The Ultimate Threat Actor Landscape – Highlights and Key Findings from The Cyber Threat Actor Handbook

Verint and Thales have recently released The Cyber Threat Actor Handbook – a comprehensive analysis of the most prominent threat actors operating in the world today.

This research is a knowledge-based operational tool for security analysts, to better understand the relevancy and risk posed by different threat actors operating globally. Each threat actor has a score, and all profiles are aligned with the MITRE ATT&CK framework and include:

  • A brief description of the threat actor and its aliases
  • Associated malware campaigns, attack vectors and TTPs
  • Most used exploits and CVEs
  • Motivation and objectives (Nation-State, Cybercrime, Hacktivism, Cyber-Terrorism)
  • Targeted sectors and geographical areas

Based on the handbook, Verint’s Cyber Threat Intelligence group has created The Ultimate Threat Actor Landscape report, which highlights the key findings from the Cyber Threat Actor Handbook.

In this blog post we present some of the key findings of the report, which is based on a thorough analysis of:

  • 490 Attack Campaigns
  • 66 Attack Groups
  • 525 Attack Tools
  • 173 MITRE Techniques
  • 98 CVEs

Who’s Behind The Attacks?

Who's behind the attacks

Inside the report we dive deep into who is behind the attacks and reveal detailed analysis of each threat actor, including the attacker’s origin, motives, attack techniques, campaigns, CVEs, tools used and more.

Where Do Threat Actors Find Us Vulnerable?

find us vulnerable

The Most Exploited CVEs

Organizations tend to procrastinate, when it comes to updating systems, even critical ones. In the report, we reveal the threat actors’ most exploited CVEs. Leveraging threat intelligence for vulnerability prioritization is key for reducing risk.

most exploited

A combination of underestimation of the risks and the required resources, are the main contributors to the slow implementation of patches (also known as the ‘Patching Paradox’).

Threat Intelligence regarding the exploitation of disclosed vulnerabilities (in 2018 alone, 16,514 vulnerabilities were disclosed), helps answer questions such as: What vulnerabilities are currently discussed and perceived as easier to exploit? Which exploits are currently developed and traded on underground sources? and Which zero-day vulnerabilities are circulating in hacking communities? The answers will help prioritize patch installation and vulnerability fixes.
Look out for our upcoming report, where we list the top 20 vulnerabilities to patch before 2020.

Which Countries Are Being Targeted?

The following map indicates the most targeted countries:

targeted countries

Which Industries Are The Most Threatened?

The following statistics indicate the most targeted sectors – based on 66 attack groups

targeted industries

Top Used Techniques (Based On The MITRE ATT&CK Framework)

Mitre attack

To Summarize…

There is a connecting line between threat intelligence about attack groups with cyber resilience, and it goes through vigorous threat actor profiling and clustering, threat hunting and accurate scoping of threats and risks.

This type of strategic and operational intelligence gives the bigger picture, looking at how threats and attack groups are changing over time. With such intelligence, you can find the answers to questions such as, who is attacking my organization, my industry, my region and why? The answers will provide clues to future operations and tactics of potential threat actors.

A single knowledge base with a contextualized analysis of all the major parameters and distinctions that define the threat actors, their motives and objectives, their targets and their modes of operation, and their technical skills, as part of an ongoing profiling process, is an essential tool for any cyber threat intelligence operation. Given the knowledge and the operational value derived from contextual analysis of threat actors’ activities and contextual-based profiling, security teams can substantially improve investigation processes and enhance the overall security resilience, with much more accurate threat hunting and risk scoping.
As security and intelligence professionals we must remember that raw data only becomes valuable once it is analyzed, to deliver targeted, context-based, actionable intelligence, according to the organization’s needs and assets, industry, location and more.

Download the Full Report Here