Skip to main content
SpringerLink
Log in

Threats and Threat Intelligence

  • Chapter
  • First Online:
Guide to Cybersecurity in Digital Transformation

Part of the book series: Advances in Information Security ((ADIS,volume 103 ))

Abstract

Digital technologies used in digital transformation are essential for every industrial, public, and private organization. In industry, the automation with its connectedness has revolutionized the economic situation of work through the transition of the fourth technological wave, termed Industry 4.0. However, this also enables various types of threat event attacks. Therefore, this chapter introduces us to the virtual world of Threats and Threat Intelligence. The intention of threat event attacks is to inflict harm, intruding viruses, worms, malicious code, and others, to get unauthorized access to computer systems, networks, infrastructure resources, and others, misusing or manipulating operational tasks. Threat event attacks also tries to shut down targeted computer systems, networks, infrastructure resources, and others, making it inaccessible to regular operation tasks or users, which can be achieved by a Denial of Service attack or others, through flooding the targeted object with traffic, or sending it information that triggers a crash. Sometimes, targeted organizations incorporate threat data feeds as simple indicator of artifacts in their systems and/or networks that present a stream of information, e.g., on anomalies in their data flows but not knowing what to do with this additional data. For some reason, they potentially put an additional burden on analysts to decide what to consider dangerous and what to ignore. However, an important prerequisite is that the analysts have the appropriate tools in order to be able to make such decisions at all, which is a reason using Threat Intelligence. Threat Intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject’s response to that menace or hazard” [1]. In this regard, Threat Intelligence is knowledge that allows preventing or mitigating threat event attacks rooting in data, like who is attacking and what is their motivation and capabilities to get better information for decision-making about the potential cybersecurity risks. In this context, threat perception describes an essential capability and estimated intention to vulnerability and opportunity to really executing the threat event attack(s). Therefore, a solid understanding of the impact and potential consequences of threat event attacks is required, to cyber secure mission critical computer systems, networks, infrastructure resources, and others. This requires a detailed analysis of well-known and documented threat event attacks, which may cause a loss of confidentiality, integrity, and availability, as described in the CIA Triad (see Sect. 1.6.2) of computer systems and data it stores or processes that finally reveal identifiable interactions or dependency patterns. Such recognizable interactions or patterns require further study to highlight their specifications, their severity, and impact and, if possible, to develop a method to reveal them before executed. In this context, Threat Intelligence addresses these issues making use of machine learning (see Chap. 8) to automate data collection and processing unstructured data from disparate sources and connect them by providing context on Indicators of Compromise (IoC) and Tactics, Techniques and Procedures (TTP) of threat event actors. Therefore, Chap. 2 introduces to Threats, Threat Events and –Intensions, Threat Event Types and their Cybersecurity Risk Level, the Likelihood and Consequence Level, and Risk Management and Risk Analysis in Sect. 2.1. Section 2.2 refers to Threat Intelligence, taking into account the problem of Known-Knowns, Known-Unknowns, and Unknown-Unknowns, Digital Forensic and Threat Intelligence platforms. Furthermore, Sect. 2.2 introduces, besides Threat Intelligence in Threat Event Attack Profiling, Threat Event Lifecycle and Threat Intelligence Sharing and Management Platforms. Section 2.3 contains comprehensive questions from the topics Threats and Threat Intelligence, followed by “References” with references for further reading.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. McMillan, R.: Definition: Threat Intelligence. Gartner Research 2013

    Google Scholar 

  2. https://www.executech.com/insights/top-15-types-of-cybersecurity-attacks-how-to-prevent-them/ (Accessed 12.2022)

  3. Lehto, M., Phenomena in the Cyber World. In: Cyber Security: Analytics, Technologies and Automation, Lehto, M., Neitaanmaki, P. (Eds.), Spinger Publ. 2015

    Google Scholar 

  4. M. Goodman “Future Crimes”, Penguin Random House, 2016

    Google Scholar 

  5. T. J. Holt, B. H. Schell, “Hackers and Hacking“, ABC-CLIO Press, 2013

    Google Scholar 

  6. M. Sikorski, A. Honig, “Practical Malware Analysis”, No Starch Press, 2012

    Google Scholar 

  7. https://www.imperva.com/learn/application-security/insider-threats/ (Accessed 12.2022)

  8. https://techtarget.com/searchcontentmanagement/definition/brandjacking (Accessed 12.2022)

  9. Shaw, E., Ruby, K.G., Post, J.M.: The Insider Threat to Information Systems: The Psychology of the Dangerous Insider. In: Security Awareness Bulletin, Vol. 2, pp. 1–10, 1998

    Google Scholar 

  10. https://www.pratum.com/services/it-risk-management/risk-assessment (Accessed 12.2022)

  11. Miller, B., Rowe, D.: A Survey SCADA of and Critical Infrastructure Incidents. In: Proceedings 1st ACM Annual Conference on Research in Information Technology, pp. 51–56, 2012

    Google Scholar 

  12. Möller, D.P.F.: Cybersecurity in Digital Transformation: Scope and Applications. Springer Nature 2020

    Google Scholar 

  13. Langner, R.: Stuxnet: Dissecting a Cyberwarfare Weapon. In: IEEE Security and Privacy, Vol. 9 No.3, pp. 49–51, 2011

    Google Scholar 

  14. Information Security: Guide to Conducting Risk Assessment. NIST Special Publication 800-30, CODEN: NSPUE2, 2012

    Google Scholar 

  15. Tucci, L.: What is Risk Management and Why it is so Important. Tech Target Report, 2021

    Google Scholar 

  16. Shafer, G.: Perspectives on the Theory and Practice of Belief Functions. In: International Journal of Approximate Reasoning, Vol. 4, pp. 323–362, 1990

    Google Scholar 

  17. https://www.iso.org/obp/ui/std:iso:3100ed-2v1:en (Accessed 12.2022)

  18. Robertson, J., Diab, A., Martin, E., Nunes, E., Paliath, V., Shakarian, J., Skakarian, P.: Darkweb Cyber Threat Intelligence Mining. In: Cambridge University Press, 2017

    Google Scholar 

  19. Borum, R., Felker, J., Kern, S., Demnesen, K., Feyes, T.: Strategic Cyber Intelligence. In: Information and Computer Security, Vol. 23, No. 3, pp. 317–332, 2015

    Google Scholar 

  20. https://malpedia.caad.fkie.fraunhofer.de/usage/tos (Accessed 12.2022)

  21. https://malshare.com/about.php (Accessed 12.2022)

  22. https://www.misp-projectorg/galaxy.html (Accessed 12.2022)

  23. https://socradar.io/what-is-operational-cyber-threat-intelligence/ (Accessed 12.2022)

  24. https://nvd.nist.gov/ (Accessed 12.2022)

  25. https://cve.mitre.org/ (Accessed 12.2022)

  26. https://www.mitre.org/sites/default/files/publications/stix.pdf (Accessed 12.2022)

  27. https://oasis-open.github.io/cti-documentation Accessed 12.2022)

  28. Mavroeidis, V., Bromander, S.: Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence. In: Proceedings European Intelligence and Security Informatics Conference, pp. 91–98, 2017

    Google Scholar 

  29. Casey, T.: Understanding Cyber Threat Motivations to Improve Defense. Intel White Paper, 2015

    Google Scholar 

  30. Fishbach, A., Ferguson, M.J.: The Goal Construct in Social Psychology. In: A. W Kruglanski, E. T. Higgins (Eds.) Social Psychology: Handbook of Basic Principles, pp. 490–515, The Guilford Press, 2007

    Google Scholar 

  31. Bromander, S., Josang, A., Eian, M.: Semantic Cyber threat Modeling. In: STIGDS, pp. 74–78, 2016

    Google Scholar 

  32. SANS, Security Intelligence: Attacking the Cyber Kill Chain. https://digital-forensics.sans.org/blog/2009/10/14/security.intelligence-attacking-the-kill-chain/ (Accessed 12.2022)

  33. Wrightson, T.: Advanced Persistent Threat Hacking: The Art and Science of Hacking any Organization. McGraw-Hill, 2010

    Google Scholar 

  34. van Haaster, j., Gevers, R., Spengers, M.: Cyber Guerillas. Elsevier Publ., 2016

    Google Scholar 

  35. O. Al-Ibrahim, A. Mohaisen, C. Kamhoua, K. Kwiat, L. Njilla, “Beyond Free Riding: Quality of Indicators for Accessing Participation in Information Sharing for Threat Intelligence”. Technical Report University at Buffalo and Air Force Research Lab, 2017 https://arxiv.org/abs/1702.00552 (Accessed 12.2022)

  36. C. Sillaber, C. Sauerwein, A. Mussmann, R. Breu, “Data Quality Challenges and Future Research Directions in Threat Intelligence Sharing Practice”. In: Proceedings ACM Workshop on Information Sharing and Collaborative Security, pp. 65–70, 2016

    Google Scholar 

  37. G. Sharkov, “From Cybersecurity to Collaborative Resiliency” In: Proceedings ACM Workshop on Automated Decision Making for Active Cyber Defense, pp. 3–9, 2016

    Google Scholar 

  38. D. Bekerman, B. Shapira, L. Rkach, A. Bar, “Unknown Malware Detection Using Network Traffic Classification”. In: Proceeding IEEE Conference on Communications and Network Security (CNS), pp. 134–142, 2015

    Google Scholar 

  39. Fogla, P., Sharif, M., Perdisci, R., Kolesssnikov, O., Lee, W.: Polymorphic Blending Attacks. In: Proceedings 15th UNSENIX Security Symposium, pp. 241–256, 2006

    Google Scholar 

  40. Duessel, P.: Detection of Unknown Cyber Attacks Using Convolution Kernels over Attributed Language Models. PhD Thesis University of Bonn, Germany, 2018

    Google Scholar 

  41. Zia, T., Liu, P., Han, W.: Application Specific Digital Forensic Investigative Model in Internet of Things (IoT). In: Proceedings ACM-ARES Conference, 2017 https://doi.org/10.1145/3098954.310404 (Accessed 12.2022)

  42. Okreafor, K., Djhaiche, R.: A Review of Application Challenges of Digital Forensic. In: International Journal of Simulation Systems, Science & technology, pp.36.1–36.6, 2020. https://doi.org/10.5013/IJSSST.a.21.02.35

  43. https://cyware.com/educational-guides/cyber-threat-intelligence/what-is-open-indicators-of-compromise-openioc-framework-ed9d (Accessed 12.2022)

  44. Lock, H.Y.: Using IOC (Indicators of Compromise) in Malware Forensi. SANS Institute, 2019

    Google Scholar 

  45. https://stixproject.github.io/documentation/idioms/campaign-v-actors/ (Accessed 12.2022)

  46. https://www.anomali.com/de/what-are-stix-taxii (Accessed 12.2022)

  47. Struse, R., Wunder, J., Davidson, M., Jordan, B.: TAXITM Version 2.0 Working Draft 02. OASIS Open, 2017

    Google Scholar 

  48. https://www.oasis-open.org/news/pr/cybersecurity-companies-demo-support-for-stix-and-taxii-standards-for-automated-threat-intel?platform=hootsuite (Accessed 12.2022)

  49. Dehghantanha, A., Dargahi, M. (Eds.): Cyber Threat Intelligence. Springer Publ., 2015

    Google Scholar 

  50. Thames, L., Schaefer, D.: Cybersecurity for Industry 4.0 and Advanced Manufacturing Environments with Ensemble Intelligence. In: L. Thames and D. Schaefer, (Eds.): Cybersecurity for Industry 4.0 – Analysis for Design and Manufacturing, pp. 243–65, Springer Nature 2017

    Google Scholar 

  51. Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Contract 79F296400, 1980

    Google Scholar 

  52. Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy. Technical Report, Department of Computer Engineering, Chalmers University of Technology, 2000

    Google Scholar 

  53. Ghorbani, A.A., Lu, W., Tavallee, M.: Network Intrusion Detection and Prevention Concepts and Prevention. Springer Publ. 2010

    Google Scholar 

  54. Khor, K.C., Ting, C.Y., Amnuaisuk, S.P.: From Feature Selection to Building of Bayesian Classifiers: A Network Intrusion Detection Perspective. In: Am. J. Appl. Sci. Vol. 6, pp. 1949–1960, 2009

    Google Scholar 

  55. Zhang, J., Porras, P., Ullrich, J.: Gaussian Process Learning for Cyber-Attack Early Warning. In: Proceedings SIAM International Conference in Data Mining, pp. 255–264, 2008

    Google Scholar 

  56. Brown, S., Gommers, J., Serrano, O.: From Cybersecurity Information Sharing to Threat Management. In:Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, pp. 343–49, 2015

    Google Scholar 

  57. Poputa-Clean, P.: Automated Defense _ Using Threat Intelligence to Augment Security. Technical Report, SANS Institute InfoSec, 2015

    Google Scholar 

  58. Pace, C.: The Threat Intelligence Handbook – A Practical Guide for Security Teams to Unlocking the Power of Intelligence. Cyberedge Press 2018

    Google Scholar 

  59. Gupta, B.B, Agrawal, D.P., Wang, H. (Eds.): Computer and Cybersecurity: Principles, Applications, Algorithms, and Perspectives, CRC Press, 2019

    Google Scholar 

  60. Zibak, A., Simpson, A.: Cyber Threat Information Sharing: Perceived Benefits and Barriers. In. Proceeding ARES Conference, 2019. https://doi.org/10.1145/3339252.3340528 (Accessed 12.2022)

  61. Appala, S., Cam-Winger, N., McGraw, D., Verman, J.: An Actionable Threat Intelligence System: Using a Publish-Subscribe Communications Model. In: proceedings 2nd ACM Workshop on Information sharing and Collaborative Security, pp.61–70, 2015. https://doi.org/10.1145/2808128.2808131 (Accessed 12.2022)

Download references

Author information

Authors and Affiliations

  1. Clausthal University of Technology, Clausthal-Zellerfeld, Germany

    Dietmar P. F. Möller

Authors
  1. Dietmar P. F. Möller
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Möller, D.P.F. (2023). Threats and Threat Intelligence. In: Guide to Cybersecurity in Digital Transformation. Advances in Information Security, vol 103 . Springer, Cham. https://doi.org/10.1007/978-3-031-26845-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-26845-8_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-26844-1

  • Online ISBN: 978-3-031-26845-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation