001481541 000__ 09158nam\\2200601\i\4500 001481541 001__ 1481541 001481541 003__ DLC 001481541 005__ 20231102003252.0 001481541 006__ m\\\\\o\\d\\\\\\\\ 001481541 007__ cr\cn\nnnunnun 001481541 008__ 221004s2023\\\\enka\\\\ob\\\\001\0\eng\d 001481541 010__ $$a 2022047003 001481541 020__ $$a9781119861768 001481541 020__ $$a1119861764 001481541 020__ $$a9781119861751 001481541 020__ $$a1119861756 001481541 020__ $$a9781119861775 001481541 020__ $$a1119861772 001481541 020__ $$z9781119861744 001481541 020__ $$z1119861748 001481541 0247_ $$a10.1002/9781119861775$$2doi 001481541 040__ $$aNhCcYBP$$cNhCcYBP 001481541 042__ $$apcc 001481541 050_4 $$aTK5105.59$$b.L47 2023 001481541 08200 $$a005.8/7$$223/eng/20221205 001481541 1001_ $$aLee, Martin$$c(Computer security expert),$$eauthor. 001481541 24510 $$aCyber threat intelligence /$$cMartin Lee. 001481541 264_1 $$aHoboken, New Jersey :$$bJohn Wiley & Sons, Inc.,$$c[2023] 001481541 300__ $$a1 online resource (xx, 284 pages) :$$billustrations (some color) 001481541 336__ $$atext$$btxt$$2rdacontent 001481541 337__ $$acomputer$$bc$$2rdamedia 001481541 338__ $$aonline resource$$bcr$$2rdacarrier 001481541 504__ $$aIncludes bibliographical references and index. 001481541 5050_ $$aCover -- Title Page -- Copyright Page -- Contents -- Preface -- About the Author -- Abbreviations -- Endorsements for Martin Lee's Book -- Chapter 1 Introduction -- 1.1 Definitions -- 1.1.1 Intelligence -- 1.1.2 Cyber Threat -- 1.1.3 Cyber Threat Intelligence -- 1.2 History of Threat Intelligence -- 1.2.1 Antiquity -- 1.2.2 Ancient Rome -- 1.2.3 Medieval and Renaissance Age -- 1.2.4 Industrial Age -- 1.2.5 World War I -- 1.2.6 World War II -- 1.2.7 Post War Intelligence -- 1.2.8 Cyber Threat Intelligence -- 1.2.9 Emergence of Private Sector Intelligence Sharing -- 1.3 Utility of Threat Intelligence -- 1.3.1 Developing Cyber Threat Intelligence -- Summary -- References -- Chapter 2 Threat Environment -- 2.1 Threat -- 2.1.1 Threat Classification -- 2.2 Risk and Vulnerability -- 2.2.1 Human Vulnerabilities -- 2.2.1.1 Example -- Business Email Compromise -- 2.2.2 Configuration Vulnerabilities -- 2.2.2.1 Example -- Misconfiguration of Cloud Storage -- 2.2.3 Software Vulnerabilities -- 2.2.3.1 Example -- Log4j Vulnerabilities -- 2.3 Threat Actors -- 2.3.1 Example -- Operation Payback -- 2.3.2 Example -- Stuxnet -- 2.3.3 Tracking Threat Actors -- 2.4 TTPs -- Tactics, Techniques, and Procedures -- 2.5 Victimology -- 2.5.1 Diamond Model -- 2.6 Threat Landscape -- 2.6.1 Example -- Ransomware -- 2.7 Attack Vectors, Vulnerabilities, and Exploits -- 2.7.1 Email Attack Vectors -- 2.7.2 Web-Based Attacks -- 2.7.3 Network Service Attacks -- 2.7.4 Supply Chain Attacks -- 2.8 The Kill Chain -- 2.9 Untargeted versus Targeted Attacks -- 2.10 Persistence -- 2.11 Thinking Like a Threat Actor -- Summary -- References -- Chapter 3 Applying Intelligence -- 3.1 Planning Intelligence Gathering -- 3.1.1 The Intelligence Programme -- 3.1.2 Principles of Intelligence -- 3.1.3 Intelligence Metrics -- 3.2 The Intelligence Cycle -- 3.2.1 Planning, Requirements, and Direction. 001481541 5058_ $$a3.2.2 Collection -- 3.2.3 Analysis and Processing -- 3.2.4 Production -- 3.2.5 Dissemination -- 3.2.6 Review -- 3.3 Situational Awareness -- 3.3.1 Example -- 2013 Target Breach -- 3.4 Goal Oriented Security and Threat Modelling -- 3.5 Strategic, Operational, and Tactical Intelligence -- 3.5.1 Strategic Intelligence -- 3.5.1.1 Example -- Lazarus Group -- 3.5.2 Operational Intelligence -- 3.5.2.1 Example -- SamSam -- 3.5.3 Tactical Intelligence -- 3.5.3.1 Example -- WannaCry -- 3.5.4 Sources of Intelligence Reports -- 3.5.4.1 Example -- Shamoon -- 3.6 Incident Preparedness and Response -- 3.6.1 Preparation and Practice -- Summary -- References -- Chapter 4 Collecting Intelligence -- 4.1 Hierarchy of Evidence -- 4.1.1 Example -- Smoking Tobacco Risk -- 4.2 Understanding Intelligence -- 4.2.1 Expressing Credibility -- 4.2.2 Expressing Confidence -- 4.2.3 Understanding Errors -- 4.2.3.1 Example -- the WannaCry Email -- 4.2.3.2 Example -- the Olympic Destroyer False Flags -- 4.3 Third Party Intelligence Reports -- 4.3.1 Tactical and Operational Reports -- 4.3.1.1 Example -- Heartbleed -- 4.3.2 Strategic Threat Reports -- 4.4 Internal Incident Reports -- 4.5 Root Cause Analysis -- 4.6 Active Intelligence Gathering -- 4.6.1 Example -- the Nightingale Floor -- 4.6.2 Example -- the Macron Leaks -- Summary -- References -- Chapter 5 Generating Intelligence -- 5.1 The Intelligence Cycle in Practice -- 5.1.1 See it, Sense it, Share it, Use it -- 5.1.2 F3EAD Cycle -- 5.1.3 D3A Process -- 5.1.4 Applying the Intelligence Cycle -- 5.1.4.1 Planning and Requirements -- 5.1.4.2 Collection, Analysis, and Processing -- 5.1.4.3 Production and Dissemination -- 5.1.4.4 Feedback and Improvement -- 5.1.4.5 The Intelligence Cycle in Reverse -- 5.2 Sources of Data -- 5.3 Searching Data -- 5.4 Threat Hunting -- 5.4.1 Models of Threat Hunting -- 5.4.2 Analysing Data. 001481541 5058_ $$a5.4.3 Entity Behaviour Analytics -- 5.5 Transforming Data into Intelligence -- 5.5.1 Structured Geospatial Analytical Method -- 5.5.2 Analysis of Competing Hypotheses -- 5.5.3 Poor Practices -- 5.6 Sharing Intelligence -- 5.6.1 Machine Readable Intelligence -- 5.7 Measuring the Effectiveness of Generated Intelligence -- Summary -- References -- Chapter 6 Attribution -- 6.1 Holding Perpetrators to Account -- 6.1.1 Punishment -- 6.1.2 Legal Frameworks -- 6.1.3 Cyber Crime Legislation -- 6.1.4 International Law -- 6.1.5 Crime and Punishment -- 6.2 Standards of Proof -- 6.2.1 Forensic Evidence -- 6.3 Mechanisms of Attribution -- 6.3.1 Attack Attributes -- 6.3.1.1 Attacker TTPs -- 6.3.1.2 Example -- HAFNIUM -- 6.3.1.3 Attacker Infrastructure -- 6.3.1.4 Victimology -- 6.3.1.5 Malicious Code -- 6.3.2 Asserting Attribution -- 6.4 Anti-Attribution Techniques -- 6.4.1 Infrastructure -- 6.4.2 Malicious Tools -- 6.4.3 False Attribution -- 6.4.4 Chains of Attribution -- 6.5 Third Party Attribution -- 6.6 Using Attribution -- Summary -- References -- Chapter 7 Professionalism -- 7.1 Notions of Professionalism -- 7.1.1 Professional Ethics -- 7.2 Developing a New Profession -- 7.2.1 Professional Education -- 7.2.2 Professional Behaviour and Ethics -- 7.2.2.1 Professionalism in Medicine -- 7.2.2.2 Professionalism in Accountancy -- 7.2.2.3 Professionalism in Engineering -- 7.2.3 Certifications and Codes of Ethics -- 7.3 Behaving Ethically -- 7.3.1 The Five Philosophical Approaches -- 7.3.2 The Josephson Model -- 7.3.3 PMI Ethical Decision Making Framework -- 7.4 Legal and Ethical Environment -- 7.4.1 Planning -- 7.4.1.1 Responsible Vulnerability Disclosure -- 7.4.1.2 Vulnerability Hoarding -- 7.4.2 Collection, Analysis, and Processing -- 7.4.2.1 PRISM Programme -- 7.4.2.2 Open and Closed Doors -- 7.4.3 Dissemination -- 7.4.3.1 Doxxing -- 7.5 Managing the Unexpected. 001481541 5058_ $$a7.6 Continuous Improvement -- Summary -- References -- Chapter 8 Future Threats and Conclusion -- 8.1 Emerging Technologies -- 8.1.1 Smart Buildings -- 8.1.1.1 Software Errors -- 8.1.1.2 Example -- Maroochy Shire Incident -- 8.1.2 Health Care -- 8.1.2.1 Example -- Conti Attack Against Irish Health Sector -- 8.1.3 Transport Systems -- 8.2 Emerging Attacks -- 8.2.1 Threat Actor Evolutions -- 8.2.1.1 Criminal Threat Actors -- 8.2.1.2 Nation State Threat Actors -- 8.2.1.3 Other Threat Actors -- 8.3 Emerging Workforce -- 8.3.1 Job Roles and Skills -- 8.3.2 Diversity in Hiring -- 8.3.3 Growing the Profession -- 8.4 Conclusion -- References -- Chapter 9 Case Studies -- 9.1 Target Compromise 2013 -- 9.1.1 Background -- 9.1.2 The Attack -- 9.2 WannaCry 2017 -- 9.2.1 Background -- 9.2.1.1 Guardians of Peace -- 9.2.1.2 The Shadow Brokers -- 9.2.1.3 Threat Landscape -- Worms and Ransomware -- 9.2.2 The Attack -- 9.2.2.1 Prelude -- 9.2.2.2 Malware -- 9.3 NotPetya 2017 -- 9.3.1 Background -- 9.3.2 The Attack -- 9.3.2.1 Distribution -- 9.3.2.2 Payload -- 9.3.2.3 Spread and Consequences -- 9.4 VPNFilter 2018 -- 9.4.1 Background -- 9.4.2 The Attack -- 9.5 SUNBURST and SUNSPOT 2020 -- 9.5.1 Background -- 9.5.2 The Attack -- 9.6 Macron Leaks 2017 -- 9.6.1 Background -- 9.6.2 The Attack -- References -- Index -- EULA. 001481541 506__ $$aAccess limited to authorized users 001481541 533__ $$aElectronic reproduction.$$bAnn Arbor, MI$$nAvailable via World Wide Web. 001481541 588__ $$aDescription based on online resource; title from digital title page (viewed on April 25, 2023). 001481541 650_0 $$aCyber intelligence (Computer security)$$0(DLC)sh2011005959 001481541 650_0 $$aCyberterrorism$$xPrevention.$$zUnited States$$xPrevention$$0(DLC)sh2009121190 001481541 650_0 $$aCyberspace operations (Military science)$$0(DLC)sh2013000988 001481541 655_0 $$aElectronic books 001481541 7102_ $$aProQuest (Firm) 001481541 77608 $$iPrint version:$$aLee, Martin$$tCyber threat intelligence$$dOxford, UK ; Hoboken, NJ, USA : Wiley, 2023$$z9781119861744$$w(DLC) 2022047002 001481541 852__ $$bebk 001481541 85640 $$3GOBI DDA$$uhttps://univsouthin.idm.oclc.org/login?url=https://ebookcentral.proquest.com/lib/usiricelib-ebooks/detail.action?docID=7235417$$zOnline Access 001481541 909CO $$ooai:library.usi.edu:1481541$$pGLOBAL_SET 001481541 980__ $$aBIB 001481541 980__ $$aEBOOK 001481541 982__ $$aEbook 001481541 983__ $$aOnline