Time
4 hours
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:01
Hey, guys, welcome back to the introduction to Cyber cred Intelligence. In today's episode, we're gonna be talking about how cyber threat intelligence helps
00:11
a very interesting area because you wouldn't expect that a cyber tracked Italians unit can be used to detect fraud prevention.
00:20
It is not a monitoring unit.
00:23
It is not a unit that
00:26
it's supposed to be
00:28
monitoring assets or checking if there has been a compromised. It is a unit that it's used to gather information
00:36
and give them context. So
00:39
how exactly can save a credit intelligence help
00:44
to forefront to detect fraud prevention?
00:47
Well,
00:48
we'll see it now.
00:52
This chapter, as I mentioned before, will be all focused on fraud and its prevention by using cyber crit intelligence capability and specifically, we're going to be this casting
01:03
how several criminals organise themselves to execute fraud and extortion.
01:11
We're gonna see how conversations in criminal communities percent opportunities to gather valuable cyber threat intelligence,
01:19
and we're gonna learn which types off cyber broth you can combat by applying relevant cyber credit intelligence.
01:27
Now record the future makes a very accurate point when talking about criminals as a threat to organization,
01:36
they say
01:37
in a digital age
01:38
companies that transact business online, finding data targeted by Barry's form of cyber fraud.
01:45
To understand how criminals are looking to profit from your business, you cannot focus solely on detecting and responding to threats already actively exploiting your systems. You need to gather cyber threat intelligence
01:57
about the cyber criminal gangs targeting you and how they run their operations
02:02
in the image zone. We can see that Verizon's 2018 that a breach investigation report attributed more than 60% off confirmed bridges to organized crime.
02:15
This data alliance with intelligence gathered by recorders, future from dark Web communities showing that organized criminal groups oh, cogs are employing freelance hackers to the fraud businesses and individuals.
02:30
These groups over it just like legitimate business in many ways with Herrick. If members working as a team to create, operate and maintain fraud schemes,
02:42
a typical all CG is controlled by a single mastermind. The group might include bankers with extensive connection in the financial industry, tour wrench money laundering,
02:53
for it is responsible for fake documents and supporting paperwork.
02:58
Professional break managers who oversee the technical aspects of operations.
03:02
So far, engineers who write code and skill hackers
03:07
Some groups include ex law enforcement agents who gather information and run counter intelligence operations. The members of the cyber criminal syndicates tend to have strong ties in real life, and often they're respected members off their social groups.
03:24
They certainly don't regard themselves as ordinary street criminals. They rarely cross parts with every Gangsters, preferring to remain in the shadows and avoid attention from law enforcement and local Mafia branches. However, schemes that require large number of people, such as those in evil taking cash out of multiple
03:45
automated teller machine simultaneously,
03:46
can involve a chain off intermediates who recruit and manage the troopers who do the legwork.
03:53
Okay, we're ready, passed by how the criminal structure is often built. But in order to get all the different actors, there needs to be a place to actually hire these individuals.
04:04
They don't all work under the die. Some of them may work in a company just like many of us and our He even threw a logging name, and then I am solution.
04:14
On the other hand, some of them are actually working in forms that have an entrance fee, and cyber crimes are the primary income
04:24
only rarely can you attribute a cyber attack to a single individual operating Nash Isolation
04:30
events Attacks typically required a wide range of skills and tools and an infrastructure capable of launching and supporting campaigns that really strands from where fishing and other technical devices and social engineering techniques.
04:46
Today, all those products and service is can be purchased or rented for a price. In a sophisticated, sophisticated underground economy,
04:55
cybercriminals hackers and their accomplices exchange information and carry out transactions related to illicit activities under the Web address of the Web. That cannot be reached by sir changes as we discussed before, and that our Web world that are arias that can only be accessed with special suffer and tools like
05:15
tour
05:15
that we discussing previous models.
05:19
Not all cyber criminals operate exclusively in what will technically be referred to as the dark Web.
05:26
Some build communities based on a fairly standard discussion. Bird encrypted behind the logging and use technology like jabber and telegram to conduct their business is
05:36
prospective Members of the sonogram network are vetted by active participants in the chat rooms and forms. Before they are accepted,
05:46
they may have to pay an entrance fee ranging from $50 to around $20,000.
05:53
One firm even required perspective members to the positive over $100,000 to be part of it.
06:03
Cyber Threat Intelligence gathered from underground criminal community is a window into the motivations, methods and tactics of threat actors.
06:13
The poor. The power of truly contextually threat intelligence is shown by how it can grow together. Data from a wide variety of sources on make connections between disparate pieces of information
06:28
according to record the future and their investigations in the dark Web. They state that the dark Web is organized in Creede distinct communities,
06:35
low tear underground forums,
06:39
higher tier, dark with firms and dark with markets. Analysis revealed that a significant group of actors are posting in both low fear and high Teer forms showing a connection between these two communities, however,
06:53
that with markets are largely disconnected from these firms. To put this to use, the following contextual information may might be used to turn news about a new malware variant into intelligence
07:06
evidence that criminal groups are using these malware in the wild.
07:12
Reports that exploit kids using the malware are available for sale on the dark Web
07:17
and confirmation that vulnerability is targeted by the exploit. Kids are present in your enterprise.
07:25
The term payment fraud encompasses a wide variety of techniques by which Sievert cybercriminals profit from compromise payment data.
07:34
They can use fishing to collect card details. More accomplice attacks can compromise e commerce sites or point of sale systems to achieve the same goal.
07:44
Once they have acquired car data, Criminals can resell it often as packs of numbers and walk away with their cut. Cyber trade intelligence can provide early warning of coming attacks related to bateman fraud. Monitoring sources like criminal communities
08:01
pay to cite another firms for Ilham on payment card numbers.
08:05
Bank identifier numbers or a specific reference to financial institutions can give visibility into criminal operations that might affect your organization.
08:15
A high percentage of hacking related reaches leverage is stolen or weak passwords.
08:20
Cybercriminals regularly upload massive cassettes of username and password to pay sites into their Web or make them available for sale on underground marketplace.
08:31
This data dumps can include corporate email addresses and passwords, as well as looking details for other sites
08:39
monitoring external sources For this type of cyber threat, intelligence will dramatically increased her visibility not just into league credentials but also into potential britches off corporate data on preparatory code.
08:52
They image presented show a record created by recorded future that a set of credential off multiple user was passed boasted on some dark Web forum, and it it is being put up to sail or just being leaked
09:07
closely. Monitoring the sources is a key aspect of service. Great Intelligence Unit on. Let's be aware that this kind of activity D doesn't have to be done by the internal T, but it can be bought as a solution, just as record the future and other technologies offer.
09:24
Now, table squiring involves manually manipulating the characters in a company's domain name into nearly identical domains. For instance, example dot com may become example dot com. With an end,
09:39
Attackers can register thousands of domains, deferring from target organizations. You're old
09:45
by a single character for Reese arranging from suspicious to fully militias.
09:50
Rogue websites using these modifies, not names, are built to look like legitimate website. The road remains at websites can be using the spear phishing campaigns against company employees or customers watering hole attacks and tribe I download attacks
10:07
being alerted to newly Regis register fishing and type of Quetta domains in real time narrows the window available for cyber crime. Cyber criminals
10:16
to impersonate your brand to the fraud. Unsuspecting users. Once this, my malicious infrastructure is identified, you can employ a takedown service too full to newly fight the threat.
10:31
Okay, we have now reviewed. How is that cyber tracked Intelligence unit operating order to uncover aspects like fraud prevention? This is one of the capabilities. Does Mo. Most of the time, it's not expected from a Cyber Tragedy Aliens unit,
10:46
since it is a union thought to be used in Indian responses and increasing Deep Ian's capabilities,
10:50
not exactly an uncover in uncovering fraud or data breaches. With this, we can answer questions like How can fraud be prevented using CyberTrips intelligence
11:01
and what process is high? Have cyber tracked intelligence that will gather data in advance to the tech went off road has happened. So in today's reflector with this cursed house, I betrayed intelligent resources and tools can to take when of reach has happened and the security devices didn't detect.
11:20
Also, we spoke about when rich rated regional industries similar to organizations one are involved in a in a date average thesis will give the organization the upper hand to reveal if a data effect that the bridge has happened
11:39
in the next puzzle. We're going to start checking the frameworks available in order to implement the cyber tracked Italians unit in an organization. And what approaches can it take to provide the most effective permission? And that's it for now, hope to find this speedy a useful See you in the next video.

Up Next

Intro to Cyber Threat Intelligence

This Cyber Threat Intelligence training introduction series will cover the main definitions and concepts related to the CTI world. Will also explain the units and organization’s areas that will interact with the CTI processes.

Instructed By

Instructor Profile Image
Melinton Navas
Threat Intelligence Manager
Instructor