Scribd
Upload
39 views2 pages

Threat Research Facts

Threat Research Facts

Uploaded by

Віталій Іванюк
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
39 views2 pages

Threat Research Facts

Threat Research Facts

Uploaded by

Віталій Іванюк
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Firefox https://labsimapp.testout.com/v6_0_453/index.html/productviewer/1188/...

2.2.4 Threat Research Facts

Malware signatures are a primary method used for detecting threats. Malware signatures are unique
and include data or bits of code that allow malware to be identified. To identify malicious files,
antivirus software scans file signatures and compares them to a known list of bad malware signatures.

Now, more advanced forms of threats, have emerged. As the tools and skill set of attackers have
improved, threat research has also had to improve. Although malware signatures are still used to
identify malicious files, additional research and analysis is also needed to identify new forms of
malware.

This lesson covers the following topics:

Reputational threat research


Indicator of compromise
Behavioral threat research

Reputational Threat Research


Reputational risk is the threat to the perception of an organization's conformance to a set of standards
that include quality, character, and stability. Social media plays an important role in the perception of
an organization"s reputation.

To perform reputational threat research, select one or more sources for indicators of reputational
threats. Then, search log files for potential threat indicators. Compare indicators from log files with
data obtained from reputational threat research sources.

Threat research sources often identify DNS and IP address information associated with known attacks.
Searching logs for the identified DNS and IP addresses is a good way to begin to identify a reputational
attack.

Indicator of Compromise
In the event of a successful attack on your network, there will often be residual signs of the attack.
These signs are called indicators of compromise (IoC). Sometimes these indicators are clearly
identifiable, such as a malware signature. Other times the indicators are not as obvious, and an
analyst must use experience and knowledge to identify a possible IoC.

Examples of IOCs are:

Unusual emails
Unusual registry updates
Unusual file system changes
Unusual port usage
Unauthorized software
Unauthorized files
Unauthorized account usage
Unauthorized hardware

1 of 2 6/27/2021, 8:48 PM
Firefox https://labsimapp.testout.com/v6_0_453/index.html/productviewer/1188/...

Behavioral Threat Research


Behavioral threat research combines IoCs to show patterns and techniques used in previous attacks.
Because IoCs are somewhat subjective, an analyst should investigate IOCs to collect data to reinforce
findings or dismiss the IOCs as a valid threat.

Analysts will often report their findings to research sites in hopes that it will help other analysts who
come across similar attacks. These findings usually include the tactics, techniques, and procedures
(TTP) used in attacks.

The following table provides potential attacks and indicators:

Attack Description

Indicators of a virus attack are:

Virus High memory usage


High CPU usage

Indicators of a denial of service attack are:

Denial of service Increased traffic levels


IP addresses from unusual geographic locations

Indicators of an advanced persistent threat are:

Advanced persistent threat (APT) Port hopping


Rapidly changing domain IP addresses

Copyright © 2021 TestOut Corporation All rights reserved.

2 of 2 6/27/2021, 8:48 PM

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy