Academic journal article Journal of International Technology and Information Management

Cyber Security, Threat Intelligence: Defending the Digital Platform

Academic journal article Journal of International Technology and Information Management

Cyber Security, Threat Intelligence: Defending the Digital Platform

Article excerpt

ABSTRACT

Network breaches are happening at a phenomenal scale. The unabated exponential level is forcing enterprise systems to scramble for solutions since the world is so interconnected and digitized and the internet knows no boundaries. Due to big data explosion, the platform for attackers to work continues to grow. Most breached entities are not aware that they have been compromised for weeks but finds out after an external audit or a third party notifies the organizations. Since most networks will be breached at some point, it is proper to note that legacy platforms will no longer stand a chance to defend against the signature-less attacks. This study will create threat awareness, find out capabilities of threat actors, their motivations and objectives and identify best practices.

KEYWORDS: Breaches, Exploits, Network Security, Threats, Vulnerabilities.

INTRODUCTION

Enterprise systems have high value information that are valuable and vital to its existence and survival. The battleground is defined. In today's networked interconnectivity, more than 500,000 new malware variants surface on a regular basis. Most of these are polymorphic malware and are cryptic to bypass latest detection tools in the market [Gallagher, 2014; Weimer, 2014]

As cyber exploitations become more sophisticated, cyber espionage become the "digital gold" for hackers. Breaches exact expensive toll on victims, in terms of money and time. These costs often do not appear as line items on enterprise financial statements. The reason could be that the costs are often indirect, resulting in wasted resources and missed opportunities. The average data breach cost U.S. organizations approximately $6.5 million [4]. This estimates cost include but not limited to costs incurred in detecting, responding and mitigating to a breach. Time lost is a concern as organizations analyze attacks coming from malicious insiders, malicious codes, and web-based attacks, denial of service, stolen devices, phishing, social engineering, malware, botnets, virus, worms and Trojans [Clover 2014; Greenburg 2014].

Breaches in 2015, witnessed a growing number of disruptive attacks from foreign actors. Some of these attacks came from Crypto Locker who hold data for ransom and threaten to release, delete, damage, add malicious code to a sources code repository [Vaughan, 2015].

Advanced Persistence Threats [APTs] are escalating to a magnitude unheard in the past. These threats have been a nuisance in the cyber world and have been very daunting. Advanced exploits are routinely used to penetrate perimeter defenses by circumventing signature based anti-virus technologies and compromising endpoints and servers. Several entities have expressed difficulties detecting and identifying these layers because of the stealthy nature of the threats. Advanced threats are normally well organized and are formidable adversary that target specific goals for exploitations. Enterprise systems, nation states and individuals exploited by advanced threats are at the receiving end of a military attack and should mitigate the risk to avoid unrecoverable damages [Schmidt et.al 2012].

Some of the most potent weapons used by cyber actors include the following, Zero-day, APT Tactic, Zeus Trojan [Zbot], Stuxnet, Malicious Computer Worm, Duqu, Flame, RATs [Remote Access Trojan], GhOst RAT, Shell Shock also known as Bashdoor. Exploitation of software vulnerabilities give access to attackers by enabling them to bypass security perimeter. These mentioned threats are examples of anomalies that are very difficult to detect by the signature detection baseline tools. The concern behind these anomalies is that there are no immediate patch mechanisms for early detection in real time that the breached organization may implement to prevent systems and network from becoming victims [Gallagher 2014; Weimer, 2014].

Stuxnet as mentioned earlier is a worm designed to target only specific Siemens SCADA (industrial control) systems. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.