Cyber Threat Basics, Types of Threats, Intelligence & Best PracticesSecureworks® gives you an updated look at cyber threats, types of threats, intelligence, emerging threats and today's best practices for protection. By: Ken Brisco
- The impact of cyber threats gained significant increase over the 2020 pandemic
- Threat intelligence provides needed visibility beyond network borders
- Taegis™ XDR provides a deep understanding of threat actor behavior and intent
What is a Cyber Threat?
For a cybersecurity expert, the Oxford Dictionary definition of cyber threat is a little lacking: "The possibility of a malicious attempt to damage or disrupt a computer network or system." This definition is incomplete without including the attempt to damage or steal data and disrupt digital operations.
In this definition, the threat is defined as a possibility. However, in the cybersecurity community, the threat is more closely identified with the actor or adversary attempting to gain access to a system. Or a threat might be identified by the damage done, what is stolen, or the tactics, techniques and procedures (TTPs) that are used.
5 Biggest Cyber Threats
Cyber threats are getting more sophisticated and intense amid increasing levels of remote work, cloud migration and advanced cyber adversaries. Here are 5 of the most damaging for enterprises in 2020.
- Social engineering
- DDoS attacks
- Third party software
- Cloud computing vulnerabilities
2021 State of the Threat Report - Cyber threats have taken over 2021 and they show no sign of stopping. In this report, we explore some of the most recent, hard-hitting cyberattacks.
The COVID-19 pandemic was a significant challenge for security teams. Remote work has expanded the attack surface forcing security teams to protect a much larger area than before. During the pandemic, cyber threats and data breaches grew in sophistication and volume, with the number of breaches increasing 273% in the first quarter, compared to 2019.
Sources of Cyber ThreatsWhen identifying a cyber threat, it’s important to know the adversary and understand the TTPs associated with them. The TTPs of threat actors are constantly evolving to avoid detection, but the sources of cyber threats remain the same. There is always a human element; someone who falls for a clever trick. But more importantly, there is also always a motive. This is the real source of the cyber threat. Understanding attacker TTPs can help you identify the motive of a cyber threat and act to prevent the likely next steps. The MITRE ATT&CK framework is a knowledge base of threat actor TTPs based on actual cybersecurity observations. Secureworks Taegis XDR covers more than 90% of TTPs across all categories of the MITRE framework, on average.
Most Common Sources of Cyber Threats
- Criminal Groups
- Malicious Insiders
- Corporate Spies
- Nation States
- Terrorist Groups
Cyber Threat Intelligence is Necessary for Enterprises
Advanced threat actors such as organized cybercriminals, nation-states and corporate spies represent the greatest information security threat to enterprises today. Many organizations struggle to detect these threats due to their clandestine nature, resource sophistication, and their lack of deep understanding of threat actor behavior. For enterprises, these more sophisticated, organized, and persistent threat actors are seen only by the digital traces they leave behind. For these reasons, enterprises need broad visibility beyond their network borders into advanced threats specifically targeting their organizations and infrastructure. This is known as threat intelligence.
The SolarWinds attack, made public in December 2020, was a huge wake-up call to the level of sophistication hacker collectives use. According to the Wall Street Journal:
“The attack blended extraordinarily stealthy tradecraft, using cyber tools never before seen in a previous attack, with a strategy that zeroed in on a weak link in the software supply chain that all U.S. businesses and government institutions rely on—an approach security experts have long feared but one that has never been used on U.S. targets in such a concerted way.”
The Secureworks Counter Threat Unit™ (CTU™) analyzes threat data from the Secureworks customer base and actively monitors the threat landscape. When anomalous activity is detected, the CTU researchers perform thorough analysis to discover new attack techniques and threats.With a deep understanding of threat actor behavior and intent, Taegis™ XDR leverages the data retained by our platform to help customers quickly assess any potential impact using research from the CTU and other sources. Experts on our teams took what we were learning about the threat actor behaviors from SolarWinds and other recent nation-state cyberattacks and conducted proactive threat hunts to look for these new behaviors across all Taegis XDR customers.
The Big Picture
Threat detection can be difficult as cyber adversaries use increasingly advanced TTPs when exploiting victims. These new measures have forced organizations to upgrade security analytics and operations tools, skills, and processes to stay ahead. Many security operations teams face significant challenges. They often work with siloed point tools and manual processes while also lacking the experience, resources, and skills to keep pace with an evolving threat landscape. Taegis XDR addresses these challenges using advanced behavioral analytics and threat data to speed detection and response, and improve efficiency.