APTAdversaries: Competitors, criminals, spiesPernicious: Devious use of digital trade craftTargets: source codes, data, SIGINT, personnel,
Ghostnet• Office of the Dalai Lama infiltrated through malware installed on computers• Email servers completely owned• Emails modified in transit• Email read and acted on• Over 1,200 infected computers globally
Sound familiar?• Pentagon 2007• Rio Tinto 2009• Google Aurora 2010• Stuxnet
Introducing the cyber intelligenceteam Cyber Commander Analysts Operations Red Team
Cyber Commander• Assigns and directs roles• Makes sure the correct tools and defenses are deployed• Puts in place controls and audit processes• Reports to upper management on the results of those processes and audits• Primary point of contact for communicating to law enforcement and intelligence agencies
AnalystsCyber defense analysts are the intelligence gatherers.They study the threatscape with an eye towardsemerging threats to the organization. • Understanding the state of the art in attack methodologies. • Getting to know potential attackers and monitoring their activity. • Monitoring known attack sources • Communicating the threat level to the rest of the cyber defense team. • Assisting in evaluating technology for internal deployment.