Draft:Cyber Threat Alliance

From Wikipedia, the free encyclopedia

The Cyber Threat Alliance (CTA) is a 501(c)(6) membership-based, nonprofit organization, that shares cyber threat intelligence among its member companies[1] and ​​works to promote cybersecurity practices.

Since CTA's founding in 2014 and official incorporation in January 2017,[2][3] it has facilitated cyber threat information sharing among its members.

The organization is currently headquartered in Arlington, Virginia with member companies headquartered in 12 countries and active in several others.[4]

History[edit]

Formation[edit]

CTA was formed by technology and cybersecurity companies Fortinet, McAfee, Palo Alto Networks, and Symantec as an information-sharing initiative, based on the idea that no single company can identify all cyber threats.[3] Sharing initially began with malware samples. As the sharing began to grow and prove useful for threat intelligence, the original members realized that they needed to create a separate, neutral entity to manage the sharing activities. Along with Cisco and Checkpoint, they established CTA as an independent, nonprofit company in January 2017.[2]

In attempts to aid companies' customers before hackers are aware of being identified, the founding organizations developed an "early sharing" model to help governments and companies be aware of early warnings to decrease the spread of hacking campaigns.[1] CTA launched its early sharing program in May 2018, where Cisco's cybersecurity unit, Talos, used CTA to quietly notify companies of the early stages of a potentially expansive cyberattack against Ukraine known as VPNFilter malware.[5]

Later in 2018, the Cyber Threat Alliance released research that found a significant increase in illicit crypto mining malware between 2017 and 2018. This trend allows hackers to illegally infect a computer and use it to perform cryptocurrency mining calculations in order to earn money.[6]

Since the VPNFilter alert, CTA has continued addressing warnings about hacking groups linked to nation-states and criminal hacking campaigns, including Symantec's early warning about a China-linked group that allegedly stole and repurposed hacking tools and the $4 billion WannaCry attack launched by North Korea.[1]

Leadership[edit]

CTA President and CEO, Michael Daniel, is the former Special Assistant to the President and Cybersecurity Coordinator, serving in the Barack Obama administration.[7] Daniel assumed the role of President and CEO in February of 2017.[8]

Jeannette Jarvis currently serves as CTA's Chief Membership and Communications Officer.[9]

Activities[edit]

Automated Sharing[edit]

To retain membership, CTA members must share a minimum amount of technical cyber threat intelligence on a weekly basis, including malware hashes and binaries, malicious domain names and Internet Protocol addresses, botnets, command and control (C&C) server information, file properties, registry keys, and other indicators of compromise (IOC). This shared intelligence flows through an automated platform and it includes information on both cybercrime or advanced persistent threats (APTs).[3]

CTA's framework utilizes an algorithm to assign a point value to the automated intelligence to help users understand why a certain threat indicator is important and provide members the opportunity to educate each other on complex and multidimensional attacks.[3]

Analytic Sharing[edit]

Analytic sharing activities include regular video meetings with cyber research teams, the use of an instant messaging platform, and the distribution of pre-publication, embargoed blog posts, research findings, and white papers among CTA members. This last type of collaboration, which CTA calls "early sharing," began in 2018, when Cisco provided an early warning to companies about the VPNFilter malware.[5] This model of 'early sharing' was continued by CTA subsequent to the VPNFilter incident, including providing access to research from Palo Alto Networks on a cyber espionage operation identified in late 2021.[10]

Ransomware Task Force

The Cyber Threat Alliance serves as a member of the Ransomware Task Force (RTF), a group of stakeholders from industry and government recommending policy solutions to combat ransomware.[11][12]

To support these efforts, CTA helped draft a Cyber Incident Reporting Framework[11] which identifies a set of principles that incident reporting regulations should incorporate in addition to a set of mock reporting formats which the Cybersecurity and Infrastructure Security Agency (CISA) can use as a foundation for reporting forms.[13]

Atlas Project[edit]

As a member of the World Economic Forum's Centre for Cybersecurity, CTA supported[14] the Forum's launch of the ATLAS Project in 2022.[15] Inspired by the definition of an atlas — a book of maps involving different points of view and uses — the project aims to “create a repository of information that can generate different views about the cybercriminal ecosystem” to facilitate a greater understanding of the data and security ecosystem, particularly for law enforcement and network defenders.[16]

Members[edit]

CTA has 36 current member companies.[17] Members are expected to make annual financial contributions to the Cyber ​​Threat Alliance.[18] The organization employs seven people.[4]

CTA's members are headquartered in 11+ countries and mostly include cybersecurity companies.[4]

Founding Members[4][edit]

References[edit]

  1. ^ a b c "The Cybersecurity 202: Top cybersecurity companies are pooling their intel to stop cyberattacks". Washington Post. 2020-07-17. ISSN 0190-8286. Retrieved 2023-11-21.
  2. ^ a b "Division of Corporations - Filing". icis.corp.delaware.gov. Retrieved 2023-11-21.
  3. ^ a b c d Seals, Tara (2014-09-12). "McAfee, Symantec, Fortinet and Palo Alto Launch Cyber Threat Alliance". Infosecurity Magazine. Retrieved 2023-11-21.
  4. ^ a b c d "As cyber threats grow, Arlington nonprofit enables companies to share information | ARLnow.com". ARLnow.com | Arlington, Va. local news. 2022-05-16. Retrieved 2023-11-21.
  5. ^ a b Bing, Chris (2018-05-23). "Researchers uncover sophisticated botnet aimed at possible attack inside Ukraine". CyberScoop. Retrieved 2023-11-21.
  6. ^ Lyons Hardcastle, Jessica (September 21, 2018). "Cyber Threat Alliance Reports 459% Spike in Cryptomining Malware". SDX Central.
  7. ^ "Michael Daniel". whitehouse.gov. 2012-08-02. Retrieved 2024-02-21.
  8. ^ Waterman, Shaun (2017-02-16). "J. Michael Daniel, Obama's cybersecurity czar, to head industry nonprofit". FedScoop. Retrieved 2024-02-21.
  9. ^ "Jeannette Jarvis, Chief Membership and Communications Officer of Cyber Threat Alliance — Cybersecurity Woman of the Year". Cybersecurity Excellence Awards. 2022-11-09. Retrieved 2023-11-21.
  10. ^ Miller, Maggie (2021-11-08). "Hackers breach nine global organizations in ongoing espionage campaign". The Hill. Retrieved 2023-11-21.
  11. ^ a b "Ransomware Task Force (RTF)". Institute for Security & Technology.
  12. ^ Freed, Benjamin (2020-12-21). "Tech industry groups plan anti-ransomware task force". StateScoop. Retrieved 2024-02-21.
  13. ^ "Framework for Cyber Incident Reporting" (PDF). Inside Cybersecurity. Retrieved 2 January 2024.
  14. ^ Daniel, Michael (2023-06-08). "How Global Information Sharing Can Help Stop Cybercrime". Harvard Business Review. ISSN 0017-8012. Retrieved 2023-11-21.
  15. ^ Hardcastle, Jessica Lyons. "World Economic Forum wants a global map of online crime". www.theregister.com. Retrieved 2023-11-21.
  16. ^ "Strength in Numbers: Partnering Against Cyber Threats". Cowbell. Retrieved 2 January 2024.
  17. ^ Alliance, Cyber Threat (2023-04-04). "Cyber Threat Alliance Welcomes CUJO AI as Newest Member". Cyber Threat Alliance. Retrieved 2023-11-21.
  18. ^ Luber, Stefan (2024-03-01). "Cyber Threat Alliance - Verbesserung der Cybersicherheit". Security-Insider (in German). Retrieved 2024-04-10.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Draft:Cyber_Threat_Alliance&oldid=1218231565"