Cybersecurity Threats, Malware Trends, and Strategies - Second Edition

Book description

Implement effective cybersecurity strategies to help you and your security team protect, detect, and respond to modern-day threats Purchase of the print or Kindle book includes a free eBook in PDF format.

Key Features

  • Protect your organization from cybersecurity threats with field-tested strategies
  • Understand threats such as exploits, malware, internet-based threats, and governments
  • Measure the effectiveness of your organization's current cybersecurity program against modern attackers’ tactics

Book Description

Tim Rains is Microsoft's former Global Chief Security Advisor and Amazon Web Services’ former Global Security Leader for Worldwide Public Sector. He has spent the last two decades advising private and public sector organizations all over the world on cybersecurity strategies.

Cybersecurity Threats, Malware Trends, and Strategies, Second Edition builds upon the success of the first edition that has helped so many aspiring CISOs, and cybersecurity professionals understand and develop effective data-driven cybersecurity strategies for their organizations. In this edition, you’ll examine long-term trends in vulnerability disclosures and exploitation, regional differences in malware infections and the socio-economic factors that underpin them, and how ransomware evolved from an obscure threat to the most feared threat in cybersecurity. You’ll also gain valuable insights into the roles that governments play in cybersecurity, including their role as threat actors, and how to mitigate government access to data. The book concludes with a deep dive into modern approaches to cybersecurity using the cloud.

By the end of this book, you will have a better understanding of the threat landscape, how to recognize good Cyber Threat Intelligence, and how to measure the effectiveness of your organization's cybersecurity strategy.

What you will learn

  • Discover enterprise cybersecurity strategies and the ingredients critical to their success
  • Improve vulnerability management by reducing risks and costs for your organization
  • Mitigate internet-based threats such as drive-by download attacks and malware distribution sites
  • Learn the roles that governments play in cybersecurity and how to mitigate government access to data
  • Weigh the pros and cons of popular cybersecurity strategies such as Zero Trust, the Intrusion Kill Chain, and others
  • Implement and then measure the outcome of a cybersecurity strategy
  • Discover how the cloud can provide better security and compliance capabilities than on-premises IT environments

Who this book is for

This book is for anyone who is looking to implement or improve their organization's cybersecurity strategy. This includes Chief Information Security Officers (CISOs), Chief Security Officers (CSOs), compliance and audit professionals, security architects, and cybersecurity professionals. Basic knowledge of Information Technology (IT), software development principles, and cybersecurity concepts is assumed.

Table of contents

  1. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Get in touch
    5. Share your thoughts
  2. Introduction
    1. Different types of CISOs: “The CISO Spectrum”
    2. How organizations get initially compromised and the cybersecurity fundamentals
      1. Unpatched vulnerabilities
      2. Security misconfigurations
      3. Weak, leaked, and stolen credentials
      4. Social engineering
      5. Insider threats
    3. Focus on the cybersecurity fundamentals
    4. Understanding the difference between attackers’ motivations and tactics
    5. Summary
    6. References
  3. What to Know about Threat Intelligence
    1. What is threat intelligence?
    2. Where does CTI data come from?
    3. Using threat intelligence
      1. The key to using threat intelligence
    4. Threat intelligence sharing
      1. CTI sharing protocols
        1. Traffic Light Protocol
        2. STIX and TAXII
      2. Reasons not to share CTI
    5. How to identify credible cyber threat intelligence
      1. Data sources
      2. Time periods
      3. Recognizing hype
      4. Predictions about the future
      5. Vendors’ motives
    6. Summary
    7. References
  4. Using Vulnerability Trends to Reduce Risk and Costs
    1. Introduction
    2. Vulnerability Management Primer
    3. Vulnerability Disclosure Data Sources
    4. Industry Vulnerability Disclosure Trends
      1. Vendor and Product Vulnerability Trends
      2. Reducing Risk and Costs – Measuring Vendor and Product Improvement
        1. Microsoft Vulnerability Trends
        2. Oracle Vulnerability Trends
        3. Google Vulnerability Trends
        4. Debian Vulnerability Trends
        5. Apple Vulnerability Trends
        6. Vendor Vulnerability Trend Summary
      3. Operating System Vulnerability Trends
        1. Google Android Vulnerability Trends
        2. Apple iOS Vulnerability Trends
        3. Mobile Operating System Summary
        4. Microsoft Windows 10 Vulnerability Trends
        5. Apple macOS Vulnerability Trends
        6. Desktop Operating System Summary
        7. Ubuntu Linux Vulnerability Trends
        8. Linux Kernel Vulnerability Trends
        9. Microsoft Windows Server 2016 Vulnerability Trends
        10. Server Operating System Summary
      4. Web Browser Vulnerability Trends
        1. Apple Safari Vulnerability Trends
        2. Google Chrome Vulnerability Trends
        3. Web Browser Summary
      5. Vulnerability Improvement Framework Summary
    5. Vulnerability Management Guidance
    6. Summary
    7. References
  5. The Evolution of Malware
    1. Introduction
    2. Why is there so much malware on Windows compared to other platforms?
    3. Data sources
      1. The Malicious Software Removal Tool
      2. Real-time anti-malware tools
      3. Non-security data sources
    4. About malware
      1. How malware infections spread
      2. Trojans
      3. Potentially unwanted software
      4. Exploits and exploit kits
      5. Worms
      6. Ransomware
      7. Viruses
      8. Browser modifiers
      9. Measuring malware prevalence
    5. Global Windows malware infection analysis
    6. Regional Windows malware infection analysis
      1. The threat landscape in the Middle East and Northern Africa
        1. 10-year regional report card for the Middle East and Northern Africa
      2. The threat landscape in the European Union and Eastern Europe
        1. 10-year regional report card for the European Union
        2. 10-year regional report card for select Eastern European locations
      3. The threat landscape in select locations in Asia and Oceania
        1. 10-year regional report card for Asia and Oceania
      4. The threat landscape in select locations in the Americas
        1. 10-year regional report card for the Americas
      5. Regional Windows malware infection analysis conclusions
      6. What does this all mean for CISOs and enterprise security teams?
    7. Global malware evolution
      1. Global malware evolution conclusions
    8. The evolution of ransomware
      1. Delivery mechanisms
      2. Execution mechanisms
      3. Ransom payment methods
      4. Ransom demands and communications
      5. Business model
    9. The great debate – are anti-malware solutions really worthwhile?
    10. Summary
    11. References
  6. Internet-Based Threats
    1. Introduction
    2. A typical attack
    3. Phishing attacks
      1. Mitigating phishing
    4. Drive-by download attacks
      1. Mitigating drive-by download attacks
    5. Malware-hosting sites
      1. Mitigating malware distribution
    6. Post compromise – botnets and DDoS attacks
    7. Summary
    8. References
  7. The Roles Governments Play in Cybersecurity
    1. The pursuit of happiness
    2. Governments as cybersecurity market participants
    3. Governments as standards bodies
    4. Governments as enforcers
      1. Regulators
      2. Law enforcement
    5. Governments as defenders
      1. Public safety
      2. National security
      3. Military
    6. Summary
    7. References
  8. Government Access to Data
    1. Understanding government access to data
      1. The signals intelligence scenario
      2. The unlawful government access to data scenario
      3. The lawful government access to data scenario
    2. Lawful government access to data
      1. The CLOUD Act and the PATRIOT Act
      2. Managing the risk of government access to data
        1. The volume of law enforcement requests
        2. The probability of US law enforcement accessing data in the cloud
        3. The GDPR, FISA Section 702, and Schrems II
        4. The Probability of US Intelligence Accessing Data in the Cloud
    3. Mitigating government access to data
      1. Setting and understanding the scope
      2. Setting realistic objectives
      3. Planning data protection controls
    4. Conclusion
    5. Summary
    6. References
  9. Ingredients for a Successful Cybersecurity Strategy
    1. What is a cybersecurity strategy?
    2. Other ingredients for a successful strategy
      1. Business objective alignment
      2. Cybersecurity vision, mission, and imperatives
      3. Senior executive and board support
      4. Understand the risk appetite
      5. Realistic view of current cybersecurity capabilities and technical talent
      6. Compliance program and control framework alignment
      7. An effective relationship between cybersecurity and IT
      8. Security culture
    3. Summary
    4. References
  10. Cybersecurity Strategies
    1. Introduction
    2. Measuring the efficacy of cybersecurity strategies
    3. Cybersecurity strategies
    4. Protect and Recover Strategy
      1. CFSS score
      2. Protect and Recover Strategy summary
    5. Endpoint Protection Strategy
      1. CFSS score
      2. Endpoint Protection Strategy summary
    6. Physical control and security clearances as a security strategy
      1. CFSS score
      2. Physical Control and Security Clearances Strategy summary
    7. Compliance as a Security Strategy
      1. CFSS score
      2. Compliance as a Security Strategy summary
    8. Application-Centric Strategy
      1. CFSS score
      2. Application-Centric Strategy summary
    9. Identity-Centric Strategy
      1. CFSS score
      2. Identity-Centric Strategy summary
    10. Data-Centric Strategy
      1. CFSS score
      2. Data-Centric Strategy summary
    11. Attack-Centric Strategy
      1. CFSS score
      2. Attack-Centric Strategy summary
    12. Zero Trust
      1. CFSS score
    13. Cybersecurity strategies summary
    14. DevOps and DevSecOps
    15. Summary
    16. References
  11. Strategy Implementation
    1. Introduction
    2. What is an Intrusion Kill Chain?
    3. Modernizing the Kill Chain
      1. Mapping the Cybersecurity Usual Suspects
      2. Updating the matrix
      3. Intrusion Kill Chain or ATT&CK?
    4. Getting started
      1. Maturity of current cybersecurity capabilities
      2. Pervasiveness of current cybersecurity capabilities
      3. Who consumes the data?
      4. Cybersecurity license renewals
    5. Implementing this strategy
      1. Rationalizing the matrix – gaps, under-investments, and over-investments
        1. Identifying gaps
        2. Identifying areas of under-investment
        3. Identifying areas of over-investment
      2. Planning your implementation
    6. Designing control sets
      1. Attack phase – Reconnaissance I
        1. Example controls for Reconnaissance I
        2. Insights from ATT&CK
      2. Attack phase – Delivery
        1. Example controls for Delivery
        2. Insights from ATT&CK
      3. Attack phase – Exploitation
        1. Example controls for Exploitation
        2. Insights from ATT&CK
      4. Attack phase – Installation
        1. Example controls for Installation
        2. Insights from ATT&CK
      5. Attack phase – Command and Control (C2)
        1. Example controls for C2
        2. Insights from ATT&CK
      6. Attack phase – Reconnaissance II
        1. Example controls for Reconnaissance II
        2. Insights from ATT&CK
      7. Attack phase – Actions on Objectives
        1. Example controls for Actions on Objectives
        2. Insights from ATT&CK
    7. Conclusion
    8. Summary
    9. References
  12. Measuring Performance and Effectiveness
    1. Introduction
    2. Using vulnerability management data
      1. Assets under management versus total assets
      2. Known unpatched vulnerabilities
      3. Unpatched vulnerabilities by severity
      4. Vulnerabilities by product type
    3. Measuring the performance and efficacy of an Attack-Centric Strategy
      1. Performing intrusion reconstructions
      2. Using intrusion reconstruction results
        1. Identifying lame controls
        2. Learning from failure
        3. Identifying helpful vendors
        4. Informing internal assessments
      3. Adversary emulations leveraging ATT&CK
    4. Summary
    5. References
  13. Modern Approaches to Security and Compliance
    1. Introduction
    2. How is cloud computing different?
      1. Cloud Service Providers versus Managed Service Providers
      2. Migrating to the cloud
      3. Cybersecurity assessment questionnaires
    3. Security and compliance game changers
      1. The power of APIs
      2. The advantages of automation
        1. Mitigating insider threat and social engineering
        2. Mitigating unpatched vulnerabilities
        3. Mitigating security misconfigurations
        4. Mitigating weak, leaked and stolen credentials
      3. Security and compliance game changers – summary
    4. Using cybersecurity strategies in the cloud
      1. Using the Protect and Recover Strategy in the cloud
      2. Compliance as a Cybersecurity Strategy in the cloud
      3. Using the Attack-Centric Strategy in the cloud
      4. DevOps – A modern approach to security in the cloud
      5. Disaster Recovery in the cloud
    5. Encryption and key management
    6. Conclusion
    7. Summary
    8. References
  14. Other Books You May Enjoy
  15. Index

Product information

  • Title: Cybersecurity Threats, Malware Trends, and Strategies - Second Edition
  • Author(s): Tim Rains
  • Release date: January 2023
  • Publisher(s): Packt Publishing
  • ISBN: 9781804613672