Cybersäkerhet: Från reaktiv till proaktiv

Waregård, Ellen, Wilke, Frida

January 2022

The number of reported cybercrimes in Sweden is increasing every year. Cybercrimes arebecoming more sophisticated and the attackers are more skilled than before. Attackers usedifferent tactics, techniques and procedures, TTP, to establish their goals. These TTP can beidentified and later used to combat future cyberattacks. This process is known as TacticalThreat Intelligence, TTI, and is characterized by the use of open source intelligence, OSINT, to gather information about previous attacks and TTP. This paper is a literature review toprovide a background of the topic. To further investigate the topic this paper also presents theanalyzis of three different threat intelligence sharing platforms to deepen the understanding ofhow TTI is used today. A statistical analysis is also presented in order to predict future ofcyberthreats. The results of the analysis of the threat intelligence sharing platforms clearly displays theneed to search for information in more than one source. This information will become thefoundation of intelligence, which makes information gathering one of the most importantsteps when working with TTI. The results of the statistical analysis show that cybercrime inSweden will continue to rise. One of the biggest challenges was to identify the current stateof the global cyberthreat landscape since global statistics for cybercrime could not be found.However, the Covid-19 pandemic has forced more people to work from home which hasincreased the number of potential cybercrime victims since home security tends to be lowerthan at a physical offic. Despite this, the number of reported cybercrimes has not increasedremarkably.

Tactical Threat Intelligence

Intelligence

Cyberthreat

TTP

OSINT

Other Computer and Information Science

Annan data- och informationsvetenskap

A Methodology for Cyberthreat ranking: Incorporating the NIST Cybersecurity Framework into FAIR Model

Bakare, Adeyinka A.

09 June 2020

No description available.

Computer Science

Cyberthreat

Threat ranking

Resistant strength

Loss event frequency

Risk assessment

Hybrid risk assessment

A DYNAMIC CYBER-BASED VIEW OF THE FIRM

Schwartz, Tamara

January 2019

Technology, perceived by many organizations to be a tool, has evolved from a set of tools, to a location in which many companies have located their key terrain through digitization. That location is cyberspace, an inherently compromised, hostile environment, marked by rapid change and intense competition. It is analogous to a dark alley lined with dumpsters and shadowy doorways with numerous people seeking to challenge organizational objectives. Despite the prevalence of digitization, which has transformed the organization from an anthropological manifestation to a cyborg construction, there does not currently exist a strategic view of the firm which explores the integration of the organization and cyberspace. This paper conceptualizes the Cyber-Based View of the Firm, a dynamic view designed to capture the complex interactions between people, technology, and data that enable cyberattack. A meta-analysis of current theory frames the research gap into which the Cyber-Based View fits. This meta-analysis, in conjunction with an exploratory case study of the Stuxnet attack, identified the need for physical mediation of the cognitive – informational interaction. Finally, the Cyber-Based View was used as a forensic tool to conduct a qualitative multi-case study. Using a failure autopsy approach, eight events were developed into case studies by examining, coding, and recombining the narratives within the qualitative data. A pattern matching technique was used to compare the empirical patterns of the case studies with the proposed patterns of the research construct, providing strong evidence of model validity. / Business Administration/Strategic Management

Business Administration

Information Technology

Cyberattack

Cyber-based View

Cybersecurity

Cyberthreat

Hybrid Warfare

Modelo de identificación de ciberamenazas para PYMES de servicios tecnológicos usando herramientas de Data Analytics / Cyberthreat Identification Model for Technology Services SMEs using Data Analytics

Villayzan Chancafe, Renzo Adrian, Gutierrez Perona, Juan Diego

27 October 2020

Este proyecto tiene como propósito mejorar la capacidad que tienen las empresas pequeñas y medianas de detectar ciberamenazas que puedan encontrarse en sus ambientes, y que no hayan sido detectadas por las herramientas de seguridad tradicionales, como los antivirus. El objetivo del proyecto fue desarrollar un modelo de análisis de logs que permita identificar ciberamenazas utilizando herramientas de Data Analytics en PYMES de servicios tecnológicos. De acuerdo con un estudio realizado por el Ponemon Institute en el 2018, el 82% de las empresas encuestadas reportaron que los exploits maliciosos evadieron sus soluciones de antivirus. El modelo propuesto fue validado mediante una simulación de ataque de phishing, el cual permitió generar un fileless malware que consiguió generar persistencia en la computadora de la víctima. Los registros obtenidos a partir de la simulación fueron utilizados para entrenar un modelo de machine learning, el cual proporcionó la información necesaria para clasificar el evento según las tácticas y técnicas del framework Att&ck del MITRE. Finalmente, con la clasificación del ataque, se tiene la capacidad de proponer estrategias de mitigación y mejoras en las políticas de seguridad de información de la empresa. Adicionalmente, al analizar los resultados obtenidos a partir del experimento de machine learning, se evidenció su eficacia, pues presentaba mejores métricas en comparación con investigaciones académicas similares. / The purpose of this project is to improve the ability of small and medium-sized companies to detect cyber threats that may be found in their environments, and that have not been detected by traditional security tools, such as antivirus. The main objective of the project was to develop a log analysis model that allows identifying cyber threats using Data Analytics tools in technology services SMEs. According to a study conducted by the Ponemon Institute in 2018, 82% of surveyed companies reported that malicious exploits evaded their antivirus solutions. The proposed model was validated by means of a phishing attack simulation, that delivered a fileless malware attack which managed to generate persistence on the victim's computer. The logs obtained from the attack simulation were used to train a machine learning model that provided the necessary information to classify the event according to the tactics and techniques of the MITRE Att&ck framework. Finally, with the classification of the attack, we had the ability to propose mitigation strategies and improvements in the company's information security policies. Additionally, when analyzing the results obtained from the machine learning experiment, its effectiveness was proved, as it presented better metrics compared to similar academic research. / Tesis

Ataque mitre

Análisis de datos

Pyme

Ciberamenaza

Mitre attack

Data analytics

SME

Cyberthreat