ThreatHunting_ThinkingAboutTomorrow_Bogota2019.pdf

839fc2503083a6d6bff4aebdf87a5e1d?s=47 Tazz
March 14, 2019

 ThreatHunting_ThinkingAboutTomorrow_Bogota2019.pdf

This presentation was previously given to a hacker community in 2017, and it was updated and tailored for the business-concentric security audience in Bogota (2019). This presentation presents a new way of thinking about threats - strategically. It identifies the differences between tactical and strategic threat intelligence, and then it offers connections between eight* categories of real world threat triggers/events and the items that may become strategic targets as a result of the trigger or event. It then closes with a few suggestions on how to develop threat intelligence.

*Technology, Economics, Business, Military, Diplomatic, Infrastructure, Cultural/Professional, and Religious

The talk includes three links: two for reading recommendations and one for an online resource with verbose information about power plants around the world.

839fc2503083a6d6bff4aebdf87a5e1d?s=128

Tazz

March 14, 2019
Tweet

Transcript

  1. NEVER UNDERESTIMATE THE CREATIVITY OR DETERMINATION OF YOUR ENEMY. ↔

    IF YOU CAN’T THINK OF IT, HOW CAN YOU DEFEND AGAINST IT?
  2. IMAGINE 2

  3. • • • • • TARGET DEVELOPMENT – THREAT TRIGGERS/EVENTS

    & STRATEGIC TARGETS • • 3
  4. NO CYBER RULE 4

  5. $______ • PHYSICAL • NETWORK • INFORMATION • DATA •

    (MOBILE) DEVICE • CYBER CYBERS • • • • 5
  6. READING RECOMMENDATIONS 6

  7. 7

  8. 8

  9. OBJECTIVES 9

  10. 1. 2. 3. CRITICAL 10

  11. TACTICAL -VS- STRATEGIC THREAT INTELLIGENCE 11

  12. 12

  13. • • • QUICK (AUTOMATED) ANALYSIS • • INDICATORS OF

    COMPROMISE • • • DEEP ANALYSIS • • INDICATORS OF ATTACK 13
  14. David Bianco 2013-present James Dietel, Effective Threat Intelligence ©2016 14

  15. • BEFORE REVERSE TARGETING • FOR SOMEONE ELSE • •

    AFTER MOTIVES & GOALS • • 15
  16. BEFORE THE COMPROMISE: TARGET DEVELOPMENT 16

  17. COMPREHEND 17

  18. • • • • • • • • 18

  19. • • • • • • • • • •

    OPERATIONS MANUALS, RESPONSE PLANS, INVOICES, SCHEMATICS, BLUEPRINTS • CHAT PLATFORM (WHO HOSTS YOURS, AUTHORIZED & UNAUTHORIZED? – TIKTOK, DISCORD, TELEGRAM) • ANYTHING WITH A POWER BUTTON/SWITCH • HOW MANY SHARED SERVICE PROVIDERS DOES YOUR ORGANIZATION USE? 19 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious
  20. • • • • • • • • WHAT TECHNOLOGY

    AFFECTS YOUR SHIPPING OPERATIONS AND MONITORING? • SUPPORTING • • 20 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious
  21. • • • • • WHO AND WHAT COUNTRY MADE

    THE TECHNOLOGY IN YOUR EQUIPMENT? • YOUR PURCHASE ORDERS REVEAL YOUR CAPABILITIES • PARTS & CORE COMPONENT MANUFACTURERS • SUBJECT MATTER EXPERTS • • • • 21 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious
  22. • • • • • IOT DEVICES IN HOME/CAR, FITNESS

    APPS • CONTRACTED COMPANIES • • • • • 22 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious
  23. • • • • • • • • • •

    RESEARCH ORGANIZATIONS FOCUSED ON FOOD TECHNOLOGY, WEAPONS, WEAPONIZING $THINGS • SCIENTISTS 23 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious
  24. • • • • • • • CONFERENCES WHERE MULTIPLE

    CRITICAL INFRASTRUCTURE VENDORS ARE GATHERED • “WORK FROM HOME” EMPLOYEES • EMERGENCY SERVICES AND FIRST RESPONDERS • • • POWER PLANTS, DAMS, WATER TREATMENT, LANDFILLS, PIPELINES, MINES, PORTS 24 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious
  25. • • • • • • SMALL CONFERENCES W/ CONCENTRATIONS

    OF PROFESSIONALS OR RELIGIOUS LEADERS • CONFERENCE ATTENDANCE ROSTER • MEMBERSHIP ROSTERS • ANYTHING “SACRED” / UNITES THE PEOPLE • • 25 Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious
  26. • • • • • ICONS • • • 26

    Technology • Economic • Business • Military • Diplomatic • Infrastructure • Cultural/Professional • Religious
  27. “FINDING” STRATEGIC INTEL 27

  28. • YOU DON’T FIND IT – YOU DEVELOP IT THROUGH

    CRITICAL THINKING AND ANALYSIS • • • • • • PROPOSED • • • • 28
  29. FINAL NOTES TO LEADERS ASKING FOR STRATEGIC (DIGITAL) THREAT INTEL...

    29
  30. Do you understand the motives, goals, structure, organization, & methods

    of your adversaries? 30
  31. The supreme art of war is to subdue the enemy

    without fighting. -Sun Tzu 31
  32. QUESTIONS ? 32

  33. Twitter: @GRC_Ninja Slides: speakerdeck.com/grcninja Email: n9gte8qo1yxm@opayq.com 33 One / Uno

  34. • HTTPS://WWW.CIA.GOV/LIBRARY/CENTER-FOR-THE-STUDY-OF- INTELLIGENCE/CSI-PUBLICATIONS/CSI-STUDIES/STUDIES/VOL51NO2/THE-STATE-OF-STRATEGIC- INTELLIGENCE.HTML • HTTPS://WWW.AMAZON.COM/EFFECTIVE-THREAT-INTELLIGENCE- BUILDING-ORGANIZATION/DP/1533314551 • HTTP://GLOBALENERGYOBSERVATORY.ORG/ 34