Cybersecurity Threats, Malware Trends, and Strategies Second Edition Discover risk mitigation strategies for modern threats to your organization Tim Rains BIRMINGHAM—MUMBAI Cybersecurity Threats, Malware Trends, and Strategies Second Edition Copyright © 2023 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Senior Publishing Product Manager: Aaron Tanna Acquisition Editor – Peer Reviews: Gaurav Gavas Project Editor: Meenakshi Vijay Content Development Editor: Liam Thomas Draper Copy Editor: Safis Editing Technical Editor: Aneri Patel Proofreader: Safis Editing Indexer: Sejal Dsilva Presentation Designer: Rajesh Shirsath Developer Relations Marketing Executive: Meghal Patel First published: May 2020 Second edition: January 2023 Production reference: 1170123 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-80461-367-2 www.packt.com Foreword Being a security leader in this day and age is a bit like putting on the comedy and tragedy masks you see in theaters. Some incidents that come across security leaders’ desks are comedies of en- tirely avoidable errors. Others are tragedies that are completely out of the control of victimized companies, and there is no hope but to react to such things. Unpatched vulnerabilities and sup- ply chain security issues come to mind. There are two things, one being very preventable with the right processes or technology, and the other where you have no choice but to respond to the downstream effects. With the volume of commodity attacks hitting infrastructures every second, CISOs have little to no room for error. Knowing there is no such thing as 100% secure anything, a security program must address the most likely and most impactful risks. With that in mind, it’s critical to find the most significant source of vulnerability and protect against it repeatedly. As a CISO that has run security operations for four major brands, each company will have unique challenges that influence your ability to respond, such as its culture, industry limitations, or just plain resistance to change. Security leadership’s job is to fight through these areas of resistance to get to aligned outcomes that achieve the primary mission of keeping the company, customers, and employees safe from harm from a cyber incident. There are many tools at the disposal of leaders in dealing with these challenges. I’ve found that my best source of knowledge is connecting with peers who have been through the challenges and problems I’ve faced. The tactile knowledge of a round table is unmatched in my experience of what you can get from any conference session or training room. That is one reason I’m so excited to see Cybersecurity Threats, Malware Trends, and Strategies revised by Tim Rains. Tim has been at the table at more of this type of discussion than anyone. I’ve known Tim Rains for over 12 years. The only person that knows as many CISOs as I do is Tim. Tim’s career has been driven by hearing complex problems from leaders and centering them on rational solutions. Tim has had the advantage of sitting at round tables with some of the best security leadership in the industry. Combining that with leadership positions in some of the largest fortune 500 companies, he has a unique, informed perspective. I’ve had the pleasure of being a part of many of these round tables as my peers battle with some of the most challenging problems in the industry. In several cases, there are no good answers, and it’s a best-effort situ- ation because of limitations in technology or industry forces. Tim has provided some of his best lessons in this book. He brings forward all his years of industry knowledge and in-depth research on topics security leaders care about. CISOs need help with aligning their operational intent with strategic objectives. Starting with a good set of funda- mentals is critical to having a sound, dependable approach to cyber threats. As outlined in the book, the fundamentals are continuously attacked by the usual suspects: unpatched systems, misconfigurations, social engineering, insider threat, and weak passwords. My experience has taught me that these challenges transcend industries, budgets, and organizational talent. CISOs must ask themselves what parts of their programs address these baseline challenges and how effective those programs are. From there, CISOs must connect the dots of how those fundamental programs support the more significant strategic initiatives. No magic solution or consultative service can do it for you. It’s putting in the time to understand the supporting data and connecting with leaders across your enterprise. Tim provides an excellent guide on accessing the data and making it relevant to every leader. This is an important and timely book on how leaders can get a handle on the comedy and tragedy of cybersecurity. What is crucial for leaders is to have a definable approach to understanding their risk, know the most common security shortcomings, and understand the strategies to mitigate impacts. Cybersecurity Threats, Malware Trends, and Strategies will give you the guardrails that a CISO, CTO, CIO, or senior leader in an organization will need to get started. For that novice in the language of cyber security, an education on what matters when it comes to protecting your company is within each chapter, and those seasoned vets will see a framework for testing theories on addressing threats. The forces at play multiply for leaders as malware doubles year over year, regulatory issues require greater constraint, and the ease of automated attacks grows. Leaders must ask themselves serious questions, such as do I know the threats facing my organization? Do I have appropriate responses to those threats? Is there an approach to staying knowledgeable of impactful industry trends? Do I have a cybersecurity strategy that aligns with my risk profile? If you don’t know the answers to these questions, this book will get you started on the pathway to being confident in your future responses. Timothy Youngblood, CISSP Contributors About the author Tim Rains is an internationally recognized cybersecurity executive, strategist, advisor, and author. He has held the most senior cybersecurity advisor roles at both Microsoft and Amazon Web Services. Tim has experience across multiple cybersecurity and business disciplines including incident response, crisis communications, vulnerability management, threat intelligence, among others. Tim is currently Vice President, Trust & Cyber Risk at T-Mobile. Tim is the author of the popular book, Cybersecurity Threats, Malware Trends, and Strategies, published by Packt Publishing I’d like to thank my wife, Brenda, for encouraging me to write a second edition of this book and for her assistance and patience. Thank you Karen Scarfone for being our Technical Reviewer extraordinaire. I’d also like to thank Liam Draper, our Development Editor, and the entire team at Packt Publishing for making this book a reality. About the reviewer Karen Scarfone is the Principal Consultant for Scarfone Cybersecurity. She develops cyber- security publications for federal agencies and other organizations. She was formerly a Senior Computer Scientist at the National Institute of Standards and Technology (NIST). Since 2003, Karen has co-authored over 100 NIST publications on a wide variety of cybersecurity topics. In addition, she has co-authored or contributed to 18 books and published over 200 articles on cybersecurity topics. Karen holds master’s degrees in computer science and technical writing. Thanks to my husband, John—for everything. Join our community on Discord Join our community’s Discord space for discussions with the author and other readers: https://packt.link/SecNet Table of Contents Preface xi Chapter 1: Introduction 1 Different types of CISOs: “The CISO Spectrum” ����������������������������������������������������������������� 3 How organizations get initially compromised and the cybersecurity fundamentals ����������� 6 Unpatched vulnerabilities • 6 Security misconfigurations • 10 Weak, leaked, and stolen credentials • 11 Social engineering • 14 Insider threats • 15 Focus on the cybersecurity fundamentals ������������������������������������������������������������������������� 16 Understanding the difference between attackers’ motivations and tactics ������������������������ 17 Summary �������������������������������������������������������������������������������������������������������������������������� 20 References ������������������������������������������������������������������������������������������������������������������������ 20 Chapter 2: What to Know about Threat Intelligence 23 What is threat intelligence? ���������������������������������������������������������������������������������������������� 24 Where does CTI data come from? �������������������������������������������������������������������������������������� 24 Using threat intelligence ��������������������������������������������������������������������������������������������������� 27 The key to using threat intelligence • 31 Threat intelligence sharing ����������������������������������������������������������������������������������������������� 32 CTI sharing protocols • 33