In recent years, we have observed a substantial increase in even more tailored intrusion attempts by well-resourced and experienced adversaries employing a mixture of traditional human intelligence tradecraft as an enabler of computer network operations. These HUMINT/CNE blended operations have been disclosed in operations documented by various threat intelligence vendors, as well as observed in private by skilled and attentive network defenders.
As internet users increasingly move their lives into social media, these outlets have become a technological enabler of traditional HUMINT tradecraft, behind the thick veil of anonymity provided by the cyber domain. Besides providing a direct avenue to users with access to targeted data and services, social networks permit adversaries to conduct operations outside of the control of network defenders seeking to deploy countermeasures to their objectives. BUT FEAR NOT! These operations actually provide opportunities for network defenders in the first phase of the kill chain never previously imagined. In this webinar, I will lay out how these operations do (and don't) align to our models like the kill chain, and discuss potential countermeasures against these actions that permit defenders to operate earlier in the kill chain than previously imagined.