Cyber defense
Download 2.54 Mb. View original pdf
|
| CIBERDEFENSA ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR 27 099. Qualitative concentration is when a large number of experts and technological and economic resources are concentrated in an organized and coordinated manner, creating a special cyber defense unit. 100. Qualitative concentration is a more common strategy than quantitative and is generally carried out by groups (APTs) associated with States, either organically or covertly. 101. Infiltration refers to clandestine access to networks of adversaries with the purpose of affecting their systems or information or with the intention of taking surreptitious control of them. It is a fundamental tactic in APTs or cyber espionage. 102. Surveillance refers to monitoring their own networks, internally and at the perimeter, in order to detect malicious actions or suspicious behaviors. It is one of the main activities of the security operations centers (COS, CERTs, CSIRTs, para. 340/342). 103. Ambush in cyberspace is carried out mainly through honeypots, honey nets, cyber deception platforms or weaponized decoys. 104. Honeypots i are virtually isolated (although simulating connectivity) network devices with fictitious activity (although simulating real activity, deliberately vulnerable (not excessively so that they appear real, aimed at attracting the attention of attackers (so that attackers believe they have successfully infiltrated the network but, in fact, they are actually being analyzed in an isolated environment) in order to analyze their tactics, techniques and procedures (TTPs), as well as trying to frustrate them and abandon the attack. 105. Honey net is a network composed of honeypots. Currently, the implementation of cybersecurity measures based on honey net technologies are not sufficient protection against experienced cyber attackers (APTs), therefore the use of other more advanced and proactive technologies such as cyber deception platforms is required. 106. Cyber deception platforms are sophisticated, dynamic and automated honey nets that are located in real logical environments, with the ability to detect, analyze and tackle, in real time, zero-day 6 and advanced cyber attacks. 107. Cyber deception technology considers cyber attackers TTPs and integrates with other cybersecurity technologies to provide cyber situational awareness, early threat detection and threat intelligence. It is especially useful for cyber threat hunting. 108. Cyber deception platforms are more at risk of interfering with the operation of real networks, so the technological solution must be carefully selected and tested before being implemented. 109. Weaponized decoys are electronic files or pieces of software, simulating information of interest to a potential cyber attacker, having preinstalled embedded malware designed to be activated on the cyber attacker’s network if exfiltrated. 110. Fire and movement in cyberspace refer to the need to design cyber attacks so that once they have caused the desired effect, they leave no trace of the attacker and the TTPs used, so that they cannot be attributed or reusable. |