Respond to the two discussions
20 hours ago Reuben Aborchie Aborchie – Option B COLLAPSE The process of sharing attack information is a way to counter global threat, InfoSec threat has to be shared both within privates and
governmental agencies as this would help in unifying the fight against cyber threats and aiding in the protection of sensitive and confidential data.
Firstly, it’s difficult for a single organization to have a standard analysis of all potential vulnerabilities, threat and attack across the interconnected information technology environment but
with the means of sharing intelligence on these attack and threats, greater understanding is enhanced which promotes effective response to security incidents.
Secondly, sharing InfoSec threat/attack information will also aid rapid responses towards heightened awareness of Advance persistent threat when discovered. Moreover, since it establishes mechanism
that enables federal departments and agencies share within one another and with non-federal entities a large volume of threat intelligence data can be obtained.
Furthermore, the Federal Cybersecurity Enhancement Act of 2015 requires the Department of Homeland Security to organize or provide to federal agencies a system to detect and prevent attack in
InfoSec threat. With the installation of the system, information travelling within the environment either governmental or not would serve as a benefit because DHS and other private companies will
be authorized to access such information’s travelling around InfoSec which is the main objective for sharing.
Moreover, the act of sharing this attack information is also a key element in the process of improving CT innovations in other to defeat growth in attacks, it will strongly help as a game changer
in enabling different organizations sustain their intelligence information for future reasons.
Opponents to this idea of sharing InfoSec threat/attack argue about the infringement of privacy, but the 2015 act considers the preservation of confidential and personal data. Besides, confidential
data or Pll is not vital when other organizations consider using the information of threats and attacks to search their systems and networks for similar attacks.
In conclusion, sharing attack information aids at securing or creating strong defense policy, enabling massive benefits and reduces risks. Organizations should share InfoSec threat because of the
various range of organizations and attack, as no single entity or organization can meet security threat without being shared. This is because of the advanced sophisticated methods employed by
attackers, as they combine their tactics and techniques to improve their attack. The lack of sharing information attack makes it difficult to identify the systems that are within the scope of an
attack. Sharing InfoSec Threat will greatly assist in prevention, identification and extinction of invaders as it provides a synergy that will propagate the fight against cyber-attacks and threats.
COLLAPSE In the recent years, actions of hacker groups have dominated news reporting, with successful campaigns costing businesses millions of dollars in repairing the damages costed by stealing
customer information or proprietary data. Security companies have conducted investigations of these campaigns and have identified the groups and their actions in order to attempt to attribute their
actions to a country or organization and those results have identified various levels of complication within these campaigns. Each of the groups are classified by the level of sophistication and
best guess at attribution, which is who the actions were caused by. This post will provide information on the differences between the Advanced Evasion Techniques (AETs) and Advanced Persistent
Threats (APTs) in order to provide the details on the most advanced groups of this classification.
According to CYBERSECURITY NEXUS, there are two ways to look at APTs, the first being as a group of highly sophisticated hackers and the second being, a method used by hackers (CYBERSECURITY NEXUS,
2015). The second article looks at the APT as being a method. Using the method definition, hackers use APTs to conduct cyber-attacks with evasion techniques that allow for prolonged existence in
the network (CYBERSECURITY NEXUS, 2015; MCAfee). APTs target a certain sector such as banking or military entities to exfiltrate data from systems (CYBERSECURITY NEXUS, 2015).
Hackers use APTs to conduct lengthy cyber-attacks that avoid detection by using Advanced Evasion Techniques (AETs) to avoid detection on the network (MCAfee). Methods used by AETs to avoid
detection are obfuscation and fragmentation (MCAfee). The process of fragmentation, breaks the malicious program into unrecognizable chunks on one end and reassembles them for use by the APT on the
other end (MCAfee). The AET is difficult to detect due to the bit not matching signatures and in most cases avoiding detection by heuristics due to the size and long amount of time taken to deliver
Differences between to two methods start with the where they operate. With APT, it operates on the inside of the network, after the router and where the data or targets are located. The AET
operates on the network and serves as a delivery mechanism for the APT. How they operate also provide differences, each method used serves a distinct purpose. The AET uses methods to hide the
payload, while the APT uses methods to target victim nodes, setup persistence and extract data. Both have similarities as they both are intended to evade detection and also are developed to
maintain high level of persistence.
In this post, we categorized APTs and AETs and discussed the differences between both methods. Prior to conducting this research, I looked at APTs as being a group and never heard of AETs. This
knowledge will help to put mechanisms in place to properly categorize actions detected on the network and will help to mitigate those actions.
Respond to the two discussions