Page 10 - MILConnection_Spring2019
P. 10
Humans are a weak link in cyber security, and
hackers and social manipulators know this. They try
to trick people into getting past security walls. They
design their actions to appear harmless and
legitimate.
Cyber criminals will use every method available to
gain valuable information from you. That’s why you
need to know about the threat.
DEFENSE SECURITY SERVICE
NATIONAL COUNTERINTELLIGENCE AND SECURITY CENTER
CYBER THREATS
WHY ARE YOU A TARGET? HOW DO THEY COMPROMISE NETWORKS,
SYSTEMS, AND TECHNICAL DATA?
Publicly available information helps foreign
intelligence entities identify people with placement Reconnaissance: Research phase used to identify
and access. and select targets by browsing websites to obtain
names, emails, business and social relationships, and
Contract information (bid, proposal, award or technical information.
strategies)
Weaponization: The foreign intelligence entities
Company website with technical and program assemble the payload and wrapper, such as coupling
information
a remote access exploit with a prepared spear-
Connections (partnerships, key suppliers, joint phishing email.
ventures, etc.) with other cleared or non-cleared Delivery: The foreign intelligence entity infects the
companies
target, most commonly using email, website
Employee association with companies or hijacking, or removable media (through insiders).
technologies made public through scientific journals, Exploitation: Successful compromise of targeted
academia, public speaking engagements, social vulnerability to allow malicious code to be run.
networking sites, etc.
Installation: Executed malicious code inserts
WHAT DO THEY TARGET? malware, such as a Remote Access Trojan or opens a
Company unclassified networks (internal and backdoor connection to the target system – may
extranets), partner and community portals, and allow for persistence.
commonly accessed websites Command and Control: The malware will
Proprietary information (business strategy, financial, communicate to a controller server to send or receive
human resource, email, and product data) instructions from the foreign intelligence entity.
Actions on the Objective: After completing the
Export-controlled technology
above actions, the foreign intelligence entity can
Administrative and user credentials (usernames, fulfill their requirements. Intelligence requirements
passwords, tokens, etc.) can range from exfiltration, using the system as a
strategic position to compromise additional systems
Foreign intelligence entities seek the aggregate of within the targeted network (hop-point), or
unclassified or proprietary documents which could sabotaging the system and network.
paint a classified picture
