SlideShare uma empresa Scribd logo

Threat Sharing for Human Rights

Megan DeBlois
Megan DeBlois

This document discusses threat information sharing to strengthen human rights. It defines threat information as knowledge that can help protect against harm, such as attack indicators, tactics, and security alerts. Threat information is created through detection, analysis, and data collection. It is important to share selectively based on trust and whether the information will help others defend themselves. Information can be shared with threat researchers, practitioners, and at-risk communities and groups through a "traffic light" framework. The document proposes making threat information more actionable by informing risk management, creating awareness materials from research reports, and data-driven defense improvements.

Tecnologia
1 de 21
Baixar para ler offline
Threat Sharing for Human Rights A look at how we can strengthen our communities by sharing information Megan DeBlois, June 2020
What we’ll cover … ● What is threat information? ● How is it produced and created? ● Who shares? And with whom? ● Ideas around how to make it more actionable Photos by unsplash, credit to @jurrehoutkamp
Who am i? ● Based in California ● Part-time grad student at the University of Oxford https://megdeb.github.io/mydissertatio n/tabs/about/ ● Also work at Internews as an InfoSec Advisor and Technologist ● Side project: https://covid19apptracker.org My fabulous pup to keep you awake
What is threat information?
Threat Information … “Information related to a threat that might help an organization protect itself against a threat or detect the activities of an actor.” - NIST Guide to Cyber Threat Information Sharing ???? ????
Threat Information … Knowledge or data that can help you protect yourself, your organization, or your community against someone who is attempting to cause harm. - My Definition
Threat Information … Knowledge or data that can help you protect yourself, your organization, or your community against someone who is attempting to cause harm. - My Definition - Indicators of an attack - TTPs, or tactics, techniques and procedures - Security alerts, advisories and bulletins - Threat intelligence reports - Tool configurations (e.g., instructions on how to install a tool to extract and remove malicious .apks from an Android phone) - Countermeasures
Category Description An example of being operationalized Indicators of compromise Data observed in the system that is highly indicative that an attack has happened or is likely to happen ● Block lists, blocking IPs and domains in your firewall configuration (e.g., using OpenDNS) ● File hashes of known malicious things ● SSH Fingerprints, Email Addresses, and more! Tactics, techniques, and procedures Attack patterns and methods the adversary uses to carry out their operations. ● Creating a YARA rule based on the attack pattern identified Security alerts, advisories, and bulletins Information about a security concern that describes: - what happened, - why it’s important, and - an action a user should take ● Sharing alerts over a closed Signal, WhatsApp, or Wire group. Threat research reports A more detailed document outlining how an attack happened, indicators users should look out for, and more information about the attack(s). ● Creating case studies to use in training or awareness materials. Tool configurations Details around how to configure a security tool to effectively protect your system. ● Setting up a tool utilizing the configuration relevant to your industry or community. Countermeasures Defensive measures to take against a particular attack. ● Training users in your community how to enable two-factor authentication for greater account protection..
How do we create threat info?
Critical pieces to the threat sharing puzzle … Trust Threat Detection Photos by unsplash, credit to @olloweb
A Threat is Detected … now what? ● Sample collection (if possible) ○ Full Email Headers ○ Suspicious File ○ Logs ● Triage Analysis ○ As quickly as you can, find as many indicators ● Deeper Technical Analysis ○ This sometimes leads to more indicators ● Capturing Insights and Trends through Data ● So when to share?
Will the information help protect or defend?
Who do we share it with?
A game of tetris …
Traffic Light Protocol (TLP)
Threat Researchers & Analysts Community Researchers Amnesty International Human Rights Watch Electronic Frontier Foundation eQualit.ie Citizen Lab DSL Ukraine Media Diversity Institute Armenia Quirium Internews TibCERT Fundacion Karisma MISP Freedom of the Press And more! Private Sector: AV companies, Cybersecurity Firms, Platforms and Services First Responders / Practitioners Some members of the CiviCERT Community (www.civicert.org) Rapid Response Networks Some of the Researchers and Analysts (listed above) Beneficiaries Civil Society Human Rights Groups Media Organizations At Risk Individuals: Journalists, Activists, HRDs Producers Beneficiaries, First Responders, Threat Researchers Consumers Private Sector: Platforms (Microsoft, Google. Facebook, etc.) Cybersecurity Firms Antivirus Companies Threat Researchers & Analysts First Responders Practitioners The People
Joint Research ● Backstop partner organizations who are interested in doing research ● Support technical capacity to do the research ● Review any additional support ● Private sector share where possible and appropriate ● Partner organization leads community sharing Direct Research ● Support direct threat research and threat analysis internally (e.g., phishing and malware analysis) ● Private sector where possible and appropriate ● Community sharing where actionable (with specific organizations) Our Approach
What ideas do we have to make it more actionable?
Threat Sharing --> Action Goal: Better defense and greater protections against targeted attacks. ● Data Driven - we’re not talking big data, Anything that helps us gain more knowledge around attack methods and mitigations that address them ● Inform your Risk Management Decisions, Processes, Practices. ● Transform into Awareness Raising and Training Materials ● Publish excellent threat research reports (hat tip to Fundacion Karisma, Quirium, Amnesty, Human Rights Watch, EFF, CitLab, and others!) ● And more!
More Ideas?
Thanks! Stay in touch! mdeblois@internews.org

Recomendados

2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosureSara-Jayne Terp
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 
2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_secSara-Jayne Terp
 
The Business(es) of Disinformation
The Business(es) of DisinformationThe Business(es) of Disinformation
The Business(es) of DisinformationSara-Jayne Terp
 
APEC TEL 58: Social Media Security
APEC TEL 58: Social Media SecurityAPEC TEL 58: Social Media Security
APEC TEL 58: Social Media SecurityAPNIC
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 
ICANN Security, Stability and Resiliency Plans & Framework
ICANN Security, Stability and Resiliency Plans & Framework ICANN Security, Stability and Resiliency Plans & Framework
ICANN Security, Stability and Resiliency Plans & Framework Bangladesh Network Operators Group
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 

Recomendados

2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosureSara-Jayne Terp
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 
2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_secSara-Jayne Terp
 
The Business(es) of Disinformation
The Business(es) of DisinformationThe Business(es) of Disinformation
The Business(es) of DisinformationSara-Jayne Terp
 
APEC TEL 58: Social Media Security
APEC TEL 58: Social Media SecurityAPEC TEL 58: Social Media Security
APEC TEL 58: Social Media SecurityAPNIC
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 
ICANN Security, Stability and Resiliency Plans & Framework
ICANN Security, Stability and Resiliency Plans & Framework ICANN Security, Stability and Resiliency Plans & Framework
ICANN Security, Stability and Resiliency Plans & Framework Bangladesh Network Operators Group
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
Introduction to Threat Sharing
Introduction to Threat SharingIntroduction to Threat Sharing
Introduction to Threat SharingDavid Sweigert
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Open Analytics
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)Nadim Kadiwala
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
MISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
MISP Summit 2018: Barncat: Using MISP for Bulk Malware SurveillanceMISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
MISP Summit 2018: Barncat: Using MISP for Bulk Malware SurveillanceJohn Bambenek
 
STIX2-TAXII2_Update
STIX2-TAXII2_UpdateSTIX2-TAXII2_Update
STIX2-TAXII2_UpdateCyber Threat Intelligence Network (CTIN)
 
NTXISSACSC3 - Sharing is Real! by Christy Coffey
NTXISSACSC3 - Sharing is Real! by Christy CoffeyNTXISSACSC3 - Sharing is Real! by Christy Coffey
NTXISSACSC3 - Sharing is Real! by Christy CoffeyNorth Texas Chapter of the ISSA
 
Resume harris 19
Resume harris 19Resume harris 19
Resume harris 19NickHarris84
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceSyed Peer
 
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE - ATT&CKcon
 
Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other thingsSara-Jayne Terp
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeleySara-Jayne Terp
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security AwarenessDigit Oktavianto
 
02 fundamental aspects of security
02 fundamental aspects of security02 fundamental aspects of security
02 fundamental aspects of securityGemy Chan
 
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdfIntelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdfDataSpace Academy
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...Sara-Jayne Terp
 
Are you aware of the threat intelligence platform open source?
Are you aware of the threat intelligence platform open source?Are you aware of the threat intelligence platform open source?
Are you aware of the threat intelligence platform open source?securaa
 
Filth and lies: analysing social media
Filth and lies: analysing social mediaFilth and lies: analysing social media
Filth and lies: analysing social mediaDiana Maynard
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Michele Chubirka
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaStefano Maccaglia
 

Mais conteúdo relacionado

Mais procurados

Introduction to Threat Sharing
Introduction to Threat SharingIntroduction to Threat Sharing
Introduction to Threat SharingDavid Sweigert
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Open Analytics
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)Nadim Kadiwala
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
MISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
MISP Summit 2018: Barncat: Using MISP for Bulk Malware SurveillanceMISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
MISP Summit 2018: Barncat: Using MISP for Bulk Malware SurveillanceJohn Bambenek
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceSyed Peer
 
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE - ATT&CKcon
 

Mais procurados (12)

Introduction to Threat Sharing
Introduction to Threat SharingIntroduction to Threat Sharing
Introduction to Threat Sharing
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
MISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
MISP Summit 2018: Barncat: Using MISP for Bulk Malware SurveillanceMISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
MISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
 
STIX2-TAXII2_Update
STIX2-TAXII2_UpdateSTIX2-TAXII2_Update
STIX2-TAXII2_Update
 
NTXISSACSC3 - Sharing is Real! by Christy Coffey
NTXISSACSC3 - Sharing is Real! by Christy CoffeyNTXISSACSC3 - Sharing is Real! by Christy Coffey
NTXISSACSC3 - Sharing is Real! by Christy Coffey
 
Resume harris 19
Resume harris 19Resume harris 19
Resume harris 19
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
 

Semelhante a Threat Sharing for Human Rights

Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other thingsSara-Jayne Terp
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeleySara-Jayne Terp
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security AwarenessDigit Oktavianto
 
02 fundamental aspects of security
02 fundamental aspects of security02 fundamental aspects of security
02 fundamental aspects of securityGemy Chan
 
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdfIntelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdfDataSpace Academy
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...Sara-Jayne Terp
 
Are you aware of the threat intelligence platform open source?
Are you aware of the threat intelligence platform open source?Are you aware of the threat intelligence platform open source?
Are you aware of the threat intelligence platform open source?securaa
 
Filth and lies: analysing social media
Filth and lies: analysing social mediaFilth and lies: analysing social media
Filth and lies: analysing social mediaDiana Maynard
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Michele Chubirka
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaStefano Maccaglia
 
Information Security And The Healthcare
Information Security And The HealthcareInformation Security And The Healthcare
Information Security And The HealthcareTracy Berry
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umarylandSara-Jayne Terp
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingijtsrd
 
Database Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationDatabase Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationApril Dillard
 
IMA Meeting 03222012
IMA Meeting 03222012IMA Meeting 03222012
IMA Meeting 03222012jerryjustice
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radarSaraJayneTerp
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNBAtlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNBDavid Shipley
 

Semelhante a Threat Sharing for Human Rights (20)

Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other things
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security Awareness
 
02 fundamental aspects of security
02 fundamental aspects of security02 fundamental aspects of security
02 fundamental aspects of security
 
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdfIntelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...
 
Are you aware of the threat intelligence platform open source?
Are you aware of the threat intelligence platform open source?Are you aware of the threat intelligence platform open source?
Are you aware of the threat intelligence platform open source?
 
Filth and lies: analysing social media
Filth and lies: analysing social mediaFilth and lies: analysing social media
Filth and lies: analysing social media
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - Maccaglia
 
Information Security And The Healthcare
Information Security And The HealthcareInformation Security And The Healthcare
Information Security And The Healthcare
 
Ist curriculum
Ist curriculumIst curriculum
Ist curriculum
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
 
OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptx
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Database Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationDatabase Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every Organization
 
IMA Meeting 03222012
IMA Meeting 03222012IMA Meeting 03222012
IMA Meeting 03222012
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radar
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNBAtlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
 

Último

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 

Último (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

Threat Sharing for Human Rights

  • 1. Threat Sharing for Human Rights A look at how we can strengthen our communities by sharing information Megan DeBlois, June 2020
  • 2. What we’ll cover … ● What is threat information? ● How is it produced and created? ● Who shares? And with whom? ● Ideas around how to make it more actionable Photos by unsplash, credit to @jurrehoutkamp
  • 3. Who am i? ● Based in California ● Part-time grad student at the University of Oxford https://megdeb.github.io/mydissertatio n/tabs/about/ ● Also work at Internews as an InfoSec Advisor and Technologist ● Side project: https://covid19apptracker.org My fabulous pup to keep you awake
  • 4. What is threat information?
  • 5. Threat Information … “Information related to a threat that might help an organization protect itself against a threat or detect the activities of an actor.” - NIST Guide to Cyber Threat Information Sharing ???? ????
  • 6. Threat Information … Knowledge or data that can help you protect yourself, your organization, or your community against someone who is attempting to cause harm. - My Definition
  • 7. Threat Information … Knowledge or data that can help you protect yourself, your organization, or your community against someone who is attempting to cause harm. - My Definition - Indicators of an attack - TTPs, or tactics, techniques and procedures - Security alerts, advisories and bulletins - Threat intelligence reports - Tool configurations (e.g., instructions on how to install a tool to extract and remove malicious .apks from an Android phone) - Countermeasures
  • 8. Category Description An example of being operationalized Indicators of compromise Data observed in the system that is highly indicative that an attack has happened or is likely to happen ● Block lists, blocking IPs and domains in your firewall configuration (e.g., using OpenDNS) ● File hashes of known malicious things ● SSH Fingerprints, Email Addresses, and more! Tactics, techniques, and procedures Attack patterns and methods the adversary uses to carry out their operations. ● Creating a YARA rule based on the attack pattern identified Security alerts, advisories, and bulletins Information about a security concern that describes: - what happened, - why it’s important, and - an action a user should take ● Sharing alerts over a closed Signal, WhatsApp, or Wire group. Threat research reports A more detailed document outlining how an attack happened, indicators users should look out for, and more information about the attack(s). ● Creating case studies to use in training or awareness materials. Tool configurations Details around how to configure a security tool to effectively protect your system. ● Setting up a tool utilizing the configuration relevant to your industry or community. Countermeasures Defensive measures to take against a particular attack. ● Training users in your community how to enable two-factor authentication for greater account protection..
  • 9. How do we create threat info?
  • 10. Critical pieces to the threat sharing puzzle … Trust Threat Detection Photos by unsplash, credit to @olloweb
  • 11. A Threat is Detected … now what? ● Sample collection (if possible) ○ Full Email Headers ○ Suspicious File ○ Logs ● Triage Analysis ○ As quickly as you can, find as many indicators ● Deeper Technical Analysis ○ This sometimes leads to more indicators ● Capturing Insights and Trends through Data ● So when to share?
  • 12. Will the information help protect or defend?
  • 13. Who do we share it with?
  • 14. A game of tetris …
  • 16. Threat Researchers & Analysts Community Researchers Amnesty International Human Rights Watch Electronic Frontier Foundation eQualit.ie Citizen Lab DSL Ukraine Media Diversity Institute Armenia Quirium Internews TibCERT Fundacion Karisma MISP Freedom of the Press And more! Private Sector: AV companies, Cybersecurity Firms, Platforms and Services First Responders / Practitioners Some members of the CiviCERT Community (www.civicert.org) Rapid Response Networks Some of the Researchers and Analysts (listed above) Beneficiaries Civil Society Human Rights Groups Media Organizations At Risk Individuals: Journalists, Activists, HRDs Producers Beneficiaries, First Responders, Threat Researchers Consumers Private Sector: Platforms (Microsoft, Google. Facebook, etc.) Cybersecurity Firms Antivirus Companies Threat Researchers & Analysts First Responders Practitioners The People
  • 17. Joint Research ● Backstop partner organizations who are interested in doing research ● Support technical capacity to do the research ● Review any additional support ● Private sector share where possible and appropriate ● Partner organization leads community sharing Direct Research ● Support direct threat research and threat analysis internally (e.g., phishing and malware analysis) ● Private sector where possible and appropriate ● Community sharing where actionable (with specific organizations) Our Approach
  • 18. What ideas do we have to make it more actionable?
  • 19. Threat Sharing --> Action Goal: Better defense and greater protections against targeted attacks. ● Data Driven - we’re not talking big data, Anything that helps us gain more knowledge around attack methods and mitigations that address them ● Inform your Risk Management Decisions, Processes, Practices. ● Transform into Awareness Raising and Training Materials ● Publish excellent threat research reports (hat tip to Fundacion Karisma, Quirium, Amnesty, Human Rights Watch, EFF, CitLab, and others!) ● And more!