Cyber threat intelligence /
"This book describes the intelligence techniques and models used in cyber threat intelligence. It provides a survey of ideas, views and concepts, rather than offering a hands-on practical guide. It is intended for anyone who wishes to learn more about the domain, possibly because they wish to d...
Saved in:
| Main Author: | |
|---|---|
| Format: | Electronic eBook |
| Language: | English |
| Published: |
Hoboken, New Jersey :
John Wiley & Sons, Inc.,
[2023]
|
| Subjects: | |
| Online Access: | CONNECT |
MARC
| LEADER | 00000cam a2200000 i 4500 | ||
|---|---|---|---|
| 001 | in00006388746 | ||
| 006 | m o d | ||
| 007 | cr cnu---unuuu | ||
| 008 | 221004s2023 enka ob 001 0 eng | ||
| 005 | 20230719131420.7 | ||
| 010 | |a 2022047003 | ||
| 019 | |a 1376385580 | ||
| 020 | |a 9781119861768 |q electronic book | ||
| 020 | |a 1119861764 |q electronic book | ||
| 020 | |a 9781119861751 |q electronic book | ||
| 020 | |a 1119861756 |q electronic book | ||
| 020 | |a 9781119861775 |q electronic book | ||
| 020 | |a 1119861772 |q electronic book | ||
| 020 | |z 9781119861744 |q hardcover | ||
| 020 | |z 1119861748 | ||
| 024 | 7 | |a 10.1002/9781119861775 |2 doi | |
| 035 | |a 1WRLDSHRon1353818639 | ||
| 035 | |a (OCoLC)1353818639 |z (OCoLC)1376385580 | ||
| 037 | |a 9781119861744 |b O'Reilly Media | ||
| 040 | |a DLC |b eng |e rda |c DLC |d OCLCF |d YDX |d ORMDA |d DG1 |d UKAHL |d SFB | ||
| 042 | |a pcc | ||
| 049 | |a TXMM | ||
| 050 | 0 | 4 | |a TK5105.59 |b .L47 2023 |
| 082 | 0 | 0 | |a 005.8/7 |2 23/eng/20221205 |
| 100 | 1 | |a Lee, Martin |c (Computer security expert), |e author. | |
| 245 | 1 | 0 | |a Cyber threat intelligence / |c Martin Lee. |
| 264 | 1 | |a Hoboken, New Jersey : |b John Wiley & Sons, Inc., |c [2023] | |
| 300 | |a 1 online resource (xx, 284 pages) : |b illustrations (some color) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 504 | |a Includes bibliographical references and index. | ||
| 520 | |a "This book describes the intelligence techniques and models used in cyber threat intelligence. It provides a survey of ideas, views and concepts, rather than offering a hands-on practical guide. It is intended for anyone who wishes to learn more about the domain, possibly because they wish to develop a career in intelligence, and as a reference for those already working in the area. The origins of this book lie in an awkward dinner conversation. On one side of the table was myself, a software engineer who had fallen into the domain of cyber security more or less by accident. On the other was a uniformed senior military intelligence officer. A shared professional interest in cyber threat intelligence had led to us being invited to the same event"-- |c Provided by publisher. | ||
| 588 | |a Description based on online resource; title from digital title page (viewed on April 25, 2023). | ||
| 505 | 0 | |a Cover -- Title Page -- Copyright Page -- Contents -- Preface -- About the Author -- Abbreviations -- Endorsements for Martin Lee's Book -- Chapter 1 Introduction -- 1.1 Definitions -- 1.1.1 Intelligence -- 1.1.2 Cyber Threat -- 1.1.3 Cyber Threat Intelligence -- 1.2 History of Threat Intelligence -- 1.2.1 Antiquity -- 1.2.2 Ancient Rome -- 1.2.3 Medieval and Renaissance Age -- 1.2.4 Industrial Age -- 1.2.5 World War I -- 1.2.6 World War II -- 1.2.7 Post War Intelligence -- 1.2.8 Cyber Threat Intelligence -- 1.2.9 Emergence of Private Sector Intelligence Sharing -- 1.3 Utility of Threat Intelligence -- 1.3.1 Developing Cyber Threat Intelligence -- Summary -- References -- Chapter 2 Threat Environment -- 2.1 Threat -- 2.1.1 Threat Classification -- 2.2 Risk and Vulnerability -- 2.2.1 Human Vulnerabilities -- 2.2.1.1 Example -- Business Email Compromise -- 2.2.2 Configuration Vulnerabilities -- 2.2.2.1 Example -- Misconfiguration of Cloud Storage -- 2.2.3 Software Vulnerabilities -- 2.2.3.1 Example -- Log4j Vulnerabilities -- 2.3 Threat Actors -- 2.3.1 Example -- Operation Payback -- 2.3.2 Example -- Stuxnet -- 2.3.3 Tracking Threat Actors -- 2.4 TTPs -- Tactics, Techniques, and Procedures -- 2.5 Victimology -- 2.5.1 Diamond Model -- 2.6 Threat Landscape -- 2.6.1 Example -- Ransomware -- 2.7 Attack Vectors, Vulnerabilities, and Exploits -- 2.7.1 Email Attack Vectors -- 2.7.2 Web-Based Attacks -- 2.7.3 Network Service Attacks -- 2.7.4 Supply Chain Attacks -- 2.8 The Kill Chain -- 2.9 Untargeted versus Targeted Attacks -- 2.10 Persistence -- 2.11 Thinking Like a Threat Actor -- Summary -- References -- Chapter 3 Applying Intelligence -- 3.1 Planning Intelligence Gathering -- 3.1.1 The Intelligence Programme -- 3.1.2 Principles of Intelligence -- 3.1.3 Intelligence Metrics -- 3.2 The Intelligence Cycle -- 3.2.1 Planning, Requirements, and Direction. | |
| 505 | 8 | |a 3.2.2 Collection -- 3.2.3 Analysis and Processing -- 3.2.4 Production -- 3.2.5 Dissemination -- 3.2.6 Review -- 3.3 Situational Awareness -- 3.3.1 Example -- 2013 Target Breach -- 3.4 Goal Oriented Security and Threat Modelling -- 3.5 Strategic, Operational, and Tactical Intelligence -- 3.5.1 Strategic Intelligence -- 3.5.1.1 Example -- Lazarus Group -- 3.5.2 Operational Intelligence -- 3.5.2.1 Example -- SamSam -- 3.5.3 Tactical Intelligence -- 3.5.3.1 Example -- WannaCry -- 3.5.4 Sources of Intelligence Reports -- 3.5.4.1 Example -- Shamoon -- 3.6 Incident Preparedness and Response -- 3.6.1 Preparation and Practice -- Summary -- References -- Chapter 4 Collecting Intelligence -- 4.1 Hierarchy of Evidence -- 4.1.1 Example -- Smoking Tobacco Risk -- 4.2 Understanding Intelligence -- 4.2.1 Expressing Credibility -- 4.2.2 Expressing Confidence -- 4.2.3 Understanding Errors -- 4.2.3.1 Example -- the WannaCry Email -- 4.2.3.2 Example -- the Olympic Destroyer False Flags -- 4.3 Third Party Intelligence Reports -- 4.3.1 Tactical and Operational Reports -- 4.3.1.1 Example -- Heartbleed -- 4.3.2 Strategic Threat Reports -- 4.4 Internal Incident Reports -- 4.5 Root Cause Analysis -- 4.6 Active Intelligence Gathering -- 4.6.1 Example -- the Nightingale Floor -- 4.6.2 Example -- the Macron Leaks -- Summary -- References -- Chapter 5 Generating Intelligence -- 5.1 The Intelligence Cycle in Practice -- 5.1.1 See it, Sense it, Share it, Use it -- 5.1.2 F3EAD Cycle -- 5.1.3 D3A Process -- 5.1.4 Applying the Intelligence Cycle -- 5.1.4.1 Planning and Requirements -- 5.1.4.2 Collection, Analysis, and Processing -- 5.1.4.3 Production and Dissemination -- 5.1.4.4 Feedback and Improvement -- 5.1.4.5 The Intelligence Cycle in Reverse -- 5.2 Sources of Data -- 5.3 Searching Data -- 5.4 Threat Hunting -- 5.4.1 Models of Threat Hunting -- 5.4.2 Analysing Data. | |
| 505 | 8 | |a 5.4.3 Entity Behaviour Analytics -- 5.5 Transforming Data into Intelligence -- 5.5.1 Structured Geospatial Analytical Method -- 5.5.2 Analysis of Competing Hypotheses -- 5.5.3 Poor Practices -- 5.6 Sharing Intelligence -- 5.6.1 Machine Readable Intelligence -- 5.7 Measuring the Effectiveness of Generated Intelligence -- Summary -- References -- Chapter 6 Attribution -- 6.1 Holding Perpetrators to Account -- 6.1.1 Punishment -- 6.1.2 Legal Frameworks -- 6.1.3 Cyber Crime Legislation -- 6.1.4 International Law -- 6.1.5 Crime and Punishment -- 6.2 Standards of Proof -- 6.2.1 Forensic Evidence -- 6.3 Mechanisms of Attribution -- 6.3.1 Attack Attributes -- 6.3.1.1 Attacker TTPs -- 6.3.1.2 Example -- HAFNIUM -- 6.3.1.3 Attacker Infrastructure -- 6.3.1.4 Victimology -- 6.3.1.5 Malicious Code -- 6.3.2 Asserting Attribution -- 6.4 Anti-Attribution Techniques -- 6.4.1 Infrastructure -- 6.4.2 Malicious Tools -- 6.4.3 False Attribution -- 6.4.4 Chains of Attribution -- 6.5 Third Party Attribution -- 6.6 Using Attribution -- Summary -- References -- Chapter 7 Professionalism -- 7.1 Notions of Professionalism -- 7.1.1 Professional Ethics -- 7.2 Developing a New Profession -- 7.2.1 Professional Education -- 7.2.2 Professional Behaviour and Ethics -- 7.2.2.1 Professionalism in Medicine -- 7.2.2.2 Professionalism in Accountancy -- 7.2.2.3 Professionalism in Engineering -- 7.2.3 Certifications and Codes of Ethics -- 7.3 Behaving Ethically -- 7.3.1 The Five Philosophical Approaches -- 7.3.2 The Josephson Model -- 7.3.3 PMI Ethical Decision Making Framework -- 7.4 Legal and Ethical Environment -- 7.4.1 Planning -- 7.4.1.1 Responsible Vulnerability Disclosure -- 7.4.1.2 Vulnerability Hoarding -- 7.4.2 Collection, Analysis, and Processing -- 7.4.2.1 PRISM Programme -- 7.4.2.2 Open and Closed Doors -- 7.4.3 Dissemination -- 7.4.3.1 Doxxing -- 7.5 Managing the Unexpected. | |
| 505 | 8 | |a 7.6 Continuous Improvement -- Summary -- References -- Chapter 8 Future Threats and Conclusion -- 8.1 Emerging Technologies -- 8.1.1 Smart Buildings -- 8.1.1.1 Software Errors -- 8.1.1.2 Example -- Maroochy Shire Incident -- 8.1.2 Health Care -- 8.1.2.1 Example -- Conti Attack Against Irish Health Sector -- 8.1.3 Transport Systems -- 8.2 Emerging Attacks -- 8.2.1 Threat Actor Evolutions -- 8.2.1.1 Criminal Threat Actors -- 8.2.1.2 Nation State Threat Actors -- 8.2.1.3 Other Threat Actors -- 8.3 Emerging Workforce -- 8.3.1 Job Roles and Skills -- 8.3.2 Diversity in Hiring -- 8.3.3 Growing the Profession -- 8.4 Conclusion -- References -- Chapter 9 Case Studies -- 9.1 Target Compromise 2013 -- 9.1.1 Background -- 9.1.2 The Attack -- 9.2 WannaCry 2017 -- 9.2.1 Background -- 9.2.1.1 Guardians of Peace -- 9.2.1.2 The Shadow Brokers -- 9.2.1.3 Threat Landscape -- Worms and Ransomware -- 9.2.2 The Attack -- 9.2.2.1 Prelude -- 9.2.2.2 Malware -- 9.3 NotPetya 2017 -- 9.3.1 Background -- 9.3.2 The Attack -- 9.3.2.1 Distribution -- 9.3.2.2 Payload -- 9.3.2.3 Spread and Consequences -- 9.4 VPNFilter 2018 -- 9.4.1 Background -- 9.4.2 The Attack -- 9.5 SUNBURST and SUNSPOT 2020 -- 9.5.1 Background -- 9.5.2 The Attack -- 9.6 Macron Leaks 2017 -- 9.6.1 Background -- 9.6.2 The Attack -- References -- Index -- EULA. | |
| 500 | |a O'Reilly Online Learning Platform: Academic Edition (SAML SSO Access) |5 TMurS | ||
| 650 | 0 | |a Cyber intelligence (Computer security) | |
| 650 | 0 | |a Cyberterrorism |x Prevention. | |
| 650 | 0 | |a Cyberspace operations (Military science) | |
| 730 | 0 | |a WORLDSHARE SUB RECORDS | |
| 776 | 0 | 8 | |i Print version: |a Lee, Martin |t Cyber threat intelligence |d Oxford, UK ; Hoboken, NJ, USA : Wiley, 2023 |z 9781119861744 |w (DLC) 2022047002 |
| 856 | 4 | 0 | |u https://go.oreilly.com/middle-tennessee-state-university/library/view/-/9781119861744/?ar |z CONNECT |3 O'Reilly |t 0 |
| 902 | |a in00006388746 | ||
| 949 | |a ho0 | ||
| 994 | |a 92 |b TXM | ||
| 998 | |a wi |d z | ||
| 999 | f | f | |s c9459c7e-4b7d-4ad8-8f3b-d1bf6050a661 |i ec0d20fc-7c95-492a-b4a7-ae739a265d51 |t 0 |
| 952 | f | f | |a Middle Tennessee State University |b Main |c James E. Walker Library |d Electronic Resources |t 0 |e TK5105.59 .L47 2023 |h Library of Congress classification |
