hazard” [1]. In this regard, Threat Intelligence is knowledge that allows preventing or mitigating threat event attacks rooting in data, like who is attacking and what is their motivation and capabilities to get better information for decision-making about the potential cybersecurity risks. In this context, threat perception describes an essential capability and estimated intention to vulnerability and opportunity to really executing the threat event attack(s). Therefore, a solid understanding of the impact and potential consequences of threat event attacks is required, to cyber secure mission critical computer systems, networks, infrastructure resources, and others. This requires a detailed analysis of well-known and documented threat event attacks, which may cause a loss of confidentiality, integrity, and availability, as described in the CIA Triad (see Sect. 1.6.2) of computer systems and data it stores or processes that finally reveal identifiable interactions or dependency patterns. Such recognizable interactions or patterns require further study to highlight their specifications, their severity, and impact and, if possible, to develop a method to reveal them before executed. In this context, Threat Intelligence addresses these issues making use of machine learning (see Chap. 8) to automate data collection and processing unstructured data from disparate sources and connect them by providing context on Indicators of Compromise (IoC) and Tactics, Techniques and Procedures (TTP) of threat event actors. Therefore, Chap. 2 introduces to Threats, Threat Events and –Intensions, Threat Event Types and their Cybersecurity Risk Level, the Likelihood and Consequence Level, and Risk Management and Risk Analysis in Sect. 2.1. Section 2.2 refers to Threat Intelligence, taking into account the problem of Known-Knowns, Known-Unknowns, and Unknown-Unknowns, Digital Forensic and Threat Intelligence platforms. Furthermore, Sect. 2.2 introduces, besides Threat Intelligence in Threat Event Attack Profiling, Threat Event Lifecycle and Threat Intelligence Sharing and Management Platforms. Section 2.3 contains comprehensive questions from the topics Threats and Threat Intelligence, followed by “References” with references for further reading.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
McMillan, R.: Definition: Threat Intelligence. Gartner Research 2013
https://www.executech.com/insights/top-15-types-of-cybersecurity-attacks-how-to-prevent-them/ (Accessed 12.2022)
Lehto, M., Phenomena in the Cyber World. In: Cyber Security: Analytics, Technologies and Automation, Lehto, M., Neitaanmaki, P. (Eds.), Spinger Publ. 2015
M. Goodman “Future Crimes”, Penguin Random House, 2016
T. J. Holt, B. H. Schell, “Hackers and Hacking“, ABC-CLIO Press, 2013
M. Sikorski, A. Honig, “Practical Malware Analysis”, No Starch Press, 2012
https://www.imperva.com/learn/application-security/insider-threats/ (Accessed 12.2022)
https://techtarget.com/searchcontentmanagement/definition/brandjacking (Accessed 12.2022)
Shaw, E., Ruby, K.G., Post, J.M.: The Insider Threat to Information Systems: The Psychology of the Dangerous Insider. In: Security Awareness Bulletin, Vol. 2, pp. 1–10, 1998
https://www.pratum.com/services/it-risk-management/risk-assessment (Accessed 12.2022)
Miller, B., Rowe, D.: A Survey SCADA of and Critical Infrastructure Incidents. In: Proceedings 1st ACM Annual Conference on Research in Information Technology, pp. 51–56, 2012
Möller, D.P.F.: Cybersecurity in Digital Transformation: Scope and Applications. Springer Nature 2020
Langner, R.: Stuxnet: Dissecting a Cyberwarfare Weapon. In: IEEE Security and Privacy, Vol. 9 No.3, pp. 49–51, 2011
Information Security: Guide to Conducting Risk Assessment. NIST Special Publication 800-30, CODEN: NSPUE2, 2012
Tucci, L.: What is Risk Management and Why it is so Important. Tech Target Report, 2021
Shafer, G.: Perspectives on the Theory and Practice of Belief Functions. In: International Journal of Approximate Reasoning, Vol. 4, pp. 323–362, 1990
https://www.iso.org/obp/ui/std:iso:3100ed-2v1:en (Accessed 12.2022)
Robertson, J., Diab, A., Martin, E., Nunes, E., Paliath, V., Shakarian, J., Skakarian, P.: Darkweb Cyber Threat Intelligence Mining. In: Cambridge University Press, 2017
Borum, R., Felker, J., Kern, S., Demnesen, K., Feyes, T.: Strategic Cyber Intelligence. In: Information and Computer Security, Vol. 23, No. 3, pp. 317–332, 2015
https://malpedia.caad.fkie.fraunhofer.de/usage/tos (Accessed 12.2022)
https://malshare.com/about.php (Accessed 12.2022)
https://www.misp-projectorg/galaxy.html (Accessed 12.2022)
https://socradar.io/what-is-operational-cyber-threat-intelligence/ (Accessed 12.2022)
https://nvd.nist.gov/ (Accessed 12.2022)
https://cve.mitre.org/ (Accessed 12.2022)
https://www.mitre.org/sites/default/files/publications/stix.pdf (Accessed 12.2022)
https://oasis-open.github.io/cti-documentation Accessed 12.2022)
Mavroeidis, V., Bromander, S.: Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence. In: Proceedings European Intelligence and Security Informatics Conference, pp. 91–98, 2017
Casey, T.: Understanding Cyber Threat Motivations to Improve Defense. Intel White Paper, 2015
Fishbach, A., Ferguson, M.J.: The Goal Construct in Social Psychology. In: A. W Kruglanski, E. T. Higgins (Eds.) Social Psychology: Handbook of Basic Principles, pp. 490–515, The Guilford Press, 2007
Bromander, S., Josang, A., Eian, M.: Semantic Cyber threat Modeling. In: STIGDS, pp. 74–78, 2016
SANS, Security Intelligence: Attacking the Cyber Kill Chain. https://digital-forensics.sans.org/blog/2009/10/14/security.intelligence-attacking-the-kill-chain/ (Accessed 12.2022)
Wrightson, T.: Advanced Persistent Threat Hacking: The Art and Science of Hacking any Organization. McGraw-Hill, 2010
van Haaster, j., Gevers, R., Spengers, M.: Cyber Guerillas. Elsevier Publ., 2016
O. Al-Ibrahim, A. Mohaisen, C. Kamhoua, K. Kwiat, L. Njilla, “Beyond Free Riding: Quality of Indicators for Accessing Participation in Information Sharing for Threat Intelligence”. Technical Report University at Buffalo and Air Force Research Lab, 2017 https://arxiv.org/abs/1702.00552 (Accessed 12.2022)
C. Sillaber, C. Sauerwein, A. Mussmann, R. Breu, “Data Quality Challenges and Future Research Directions in Threat Intelligence Sharing Practice”. In: Proceedings ACM Workshop on Information Sharing and Collaborative Security, pp. 65–70, 2016
G. Sharkov, “From Cybersecurity to Collaborative Resiliency” In: Proceedings ACM Workshop on Automated Decision Making for Active Cyber Defense, pp. 3–9, 2016
D. Bekerman, B. Shapira, L. Rkach, A. Bar, “Unknown Malware Detection Using Network Traffic Classification”. In: Proceeding IEEE Conference on Communications and Network Security (CNS), pp. 134–142, 2015
Fogla, P., Sharif, M., Perdisci, R., Kolesssnikov, O., Lee, W.: Polymorphic Blending Attacks. In: Proceedings 15th UNSENIX Security Symposium, pp. 241–256, 2006
Duessel, P.: Detection of Unknown Cyber Attacks Using Convolution Kernels over Attributed Language Models. PhD Thesis University of Bonn, Germany, 2018
Zia, T., Liu, P., Han, W.: Application Specific Digital Forensic Investigative Model in Internet of Things (IoT). In: Proceedings ACM-ARES Conference, 2017 https://doi.org/10.1145/3098954.310404 (Accessed 12.2022)
Okreafor, K., Djhaiche, R.: A Review of Application Challenges of Digital Forensic. In: International Journal of Simulation Systems, Science & technology, pp.36.1–36.6, 2020. https://doi.org/10.5013/IJSSST.a.21.02.35
https://cyware.com/educational-guides/cyber-threat-intelligence/what-is-open-indicators-of-compromise-openioc-framework-ed9d (Accessed 12.2022)
Lock, H.Y.: Using IOC (Indicators of Compromise) in Malware Forensi. SANS Institute, 2019
https://stixproject.github.io/documentation/idioms/campaign-v-actors/ (Accessed 12.2022)
https://www.anomali.com/de/what-are-stix-taxii (Accessed 12.2022)
Struse, R., Wunder, J., Davidson, M., Jordan, B.: TAXITM Version 2.0 Working Draft 02. OASIS Open, 2017
https://www.oasis-open.org/news/pr/cybersecurity-companies-demo-support-for-stix-and-taxii-standards-for-automated-threat-intel?platform=hootsuite (Accessed 12.2022)
Dehghantanha, A., Dargahi, M. (Eds.): Cyber Threat Intelligence. Springer Publ., 2015
Thames, L., Schaefer, D.: Cybersecurity for Industry 4.0 and Advanced Manufacturing Environments with Ensemble Intelligence. In: L. Thames and D. Schaefer, (Eds.): Cybersecurity for Industry 4.0 – Analysis for Design and Manufacturing, pp. 243–65, Springer Nature 2017
Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Contract 79F296400, 1980
Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy. Technical Report, Department of Computer Engineering, Chalmers University of Technology, 2000
Ghorbani, A.A., Lu, W., Tavallee, M.: Network Intrusion Detection and Prevention Concepts and Prevention. Springer Publ. 2010
Khor, K.C., Ting, C.Y., Amnuaisuk, S.P.: From Feature Selection to Building of Bayesian Classifiers: A Network Intrusion Detection Perspective. In: Am. J. Appl. Sci. Vol. 6, pp. 1949–1960, 2009
Zhang, J., Porras, P., Ullrich, J.: Gaussian Process Learning for Cyber-Attack Early Warning. In: Proceedings SIAM International Conference in Data Mining, pp. 255–264, 2008
Brown, S., Gommers, J., Serrano, O.: From Cybersecurity Information Sharing to Threat Management. In:Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, pp. 343–49, 2015
Poputa-Clean, P.: Automated Defense _ Using Threat Intelligence to Augment Security. Technical Report, SANS Institute InfoSec, 2015
Pace, C.: The Threat Intelligence Handbook – A Practical Guide for Security Teams to Unlocking the Power of Intelligence. Cyberedge Press 2018
Gupta, B.B, Agrawal, D.P., Wang, H. (Eds.): Computer and Cybersecurity: Principles, Applications, Algorithms, and Perspectives, CRC Press, 2019
Zibak, A., Simpson, A.: Cyber Threat Information Sharing: Perceived Benefits and Barriers. In. Proceeding ARES Conference, 2019. https://doi.org/10.1145/3339252.3340528 (Accessed 12.2022)
Appala, S., Cam-Winger, N., McGraw, D., Verman, J.: An Actionable Threat Intelligence System: Using a Publish-Subscribe Communications Model. In: proceedings 2nd ACM Workshop on Information sharing and Collaborative Security, pp.61–70, 2015. https://doi.org/10.1145/2808128.2808131 (Accessed 12.2022)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Möller, D.P.F. (2023). Threats and Threat Intelligence. In: Guide to Cybersecurity in Digital Transformation. Advances in Information Security, vol 103 . Springer, Cham. https://doi.org/10.1007/978-3-031-26845-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-26845-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-26844-1
Online ISBN: 978-3-031-26845-8
eBook Packages: Computer ScienceComputer Science (R0)