Placing statistics in front of threat events can be cool but practically useless information. In viewing threat data, one must analyze against specific organizational relevance. As an example, I will utilize data posted from Aprils Monthly report.
Detected Attacks
|
Intensity
|
Capability to Defend
|
Capability to Detect
|
Apache exploit kit
|
1
| ||
backdoor
|
1
| ||
coldfusion zeroday
|
1
| ||
credit card fraud
|
1
| ||
Data Breach
|
1
| ||
Data Spill
|
1
| ||
DNS poisoning
|
1
| ||
Insider
|
1
| ||
Mobile Malware
|
1
| ||
brute force
|
2
| ||
WEB Defacement
|
2
| ||
Targeted Attack
|
3
| ||
defacement
|
4
| ||
DNS Hijack
|
5
| ||
social Media Hijack
|
12
| ||
SQLi
|
15
| ||
DDoS
|
23
|
As noted, the ability to defend and detect are organizational specific. These variables ask you the reader to fill in the blanks. What is your organizations ability to detect a SQLI attack? How are you postured to defend against it? These become useful when attempting to quantify acquisition of new technology for an organization that may be deficient in these various areas.
Another important data set may be to consider industries being attacked.
Targets of Frequency
|
Intensity
|
Relevance to Organization Business Practices
|
Relevance to Organization Business Operations
|
IND: Energy
|
1
| ||
IND: telco
|
1
| ||
IND: web Hosting
|
1
| ||
ORG: Church
|
1
| ||
ORG: software
|
1
| ||
ORG: sports
|
1
| ||
ORG: Political Party
|
1
| ||
Roadsign
|
1
| ||
IND: automotive
|
2
| ||
IND: online games
|
2
| ||
IND: Retail
|
2
| ||
LEC
|
2
| ||
ORG: Non-Profit
|
2
| ||
Education
|
3
| ||
IND: Computer Software
|
3
| ||
Individual
|
3
| ||
IND: online services
|
4
| ||
news
|
8
| ||
IND: Internet Services
|
11
| ||
GOV
|
18
| ||
Financial
|
24
|
Defining relevance to an organization considering business practices and resources provide focus to not only the organization measured, but perhaps business partners and supply chains. As in the example above, you the reader must apply consideration as to which are important to consideration in your business. Really interesting is further dissection.
Example: If I am an organization that provides Financial Services… In the month of April 24 attacks were captured. Of these attacks, 82% were DDoS, 14% SQLi, and 4% DNS HiJacking. Additionally, 67% where attributed to Hacktivism with the remainder attributed to cybercrime. The threat actor Izz ad din al-qassam cyber fighters associated with the vast majority of these were the actor report was attributed.
As a network defender, given this trend, looking into my financial organizations ability to defend against DDoS begins to look critical. Measuring my current ability to protect and defend against known DDoS methods gives a leg up in the battle to current vectors and threats. As always, if you have any questions or would like data sets for something specific, please feel free to post your questions. Cheers
No comments:
Post a Comment