book

Cybersecurity Threats, Malware Trends, and Strategies - Second Edition

by Tim Rains

January 2023

Intermediate to advanced

584 pages

17h 24m

English

Packt Publishing

Read now

Unlock full access

Who this book is forWhat this book coversTo get the most out of this bookGet in touchShare your thoughts
Different types of CISOs: “The CISO Spectrum”How organizations get initially compromised and the cybersecurity fundamentalsUnpatched vulnerabilitiesSecurity misconfigurationsWeak, leaked, and stolen credentialsSocial engineeringInsider threatsFocus on the cybersecurity fundamentalsUnderstanding the difference between attackers’ motivations and tacticsSummaryReferences
What is threat intelligence?Where does CTI data come from?Using threat intelligenceThe key to using threat intelligenceThreat intelligence sharingCTI sharing protocolsTraffic Light ProtocolSTIX and TAXIIReasons not to share CTIHow to identify credible cyber threat intelligenceData sourcesTime periodsRecognizing hypePredictions about the futureVendors’ motivesSummaryReferences
IntroductionVulnerability Management PrimerVulnerability Disclosure Data SourcesIndustry Vulnerability Disclosure TrendsVendor and Product Vulnerability TrendsReducing Risk and Costs – Measuring Vendor and Product ImprovementMicrosoft Vulnerability TrendsOracle Vulnerability TrendsGoogle Vulnerability TrendsDebian Vulnerability TrendsApple Vulnerability TrendsVendor Vulnerability Trend SummaryOperating System Vulnerability TrendsGoogle Android Vulnerability TrendsApple iOS Vulnerability TrendsMobile Operating System SummaryMicrosoft Windows 10 Vulnerability TrendsApple macOS Vulnerability TrendsDesktop Operating System SummaryUbuntu Linux Vulnerability TrendsLinux Kernel Vulnerability TrendsMicrosoft Windows Server 2016 Vulnerability TrendsServer Operating System SummaryWeb Browser Vulnerability TrendsApple Safari Vulnerability TrendsGoogle Chrome Vulnerability TrendsWeb Browser SummaryVulnerability Improvement Framework SummaryVulnerability Management GuidanceSummaryReferences
IntroductionWhy is there so much malware on Windows compared to other platforms?Data sourcesThe Malicious Software Removal ToolReal-time anti-malware toolsNon-security data sourcesAbout malwareHow malware infections spreadTrojansPotentially unwanted softwareExploits and exploit kitsWormsRansomwareVirusesBrowser modifiersMeasuring malware prevalenceGlobal Windows malware infection analysisRegional Windows malware infection analysisThe threat landscape in the Middle East and Northern Africa10-year regional report card for the Middle East and Northern Africa The threat landscape in the European Union and Eastern Europe10-year regional report card for the European Union10-year regional report card for select Eastern European locationsThe threat landscape in select locations in Asia and Oceania10-year regional report card for Asia and OceaniaThe threat landscape in select locations in the Americas10-year regional report card for the AmericasRegional Windows malware infection analysis conclusionsWhat does this all mean for CISOs and enterprise security teams?Global malware evolutionGlobal malware evolution conclusionsThe evolution of ransomwareDelivery mechanismsExecution mechanismsRansom payment methodsRansom demands and communicationsBusiness modelThe great debate – are anti-malware solutions really worthwhile?SummaryReferences
IntroductionA typical attackPhishing attacksMitigating phishingDrive-by download attacksMitigating drive-by download attacksMalware-hosting sitesMitigating malware distributionPost compromise – botnets and DDoS attacksSummaryReferences
The pursuit of happinessGovernments as cybersecurity market participantsGovernments as standards bodiesGovernments as enforcersRegulatorsLaw enforcementGovernments as defendersPublic safetyNational securityMilitarySummaryReferences
Understanding government access to dataThe signals intelligence scenarioThe unlawful government access to data scenarioThe lawful government access to data scenarioLawful government access to dataThe CLOUD Act and the PATRIOT ActManaging the risk of government access to dataThe volume of law enforcement requestsThe probability of US law enforcement accessing data in the cloudThe GDPR, FISA Section 702, and Schrems IIThe Probability of US Intelligence Accessing Data in the CloudMitigating government access to dataSetting and understanding the scopeSetting realistic objectivesPlanning data protection controlsConclusionSummaryReferences
What is a cybersecurity strategy?Other ingredients for a successful strategy Business objective alignmentCybersecurity vision, mission, and imperativesSenior executive and board supportUnderstand the risk appetiteRealistic view of current cybersecurity capabilities and technical talentCompliance program and control framework alignmentAn effective relationship between cybersecurity and ITSecurity cultureSummaryReferences
IntroductionMeasuring the efficacy of cybersecurity strategiesCybersecurity strategiesProtect and Recover StrategyCFSS score Protect and Recover Strategy summaryEndpoint Protection StrategyCFSS scoreEndpoint Protection Strategy summaryPhysical control and security clearances as a security strategyCFSS scorePhysical Control and Security Clearances Strategy summaryCompliance as a Security StrategyCFSS scoreCompliance as a Security Strategy summaryApplication-Centric StrategyCFSS scoreApplication-Centric Strategy summaryIdentity-Centric StrategyCFSS scoreIdentity-Centric Strategy summaryData-Centric StrategyCFSS scoreData-Centric Strategy summaryAttack-Centric StrategyCFSS scoreAttack-Centric Strategy summaryZero TrustCFSS scoreCybersecurity strategies summaryDevOps and DevSecOpsSummaryReferences

IntroductionWhat is an Intrusion Kill Chain?Modernizing the Kill ChainMapping the Cybersecurity Usual SuspectsUpdating the matrixIntrusion Kill Chain or ATT&CK?Getting startedMaturity of current cybersecurity capabilitiesPervasiveness of current cybersecurity capabilitiesWho consumes the data?Cybersecurity license renewalsImplementing this strategyRationalizing the matrix – gaps, under-investments, and over-investmentsIdentifying gapsIdentifying areas of under-investmentIdentifying areas of over-investmentPlanning your implementationDesigning control setsAttack phase – Reconnaissance IExample controls for Reconnaissance IInsights from ATT&CKAttack phase – DeliveryExample controls for DeliveryInsights from ATT&CKAttack phase – ExploitationExample controls for ExploitationInsights from ATT&CKAttack phase – InstallationExample controls for InstallationInsights from ATT&CKAttack phase – Command and Control (C2)Example controls for C2Insights from ATT&CKAttack phase – Reconnaissance IIExample controls for Reconnaissance IIInsights from ATT&CKAttack phase – Actions on ObjectivesExample controls for Actions on ObjectivesInsights from ATT&CKConclusionSummaryReferences
IntroductionUsing vulnerability management dataAssets under management versus total assetsKnown unpatched vulnerabilitiesUnpatched vulnerabilities by severityVulnerabilities by product typeMeasuring the performance and efficacy of an Attack-Centric StrategyPerforming intrusion reconstructionsUsing intrusion reconstruction resultsIdentifying lame controlsLearning from failureIdentifying helpful vendorsInforming internal assessmentsAdversary emulations leveraging ATT&CKSummaryReferences
IntroductionHow is cloud computing different?Cloud Service Providers versus Managed Service ProvidersMigrating to the cloudCybersecurity assessment questionnairesSecurity and compliance game changersThe power of APIsThe advantages of automationMitigating insider threat and social engineeringMitigating unpatched vulnerabilities Mitigating security misconfigurations Mitigating weak, leaked and stolen credentialsSecurity and compliance game changers – summaryUsing cybersecurity strategies in the cloudUsing the Protect and Recover Strategy in the cloudCompliance as a Cybersecurity Strategy in the cloudUsing the Attack-Centric Strategy in the cloud DevOps – A modern approach to security in the cloud Disaster Recovery in the cloudEncryption and key managementConclusionSummaryReferences

Overview

"Cybersecurity Threats, Malware Trends, and Strategies" is your comprehensive guide to staying ahead in the constantly evolving world of cybersecurity. You will explore trends in threats and malware, learn about the role of government actors, and develop robust strategies to protect your organization's IT infrastructure.

What this Book will help me do

Understand contemporary cybersecurity threats and mitigation strategies.
Develop effective vulnerability management and risk reduction approaches.
Implement practical techniques to deal with ransomware and malware.
Analyze the role of governments in cybersecurity and design protective measures.
Learn how to utilize cloud resources to enhance security practices.

Author(s)

Tim Rains, a seasoned expert in cybersecurity, has led security initiatives at Microsoft and Amazon Web Services (AWS). With decades of experience advising both public and private sectors globally, Tim specializes in creating and implementing effective cybersecurity strategies. His writing is informed by real-world applications and is tailored to professionals seeking actionable insights.

Who is it for?

This book is designed for professionals managing or participating in organizational cybersecurity initiatives. If you are a CISO, security architect, or compliance officer, you will find this resource invaluable. Prior knowledge of IT principles and cybersecurity will help readers gain the most from this text. It is specifically catered to those aiming to align their organizations to face modern cyber threats.