Highlighting the Value of Threat Intelligence Reports

It appears everyday security professionals are evaluating new threats constantly. And what about the ones lurking in your network undetected? And did someone at your company open a phishing email? Is there a vulnerability that could be exploited in one of your applications or software? Or are you just in a business vertical, like healthcare or retail, that is particularly open to be targeted right now?

Witnessing the scale and sophistication of recent attacks disrupting our cyber security world, security teams must be on high alert against threats originating from cybercriminals, stealthy nation-state attackers, insiders, supply chains, and more – essentially the full spectrum of cyber threats. In order to stay up to date with these threats – who they might be, what industries they are most targeting, how they are infiltrating our systems – it is of utmost importance and value to stay up to date with the most recent threat intelligence.

Threat intelligence is an imperative way of learning about and dealing with the full spectrum of cyber threats. The Fidelis Threat Research Team (TRT) provides monthly reports on the timely information and situational awareness of ongoing relevant threats and an overall intelligence assessment of the potential risk from these threats. The information presented by the team includes data pertaining to threat actor and adversary activity tools, tactics, techniques, and procedures (including malware, infrastructures, and vulnerabilities exploited), and observed or assessed impact to organizations and business verticals being targeted. Their research is both quantitative and qualitative, giving security professionals a risk assessment and recommendations on how to detect or prevent these threats.

In their 2020 December Threat Intelligence Report, the Fidelis TRT analyzed the series of news events which culminated in the large-scale supply-chain compromise of the SolarWinds Orion IT/infrastructure management platform, ultimately affecting the U.S. government and large tech companies. While the SolarWinds compromise remains at the forefront of information security news, it is equally important to maintain perspective and to address relevant risks to individual organizations and systems. Thus, highlighting the value of Threat Intelligence reports, where timely data and assessments of threats can be critical in detecting threats earlier or preventing future breaches. Certain aspects of the SolarWinds incident showed how an older vulnerability in its product may have been leveraged, aligning with the Fidelis TRT’s assessment of vulnerability risks.

TRT also takes a risk-based approach to intelligence that is relatively unique to the industry. We focus on qualitative and analytical-based assessments rather than solely relying on post-incident technical indicators and attribution. One way we differentiate ourselves is through our Adversary Risk Matrix developed by our TRT Intelligence team. The Adversary Risk Matrix is a qualitative intelligence-based risk scoring system developed by TRT Intelligence that serves to represent the overall risk presented by a cyber adversary based off specific and observed attributes, with less focus on technical frameworks and indicators. Coupled with proactive asset management and terrain analysis, the intent of the Adversary Risk Matrix can allow consumers to prioritize threats and incorporate these into a risk-based decision-making process. The graphic below is a representative of the recently reported DarkHalo threat group from our December 2020 monthly report:

If you haven’t been doing so already, the Fidelis TRT highly recommends you download the monthly Threat Intelligence reports. Or, if you need all the information bundled, the Fidelis team has created a Threat Intelligence Toolkit that you can download. With growing cyber terrains, it becomes harder to gain full visibility into your environment. In knowing what the recent or relevant threats are, or where to look for them, could mean a world of difference in detecting a threat before it could do real damage to your company. Have any questions for us? Contact us and we’d be happy to help you! Happy hunting and stay secure.