SlideShare ist ein Scribd-Unternehmen logo

Threat Sharing for Human Rights Communities

Megan DeBlois
Megan DeBlois

This document discusses threat information sharing to strengthen human rights. It defines threat information as knowledge that can help protect against harm, such as attack indicators, tactics, and security alerts. Threat information is created through detection, analysis, and data collection. It is important to share selectively based on trust and whether the information will help others defend themselves. Information can be shared with threat researchers, practitioners, and at-risk communities and groups through a "traffic light" framework. The document proposes making threat information more actionable by informing risk management, creating awareness materials from research reports, and data-driven defense improvements.

Technologie
1 von 21
Downloaden Sie, um offline zu lesen
Threat Sharing for Human Rights A look at how we can strengthen our communities by sharing information Megan DeBlois, June 2020
What we’ll cover … ● What is threat information? ● How is it produced and created? ● Who shares? And with whom? ● Ideas around how to make it more actionable Photos by unsplash, credit to @jurrehoutkamp
Who am i? ● Based in California ● Part-time grad student at the University of Oxford https://megdeb.github.io/mydissertatio n/tabs/about/ ● Also work at Internews as an InfoSec Advisor and Technologist ● Side project: https://covid19apptracker.org My fabulous pup to keep you awake
What is threat information?
Threat Information … “Information related to a threat that might help an organization protect itself against a threat or detect the activities of an actor.” - NIST Guide to Cyber Threat Information Sharing ???? ????
Threat Information … Knowledge or data that can help you protect yourself, your organization, or your community against someone who is attempting to cause harm. - My Definition
Threat Information … Knowledge or data that can help you protect yourself, your organization, or your community against someone who is attempting to cause harm. - My Definition - Indicators of an attack - TTPs, or tactics, techniques and procedures - Security alerts, advisories and bulletins - Threat intelligence reports - Tool configurations (e.g., instructions on how to install a tool to extract and remove malicious .apks from an Android phone) - Countermeasures
Category Description An example of being operationalized Indicators of compromise Data observed in the system that is highly indicative that an attack has happened or is likely to happen ● Block lists, blocking IPs and domains in your firewall configuration (e.g., using OpenDNS) ● File hashes of known malicious things ● SSH Fingerprints, Email Addresses, and more! Tactics, techniques, and procedures Attack patterns and methods the adversary uses to carry out their operations. ● Creating a YARA rule based on the attack pattern identified Security alerts, advisories, and bulletins Information about a security concern that describes: - what happened, - why it’s important, and - an action a user should take ● Sharing alerts over a closed Signal, WhatsApp, or Wire group. Threat research reports A more detailed document outlining how an attack happened, indicators users should look out for, and more information about the attack(s). ● Creating case studies to use in training or awareness materials. Tool configurations Details around how to configure a security tool to effectively protect your system. ● Setting up a tool utilizing the configuration relevant to your industry or community. Countermeasures Defensive measures to take against a particular attack. ● Training users in your community how to enable two-factor authentication for greater account protection..
How do we create threat info?
Critical pieces to the threat sharing puzzle … Trust Threat Detection Photos by unsplash, credit to @olloweb
A Threat is Detected … now what? ● Sample collection (if possible) ○ Full Email Headers ○ Suspicious File ○ Logs ● Triage Analysis ○ As quickly as you can, find as many indicators ● Deeper Technical Analysis ○ This sometimes leads to more indicators ● Capturing Insights and Trends through Data ● So when to share?
Will the information help protect or defend?
Who do we share it with?
A game of tetris …
Traffic Light Protocol (TLP)
Threat Researchers & Analysts Community Researchers Amnesty International Human Rights Watch Electronic Frontier Foundation eQualit.ie Citizen Lab DSL Ukraine Media Diversity Institute Armenia Quirium Internews TibCERT Fundacion Karisma MISP Freedom of the Press And more! Private Sector: AV companies, Cybersecurity Firms, Platforms and Services First Responders / Practitioners Some members of the CiviCERT Community (www.civicert.org) Rapid Response Networks Some of the Researchers and Analysts (listed above) Beneficiaries Civil Society Human Rights Groups Media Organizations At Risk Individuals: Journalists, Activists, HRDs Producers Beneficiaries, First Responders, Threat Researchers Consumers Private Sector: Platforms (Microsoft, Google. Facebook, etc.) Cybersecurity Firms Antivirus Companies Threat Researchers & Analysts First Responders Practitioners The People
Joint Research ● Backstop partner organizations who are interested in doing research ● Support technical capacity to do the research ● Review any additional support ● Private sector share where possible and appropriate ● Partner organization leads community sharing Direct Research ● Support direct threat research and threat analysis internally (e.g., phishing and malware analysis) ● Private sector where possible and appropriate ● Community sharing where actionable (with specific organizations) Our Approach
What ideas do we have to make it more actionable?
Threat Sharing --> Action Goal: Better defense and greater protections against targeted attacks. ● Data Driven - we’re not talking big data, Anything that helps us gain more knowledge around attack methods and mitigations that address them ● Inform your Risk Management Decisions, Processes, Practices. ● Transform into Awareness Raising and Training Materials ● Publish excellent threat research reports (hat tip to Fundacion Karisma, Quirium, Amnesty, Human Rights Watch, EFF, CitLab, and others!) ● And more!
More Ideas?
Thanks! Stay in touch! mdeblois@internews.org

Empfohlen

2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosureSara-Jayne Terp
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 
2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_secSara-Jayne Terp
 
The Business(es) of Disinformation
The Business(es) of DisinformationThe Business(es) of Disinformation
The Business(es) of DisinformationSara-Jayne Terp
 
APEC TEL 58: Social Media Security
APEC TEL 58: Social Media SecurityAPEC TEL 58: Social Media Security
APEC TEL 58: Social Media SecurityAPNIC
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 
ICANN Security, Stability and Resiliency Plans & Framework
ICANN Security, Stability and Resiliency Plans & Framework ICANN Security, Stability and Resiliency Plans & Framework
ICANN Security, Stability and Resiliency Plans & Framework Bangladesh Network Operators Group
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 

Empfohlen

2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosureSara-Jayne Terp
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 
2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_secSara-Jayne Terp
 
The Business(es) of Disinformation
The Business(es) of DisinformationThe Business(es) of Disinformation
The Business(es) of DisinformationSara-Jayne Terp
 
APEC TEL 58: Social Media Security
APEC TEL 58: Social Media SecurityAPEC TEL 58: Social Media Security
APEC TEL 58: Social Media SecurityAPNIC
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 
ICANN Security, Stability and Resiliency Plans & Framework
ICANN Security, Stability and Resiliency Plans & Framework ICANN Security, Stability and Resiliency Plans & Framework
ICANN Security, Stability and Resiliency Plans & Framework Bangladesh Network Operators Group
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
Introduction to Threat Sharing
Introduction to Threat SharingIntroduction to Threat Sharing
Introduction to Threat SharingDavid Sweigert
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Open Analytics
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)Nadim Kadiwala
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
MISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
MISP Summit 2018: Barncat: Using MISP for Bulk Malware SurveillanceMISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
MISP Summit 2018: Barncat: Using MISP for Bulk Malware SurveillanceJohn Bambenek
 
STIX2-TAXII2_Update
STIX2-TAXII2_UpdateSTIX2-TAXII2_Update
STIX2-TAXII2_UpdateCyber Threat Intelligence Network (CTIN)
 
NTXISSACSC3 - Sharing is Real! by Christy Coffey
NTXISSACSC3 - Sharing is Real! by Christy CoffeyNTXISSACSC3 - Sharing is Real! by Christy Coffey
NTXISSACSC3 - Sharing is Real! by Christy CoffeyNorth Texas Chapter of the ISSA
 
Resume harris 19
Resume harris 19Resume harris 19
Resume harris 19NickHarris84
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceSyed Peer
 
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE - ATT&CKcon
 
Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other thingsSara-Jayne Terp
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeleySara-Jayne Terp
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security AwarenessDigit Oktavianto
 
02 fundamental aspects of security
02 fundamental aspects of security02 fundamental aspects of security
02 fundamental aspects of securityGemy Chan
 
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdfIntelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdfDataSpace Academy
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...Sara-Jayne Terp
 
Are you aware of the threat intelligence platform open source?
Are you aware of the threat intelligence platform open source?Are you aware of the threat intelligence platform open source?
Are you aware of the threat intelligence platform open source?securaa
 
Filth and lies: analysing social media
Filth and lies: analysing social mediaFilth and lies: analysing social media
Filth and lies: analysing social mediaDiana Maynard
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Michele Chubirka
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaStefano Maccaglia
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to Threat Sharing
Introduction to Threat SharingIntroduction to Threat Sharing
Introduction to Threat SharingDavid Sweigert
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Open Analytics
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)Nadim Kadiwala
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
MISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
MISP Summit 2018: Barncat: Using MISP for Bulk Malware SurveillanceMISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
MISP Summit 2018: Barncat: Using MISP for Bulk Malware SurveillanceJohn Bambenek
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceSyed Peer
 
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE - ATT&CKcon
 

Was ist angesagt? (12)

Introduction to Threat Sharing
Introduction to Threat SharingIntroduction to Threat Sharing
Introduction to Threat Sharing
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
MISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
MISP Summit 2018: Barncat: Using MISP for Bulk Malware SurveillanceMISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
MISP Summit 2018: Barncat: Using MISP for Bulk Malware Surveillance
 
STIX2-TAXII2_Update
STIX2-TAXII2_UpdateSTIX2-TAXII2_Update
STIX2-TAXII2_Update
 
NTXISSACSC3 - Sharing is Real! by Christy Coffey
NTXISSACSC3 - Sharing is Real! by Christy CoffeyNTXISSACSC3 - Sharing is Real! by Christy Coffey
NTXISSACSC3 - Sharing is Real! by Christy Coffey
 
Resume harris 19
Resume harris 19Resume harris 19
Resume harris 19
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
 

Ähnlich wie Threat Sharing for Human Rights Communities

Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other thingsSara-Jayne Terp
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeleySara-Jayne Terp
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security AwarenessDigit Oktavianto
 
02 fundamental aspects of security
02 fundamental aspects of security02 fundamental aspects of security
02 fundamental aspects of securityGemy Chan
 
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdfIntelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdfDataSpace Academy
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...Sara-Jayne Terp
 
Are you aware of the threat intelligence platform open source?
Are you aware of the threat intelligence platform open source?Are you aware of the threat intelligence platform open source?
Are you aware of the threat intelligence platform open source?securaa
 
Filth and lies: analysing social media
Filth and lies: analysing social mediaFilth and lies: analysing social media
Filth and lies: analysing social mediaDiana Maynard
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Michele Chubirka
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaStefano Maccaglia
 
Information Security And The Healthcare
Information Security And The HealthcareInformation Security And The Healthcare
Information Security And The HealthcareTracy Berry
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umarylandSara-Jayne Terp
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingijtsrd
 
Database Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationDatabase Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationApril Dillard
 
IMA Meeting 03222012
IMA Meeting 03222012IMA Meeting 03222012
IMA Meeting 03222012jerryjustice
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radarSaraJayneTerp
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNBAtlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNBDavid Shipley
 

Ähnlich wie Threat Sharing for Human Rights Communities (20)

Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other things
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security Awareness
 
02 fundamental aspects of security
02 fundamental aspects of security02 fundamental aspects of security
02 fundamental aspects of security
 
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdfIntelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
Intelligence Sharing - The Silver Shield For Prevention Of Cybercrime.pdf
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...
 
Are you aware of the threat intelligence platform open source?
Are you aware of the threat intelligence platform open source?Are you aware of the threat intelligence platform open source?
Are you aware of the threat intelligence platform open source?
 
Filth and lies: analysing social media
Filth and lies: analysing social mediaFilth and lies: analysing social media
Filth and lies: analysing social media
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - Maccaglia
 
Information Security And The Healthcare
Information Security And The HealthcareInformation Security And The Healthcare
Information Security And The Healthcare
 
Ist curriculum
Ist curriculumIst curriculum
Ist curriculum
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
 
OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptx
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Database Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationDatabase Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every Organization
 
IMA Meeting 03222012
IMA Meeting 03222012IMA Meeting 03222012
IMA Meeting 03222012
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radar
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNBAtlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
Atlantic Security Conference 2015 (AtlSecCon) Presentation on IT Security @UNB
 

Kürzlich hochgeladen

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Kürzlich hochgeladen (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Threat Sharing for Human Rights Communities

  • 1. Threat Sharing for Human Rights A look at how we can strengthen our communities by sharing information Megan DeBlois, June 2020
  • 2. What we’ll cover … ● What is threat information? ● How is it produced and created? ● Who shares? And with whom? ● Ideas around how to make it more actionable Photos by unsplash, credit to @jurrehoutkamp
  • 3. Who am i? ● Based in California ● Part-time grad student at the University of Oxford https://megdeb.github.io/mydissertatio n/tabs/about/ ● Also work at Internews as an InfoSec Advisor and Technologist ● Side project: https://covid19apptracker.org My fabulous pup to keep you awake
  • 4. What is threat information?
  • 5. Threat Information … “Information related to a threat that might help an organization protect itself against a threat or detect the activities of an actor.” - NIST Guide to Cyber Threat Information Sharing ???? ????
  • 6. Threat Information … Knowledge or data that can help you protect yourself, your organization, or your community against someone who is attempting to cause harm. - My Definition
  • 7. Threat Information … Knowledge or data that can help you protect yourself, your organization, or your community against someone who is attempting to cause harm. - My Definition - Indicators of an attack - TTPs, or tactics, techniques and procedures - Security alerts, advisories and bulletins - Threat intelligence reports - Tool configurations (e.g., instructions on how to install a tool to extract and remove malicious .apks from an Android phone) - Countermeasures
  • 8. Category Description An example of being operationalized Indicators of compromise Data observed in the system that is highly indicative that an attack has happened or is likely to happen ● Block lists, blocking IPs and domains in your firewall configuration (e.g., using OpenDNS) ● File hashes of known malicious things ● SSH Fingerprints, Email Addresses, and more! Tactics, techniques, and procedures Attack patterns and methods the adversary uses to carry out their operations. ● Creating a YARA rule based on the attack pattern identified Security alerts, advisories, and bulletins Information about a security concern that describes: - what happened, - why it’s important, and - an action a user should take ● Sharing alerts over a closed Signal, WhatsApp, or Wire group. Threat research reports A more detailed document outlining how an attack happened, indicators users should look out for, and more information about the attack(s). ● Creating case studies to use in training or awareness materials. Tool configurations Details around how to configure a security tool to effectively protect your system. ● Setting up a tool utilizing the configuration relevant to your industry or community. Countermeasures Defensive measures to take against a particular attack. ● Training users in your community how to enable two-factor authentication for greater account protection..
  • 9. How do we create threat info?
  • 10. Critical pieces to the threat sharing puzzle … Trust Threat Detection Photos by unsplash, credit to @olloweb
  • 11. A Threat is Detected … now what? ● Sample collection (if possible) ○ Full Email Headers ○ Suspicious File ○ Logs ● Triage Analysis ○ As quickly as you can, find as many indicators ● Deeper Technical Analysis ○ This sometimes leads to more indicators ● Capturing Insights and Trends through Data ● So when to share?
  • 12. Will the information help protect or defend?
  • 13. Who do we share it with?
  • 14. A game of tetris …
  • 16. Threat Researchers & Analysts Community Researchers Amnesty International Human Rights Watch Electronic Frontier Foundation eQualit.ie Citizen Lab DSL Ukraine Media Diversity Institute Armenia Quirium Internews TibCERT Fundacion Karisma MISP Freedom of the Press And more! Private Sector: AV companies, Cybersecurity Firms, Platforms and Services First Responders / Practitioners Some members of the CiviCERT Community (www.civicert.org) Rapid Response Networks Some of the Researchers and Analysts (listed above) Beneficiaries Civil Society Human Rights Groups Media Organizations At Risk Individuals: Journalists, Activists, HRDs Producers Beneficiaries, First Responders, Threat Researchers Consumers Private Sector: Platforms (Microsoft, Google. Facebook, etc.) Cybersecurity Firms Antivirus Companies Threat Researchers & Analysts First Responders Practitioners The People
  • 17. Joint Research ● Backstop partner organizations who are interested in doing research ● Support technical capacity to do the research ● Review any additional support ● Private sector share where possible and appropriate ● Partner organization leads community sharing Direct Research ● Support direct threat research and threat analysis internally (e.g., phishing and malware analysis) ● Private sector where possible and appropriate ● Community sharing where actionable (with specific organizations) Our Approach
  • 18. What ideas do we have to make it more actionable?
  • 19. Threat Sharing --> Action Goal: Better defense and greater protections against targeted attacks. ● Data Driven - we’re not talking big data, Anything that helps us gain more knowledge around attack methods and mitigations that address them ● Inform your Risk Management Decisions, Processes, Practices. ● Transform into Awareness Raising and Training Materials ● Publish excellent threat research reports (hat tip to Fundacion Karisma, Quirium, Amnesty, Human Rights Watch, EFF, CitLab, and others!) ● And more!