The Cybersecurity Threat Landscape
CMIT 495: Current Trends and Projects in Computer Networks and Security
[GROUP MEMBER NAMES]
Advanced Persistent Threats (APTs)
In current times, threats to information systems have increased in number and metamorphosed in terms of sophistication and ability to scale up security tools of various information systems. The situation is so dire that cases of organizational data breach have become part of the norm. Companies often suffer these attacks for an extended period without anyone in the organization realizing it. In such cases, the extent of damage to the organization is usually excellent and costly, given other circumstances that come hand in hand after incidences of data theft or disruption to normal operations. These include expensive litigation costs and compensation to damages caused to the organization’s clients, loss of trust from clients, partners, associates, and business failure. The natures of current attacks are carried out so that the intruder manages to infiltrate organizational information system infrastructure then proceeds to execute all manner of aggression for an extended period without being detected. These attacks are referred to as Advanced Persistent Threat (APT). These kinds of attacks are not that new. They have been around for the last few decades, but the execution has gradually changed to a more sophisticated edge. Given all these, it is essential to note that the malware is equally part of an APT attack.
Part 1: Threat Landscape Analysis
Today and in the future, the landscape of threats to information systems continues to grow in intensity since many people and systems are connected to mainstream systems daily. The challenge is also fueled by the arrival and exclusive use of new technologies that involve massive private data. Several threat analysis results have shown that organizations, government agencies, and even privately owned systems lag where they are supposed to be in cybersecurity. Even as we recognize that there is still a long way to go, there are various types of threats in place for a couple of decades and should have been faced out. Today, the challenge posed by nefarious cyber attackers operates in a broad scope. It ranges from global threats, proliferation, weapons of mass destruction, counterintelligence, terrorism to an organization, or individual targeting type of attacks, to mention a few.
According to the European Union Agency for Network and Information Security, the most acute threats that deserve global attention include threats posed by disgruntled employees, spam, data breaches or theft, and botnets. This is consistent with the last year’s (2019) ranking of cyber-related threats by the organization. However, other new types of threats are emerging and are likely to become extremely lethal due to their ability to metamorphose into other forms of threats. Some of these include crypto-jacking, which can be described as a type of malware that can hide inside an information system for some time while stealing computer resources without being detected by security tools in the system. As previously indicated, under the introduction of a section of this paper, the crypto-jacking form of cyber threats is APIs.
What has changed since the past year?
In the past year, the threat landscape has seen a lot of new things coming up. Even though the top four threats from the previous year remain the same, the ENISA Threat Landscape Report shows new threats to the list of top risks. Considering the list’s top ten threats as enumerated in the report, the previous year’s threats remain dominant in the current year’s threat landscape. However, there is a cryptojacking threat, which is now emerging in the current year’s threat landscape. The following is the summary table that compares the threat landscape in 2019 and 2020, as captured in the ENISA Threat Landscape Report.
|Comparing Threat Landscape of 2019 and 2020|
|Top Threats in 2019||Top Threats in 2020|
|Malware attacks Insider threats Web-based attacks Information leakage Ransomware Botnets Spam Phishing Cyber espionage Cryptojacking||Malware attacks Insider threats Phishing Cryptojacking Web-based attacks Information leakages Botnets Spam Cyber espionage Ransomware|
From the two threat landscapes compared above, it is evident that malware remains as the top cyber-related threat in both the years. Notably, the emerging threat –carjacking- which is a new threat in the landscape, is increasingly becoming a concern. From the previous year, it was ranked as the tenth most widespread threat. However, this has since changed to in the current year as it now ranks fourth in the list.
Common Tactics, Techniques, and Procedures to include Actor Types
Threat actors exist in mainly three types. These include hackers, insider threats, and state-sponsored attackers like what we usually suspect to be taking place between the United States and Russia and cybercriminals. Hackers can be individuals or organized groups that often attempt to compromise organizational systems for various reasons such as economic advantage, publicity, fun, and many other reasons (Li et al., 2019). They apply many tactics to accomplish their mission. Some of these include phishing, which is a type of social engineering where a legitimate system user is tricked into providing login credentials or credit card information unknowingly. They do these by sending malicious code to inform of an instant email message upon which, when clicked on, the user ends up transferring the login information to the attackers.
Another tactic that has been actively applied by the attackers is ransomware. This involves the computer information of a legitimate system user being held hostage until they pay a specified ransom to restore the computer information or file. Ransomware as a tactic is expected to grow in the coming days as reports show that it is increasingly becoming popular among the four types of threat actors. Back to hackers, it is also accurate to apply other techniques such as DDoS or vandalism, with the primary motivation being reputational damage. Tactics include compromising political websites or jamming news websites with falsehoods, among others.
On the other hand, state-sponsored actors involve groups of threat actors who act on behalf of a state to advance cyber espionage in another country. The activities of such groups are always funded by the governments they act for. The motivation is often to collect strategic intelligence and related information that can be of great significance when it comes to winning global political points and probably gain an advantage over the other. An example of a state-sponsored attack can be the 2016 Russian interference in the United States elections, where it is believed that a significant number of Russians used President Trump’s Campaign to infiltrate the entire electoral process of the United States (ENISA Threat Landscape Report 2019, 2020). Whether true or false, the aim was to ensure that the election’s credibility was called into question and hence raising eyebrows to the democratic process in the United States.
Finally, insider threat actors can either be deliberate, accidental, or completely unintentional. The threats in this category of actors are often expected when the information assurance program that is not enforced is weak. In the same way, phishing occurs; insider threats can also occur similarly by providing information by clicking a suspected email message. It also relates to the provision of sensitive information to an imposter claiming to be an IT representative on an email or phone.
Exploit Vectors, and Vulnerabilities Threat Actors take advantage of
There underlies a lot of vulnerabilities and vectors that threat actors occasionally exploit to their advantage. Some of the vulnerabilities presented by a number of the software include SQL injection, data encryption, missing authentication, and missing data encryption. Others include missing authorization, reliance on insecure inputs in a security plan, code download without regard to the laid down integrity checks, and frequent utilization of broken algorithms. We also have others like installing already infected software, bugs, URL leading to sites without standard security, and traversal directories (FireEye, 2014). The above provide easy attack routes to threat actors in varying degrees. There are those that may only permit certain types of threat actors and also to some extent, while others will permit every type of initially mentioned common threat actors and also to a greater extent. In summary, it is important to put in place a proactive, strong, dynamic, and ever-changing security program to seal off any system vulnerability that may occur.
Part 2: APT Analysis
Initially, we described the Advanced Persistent Threat using a scenario where an intruder manages to infiltrate organizational information system infrastructure then proceeds to execute all manner of attacks not limited to data theft for an extended period of time without being detected. These kinds of attacks are not that new. They have been around for the last few decades, but means of execution have gradually been changing to a more sophisticated edge. In view of all these, it is important to note that the malware attacks are equally part of the APT attack. There are many types of ATP. In this report, we will focus on ATP 28.
APT 28: and Tactics, Analysis, and Description
ATP28 is one of the advanced persistent threats that mainly embrace the traditional attack framework model. Many of the ATP28 attacks turn out to be ‘successful’ because of one main reason; the ability to carry out an elaborate reconnaissance on targets prior to actual intrusion, enumeration, and exploitation move where the primary objective is a long-term persistence that is essentially consistent with the rest of other types of advanced persistent threats. This unique characteristic of ATP28 is referred to as a spear-phishing approach and is normally lodged on targets of high-value. The spear-phishing tactic employed by the ATP28 involves registering system domain names that are similar to the genuine domain names. In the recent past, the ATP28 successfully registered domain names to many major military federations such as the North Atlantic Treaty Organization (NATO) and the eastern European government and militaries as well as the Caucasus.
The tools used and Objective of the APT
In the current times, threats to information systems have not only increased in number but also metamorphosed in terms of sophistication and ability to scale up security tools of various information systems. The situation is so dire to the extent that cases of organizational data breach have become part of the norm. Companies often suffer these attacks for an extended period of time without anyone in the organization realizing it. In such cases, the extent of damage to the organization is usually great and costly, given other circumstances that accompany such damages. These include expensive litigation costs and compensation to damages caused to the organization’s clients, loss of trust from clients, partners, and associates as well as the loss of business. The painful part of this equation is that the victims and potential targets lack the instruments and strategies to keep the threats out of their domains (Nicho, & Khan, 2014). Sincerely, even if the targets come up with top to bottom shields, most of the ATP types will always scale up such layers and launch an assault. Tools used to protect these systems from ATP type of attack must be of rigors above those of ATP features.
One of the system tools that can offer the necessary protection against ATP attacks is Honeypots, which is a PC framework that has perfected the art of trapping assailants. The tool is often installed in vulnerable situations so as allure aggressors. Honeypots direct assaults from authentic standpoints. Another reason for a gear network safety instrument is a Keylogger, which can be astounding in possession of an improper individual. Regardless, in possession of a white software engineer, it transforms into a contraption to screen Keystrokes that could incite an aggressor. While examining gear, we can moreover orchestrate any sort of confirmation to the systems as contraptions.
Part 3: Cybersecurity Tools, Tactics, and Procedures
Hardware-based and Software-based Cybersecurity TTP
Tools, tactics, and procedures transcend what can be forensically obtained from a given situation. Prior to an event, hackers usually undertake observation. However, this is an important stage but is often ignored due to a lack of exposure and discovery abilities. Furthermore, danger operators and innovative work and innovation often discover additional tools, tactics, and procedures of intrigue. Essentially, the Tools, tactics, and procedures help in recognizing assault vector. Network administrators have several tools at their disposal.
There is the intrusion detection system (IDS) as well as the intrusion prevention systems (IPS) that are placed either within or outside networks to carry out threat detection in ways such as spyware, viruses, worms, DDoS, among other types of attacks. The IDS, in its state of use, is passive; hence is placed inside a network or an information system to monitor and report abnormal behaviors to relevant entities (Why TTP are key in cyberintelligence, 2020). On the other hand, the IPS in its state of use is an active tool that is placed on the outside of a network or information system to prevent attacks from external sources (Top Computer Security Vulnerabilities, 2020). However, standard practice recommends using a multipronged defense mechanism that incorporates blacklisting IPs, prevention of data loss, spyware software, web browsing policies, and traffic proxies. Some other tools, such as firewalls and network access control (NAC) products, prevent external intrusion and enforcement of network security policy, respectively.
Hardware and Software Solutions deployed today in the context of defense-in-depth
Many organizations only think of hardware and software solutions in relation to defense in depth after suffering from cyber-related breaches. In many cases, threat actors target vulnerabilities in the system as well as blind spots that IDS and IPS may notably monitor and act on (Bauer, 2019). For a long time now, organizations have been focusing on providing security to their critical resources and perimeter protection of the organizational information system, not knowing that that failure to follow existing cybersecurity policies by employees has been another serious attack vector. Insider attacks pose a major risk to organizational cybersecurity arrangement because of the knowledge of vulnerabilities and blind spots existent in the information system. There are a number of defense in depth approaches that can be applied to address loopholes that still exist in organizations – especially the APTs ones. These include reading traffic patterns, setting an active baseline, equipment upgrade, beefing up the overall system and network security while at the same time enforcing the limits.
Why these devices are not successful against the APT28
The ATP oriented attacks still fin it possible to upscale the above-outlined defense-in-depth approaches. It is not because these strategies are ineffective but because the ATPs are executed over a long period of time hence uncover the underlying vulnerabilities and blind spots that may have by-passed the above approaches.
Part 4: Machine Learning and Data Analytics
Machine learning basically refers to the use of algorithms to model data for purposes of offering future predictions, trends, and a specific set of actions. The technology comprises of algorithm software that endeavors to detect and analyze patterns that reveal underlying attempts that seek the testing of malicious code. From a conceptual point of view, machine learning can be regarded as a branch of artificial intelligence. This assertion arises from the perspective that the machine learning software can make predictions about future events using data and use those predictions to determine network changes as well as information for purposes of keeping them more secure in the future.
When it comes to cybersecurity, machine learning is seen as an important technology that is believed to be providing essential automation necessary to secure networks and systems. As initially intimated, machine learning is packaged as a form of artificial intelligence. However, many people are concerned with its wide implementation, given the fact that it has dragged to provide a clear difference when it comes to explicit human interaction activities. On the same note, it is seen to be having solutions to many cybersecurity threats. Even though cybersecurity professionals believe that the field is yet to come up with clear modalities of addressing the evolving threats, machine learning can utilize the available data on a number of threats that their nature of evolution to create a difference.
As threats evolve to become more advanced, the best thing the industry can do is seeking advancement and innovation of the defense strategies against the most sophisticated threats.
Part 5: Using Machine Learning and Data Analytics to Prevent APT28
It is no secret that machine learning, together with data analytics, has a critical role to play in addressing advanced persistent threat 28, especially when it comes to mitigating the potential impact. Data analytics concepts can be instrumental in gathering data using the latest data analytics systems where the data is then analyzed to establish a number of trends. Machine learning then comes in to give meaning to the already created patterns. Based on such data analytics and machine learning together can result in issuing accurate predictions about every type of attack. Since machine learning consumes a lot of time to conceptualize, it may not be the immediate remedy for APT 28. However, as time goes by, machine learning will be able to help in detecting when APT 28 is attacking.
Bauer, R. (2019, April 19). Ransomware: How to Prevent Being Attacked and Recover After an Attack. Retrieved from Backblaze: https://www.backblaze.com/blog/complete-guide- ransomware/
ENISA Threat Landscape Report, 2019 (2020). Heraklion: ENISA. doi:10.2824/967192
FireEye. (, 2014). APT28: A Window into Russia’s Cyber Espionage Operations? Retrieved September 23, 2020, from https://learn.umuc.edu/d2l/le/content/416596/viewContent/16025752/View
Li, P., Yang, X., Xiong, Q., Wen, J., & Tang, Y. Y. (2019). Defending against the Advanced Persistent Threat: An Optimal Control Approach. Security and Communication Networks, 2018. Retrieved from https://link-gale- com.ezproxy.umuc.edu/apps/doc/A596644755/CDB?u=umd_umuc&sid=CDB&xid=283 22c9
Nicho, M., & Khan, S. (2014). Identifying vulnerabilities of advanced persistent threats: an organizational perspective. International Journal of Information Security and Privacy, 8(1), 1+. Retrieved from https://link-gale- com.ezproxy.umuc.edu/apps/doc/A381836137/CDB?u=umd_umuc&sid=CDB&xid=e4d 88b32
Top Computer Security Vulnerabilities. (2020, September 23). Retrieved from SolarWinds MSP: https://www.solarwindsmsp.com/content/computer-security-vulnerabilities
Why TTP are key in cyberintelligence. (2020, September 23). Retrieved from https://www.cytomicmodel.com/news/ttp-advantages-cyberintelligence/
Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?
Whichever your reason may is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.
Our essay writers are graduates with diplomas, bachelor, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college diploma. When assigning your order, we match the paper subject with the area of specialization of the writer.
PLACE THIS ORDER OR A SIMILAR ORDER WITH ESSAY OVEN TODAY AND GET AN AMAZING DISCOUNT