The recent announcement by Russian authority Roskomnadzor regarding tighter restrictions on the use of Telegram will cause a shift in communication protocols among cyber threat-actors.
-
The recent announcement by Russian authority Roskomnadzor regarding tighter restrictions on the use of Telegram will cause a shift in communication protocols among cyber threat-actors. We may see an increased adoption of alternatives such as Tox and its variants, Wickr, and more widely used platforms like Signal.
We all need to be staying ahead of the evolving threat-actors; otherwise, we risk falling behind.
-
R relay@relay.infosec.exchange shared this topic on
-
The recent announcement by Russian authority Roskomnadzor regarding tighter restrictions on the use of Telegram will cause a shift in communication protocols among cyber threat-actors. We may see an increased adoption of alternatives such as Tox and its variants, Wickr, and more widely used platforms like Signal.
We all need to be staying ahead of the evolving threat-actors; otherwise, we risk falling behind.
@Anthony_Kraudelt Hi anthony,
How would you define stay ahead here ?
-
@Anthony_Kraudelt Hi anthony,
How would you define stay ahead here ?
@eingfoan if you have a more mature cyber security environment the use of SEIM tools to detect specific protocols or executables associated with any un-authorized applications would be appropriate. In the case of blocking at the firewall, you could implement specific rules to prevent some of these applications from connecting to outside sources. Adopting a zero trust application execution environment permitting only allow listed programs can reduce the threat of future communication channels. Lastly, don't forget to think backwards. As we start to block and defend against new forms of encrypted communication also think about the old forms such as IRC and older blog platforms which can be used for command and control of compromised systems.
-
@eingfoan if you have a more mature cyber security environment the use of SEIM tools to detect specific protocols or executables associated with any un-authorized applications would be appropriate. In the case of blocking at the firewall, you could implement specific rules to prevent some of these applications from connecting to outside sources. Adopting a zero trust application execution environment permitting only allow listed programs can reduce the threat of future communication channels. Lastly, don't forget to think backwards. As we start to block and defend against new forms of encrypted communication also think about the old forms such as IRC and older blog platforms which can be used for command and control of compromised systems.
@eingfoan New Release
How MICE Threaten Cyber Security
Money. Ideology. Curiosity. Ego.Understand the mindset behind modern cyber threats.
Available now on Amazon: https://a.co/d/04Z8YD5q
#MICE #THREATS #cyber #Cybersecurity
-
@eingfoan New Release
How MICE Threaten Cyber Security
Money. Ideology. Curiosity. Ego.Understand the mindset behind modern cyber threats.
Available now on Amazon: https://a.co/d/04Z8YD5q
#MICE #THREATS #cyber #Cybersecurity
@Anthony_Kraudelt @eingfoan what do you think the impacts are of lone mice vs nation state efforts (basically herds of rats+) I say hacktivists pale in comparison
-
@Anthony_Kraudelt @eingfoan what do you think the impacts are of lone mice vs nation state efforts (basically herds of rats+) I say hacktivists pale in comparison
@gary_alderson @eingfoan Gary, great question. MICE as defined in my book isn't a specific individual, but more a set of mindsets that the threat-actor uses to justify their actions. In the example of ideology which is the I, in MICE, adherence to a belief such as that of a nation-state is very important to that specific individual or group.
Compared that to those who are motivated by money, which is the M in MICE., Financially motivated threats are typically individuals working together for their own personal gain. If you'd like to know more check out my book, available on Amazon.
Click here: https://a.co/d/04Z8YD5q
-
R relay@relay.infosec.exchange shared this topic
