Threats and Threat Intelligence

Abstract

Digital technologies used in digital transformation are essential for every industrial, public, and private organization. In industry, the automation with its connectedness has revolutionized the economic situation of work through the transition of the fourth technological wave, termed Industry 4.0. However, this also enables various types of threat event attacks. Therefore, this chapter introduces us to the virtual world of Threats and Threat Intelligence. The intention of threat event attacks is to inflict harm, intruding viruses, worms, malicious code, and others, to get unauthorized access to computer systems, networks, infrastructure resources, and others, misusing or manipulating operational tasks. Threat event attacks also tries to shut down targeted computer systems, networks, infrastructure resources, and others, making it inaccessible to regular operation tasks or users, which can be achieved by a Denial of Service attack or others, through flooding the targeted object with traffic, or sending it information that triggers a crash. Sometimes, targeted organizations incorporate threat data feeds as simple indicator of artifacts in their systems and/or networks that present a stream of information, e.g., on anomalies in their data flows but not knowing what to do with this additional data. For some reason, they potentially put an additional burden on analysts to decide what to consider dangerous and what to ignore. However, an important prerequisite is that the analysts have the appropriate tools in order to be able to make such decisions at all, which is a reason using Threat Intelligence. Threat Intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject’s response to that menace or hazard” [1]. In this regard, Threat Intelligence is knowledge that allows preventing or mitigating threat event attacks rooting in data, like who is attacking and what is their motivation and capabilities to get better information for decision-making about the potential cybersecurity risks. In this context, threat perception describes an essential capability and estimated intention to vulnerability and opportunity to really executing the threat event attack(s). Therefore, a solid understanding of the impact and potential consequences of threat event attacks is required, to cyber secure mission critical computer systems, networks, infrastructure resources, and others. This requires a detailed analysis of well-known and documented threat event attacks, which may cause a loss of confidentiality, integrity, and availability, as described in the CIA Triad (see Sect. 1.6.2 ) of computer systems and data it stores or processes that finally reveal identifiable interactions or dependency patterns. Such recognizable interactions or patterns require further study to highlight their specifications, their severity, and impact and, if possible, to develop a method to reveal them before executed. In this context, Threat Intelligence addresses these issues making use of machine learning (see Chap. 8 ) to automate data collection and processing unstructured data from disparate sources and connect them by providing context on Indicators of Compromise (IoC) and Tactics, Techniques and Procedures (TTP) of threat event actors. Therefore, Chap. 2 introduces to Threats, Threat Events and –Intensions, Threat Event Types and their Cybersecurity Risk Level, the Likelihood and Consequence Level, and Risk Management and Risk Analysis in Sect. 2.1. Section 2.2 refers to Threat Intelligence, taking into account the problem of Known-Knowns, Known-Unknowns, and Unknown-Unknowns, Digital Forensic and Threat Intelligence platforms. Furthermore, Sect. 2.2 introduces, besides Threat Intelligence in Threat Event Attack Profiling, Threat Event Lifecycle and Threat Intelligence Sharing and Management Platforms. Section 2.3 contains comprehensive questions from the topics Threats and Threat Intelligence, followed by “References” with references for further reading.