Further Reading: Emerging Threats

Curated, annotated resources to deepen this chapter. Each entry notes which learning path it serves most (🛡️ SOC, 🏗️ Engineer, 📋 GRC, 📜 Cert) and its citation tier. Start with the suggested order; you do not need to read everything before Chapter 36. Because this chapter is about a moving landscape, prefer the living sources (advisories, standards bodies) over any single dated article.

Suggested order

  1. Read the NIST post-quantum standards announcement and skim FIPS 203/204/205 to see that PQC is real and finalized, not speculative.
  2. Read CISA's ransomware guidance (StopRansomware) for the authoritative resilience checklist.
  3. Skim the latest Verizon DBIR sections on ransomware and the human element to ground the threat in data.
  4. Browse NIST's guidance on synthetic content / AI risk to frame the deepfake problem.
  5. Keep MITRE ATT&CK open as a reference for the living-off-the-land techniques named in §35.2–35.3.

Standards & primary documents (Tier 1)

  • NIST, Post-Quantum Cryptography project, and FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA) (standards finalized 2024). 🏗️📜 The actual post-quantum standards a migration will adopt. Read the announcement first for context, then the FIPS documents for the specifics; FIPS 203 is key establishment, 204 and 205 are signatures. (If you cite a precise publication date, verify it against the NIST site — this chapter dates the finalization to 2024.)
  • NIST, Migration to Post-Quantum Cryptography (NCCoE project) and related guidance. 🏗️📋 Practical guidance on the migration problem — inventory, crypto-agility, and prioritization — which is the hard part this chapter emphasizes. The companion to the algorithm standards.
  • CISA, #StopRansomware Guide (CISA/MS-ISAC joint guidance). 🛡️📋 The authoritative, regularly updated resilience checklist: backups, segmentation, MFA, and incident response for ransomware. Maps almost one-to-one onto §35.2's checklist.
  • CISA advisories and the Known Exploited Vulnerabilities (KEV) Catalog. 🛡️🏗️ The living feed of what is actually being exploited; the front line of horizon-scanning inputs (§35.6). Subscribe, don't bookmark.
  • Verizon, Data Breach Investigations Report (DBIR) (annual). 🛡️📋 Ground-truth on how breaches happen, including ransomware trends, the role of stolen credentials, and the human element behind social engineering. The antidote to threat hype.
  • MITRE ATT&CK (attack.mitre.org). 🛡️🏗️ The shared vocabulary for attacker behavior; look up the living-off-the-land and ingress/exfiltration techniques referenced in this chapter to turn them into detections.
  • NIST AI Risk Management Framework (AI RMF) and NIST work on synthetic/generated content. 📋🏗️ A framework for reasoning about AI-enabled risks, including synthetic media; useful for governing the deepfake threat rather than only reacting to it. (Tier 1 for the framework; specific synthetic-media guidance evolves — treat detailed claims as Tier 2.)

Free online & ongoing sources (Tier 1 / Tier 2)

  • Sector ISACs (e.g., a financial-services ISAC). 📋🛡️ Sector-specific threat sharing is among the highest-signal horizon-scanning inputs; for a bank like Meridian, this is where emerging-threat warnings arrive first. (Tier 2: membership and content vary by sector.)
  • Reputable vendor and CERT threat-intelligence reporting on ransomware and supply chain. 🛡️ Useful for the ecosystem picture (RaaS affiliate models, initial access broker markets) — read several sources and cross-check; specifics vary. (Tier 2: attribute carefully; do not treat one report's figures as canonical.)
  • OpenSSF / SLSA framework materials (for software supply chain provenance). 🏗️ The provenance and build-integrity direction §35.3 points toward; pairs with Chapter 29's SBOM material and Chapter 31's pipeline work.
  • Reporting on real deepfake-fraud incidents (e.g., the synthetic-CFO video-call wire-fraud cases). 📋🛡️ Read for the mechanism and the lesson, not the figures, which vary by retelling. Confirms the §35.4 attack patterns are operational, not hypothetical. (Tier 2: treat specific amounts/companies as illustrative unless verified.)

Books & deeper background (Tier 1)

  • Chapple, M., & Seidl, D., CompTIA Security+ Study Guide. 📜 Its threats and cryptography chapters now cover emerging threats, supply chain attacks, and post-quantum/crypto-agility at exam depth — a good consolidation for certification candidates.
  • Harris, S., & Maymí, F., CISSP All-in-One Exam Guide. 📜📋 For the cryptography lifecycle, supply chain risk, and threat-intelligence material at CISSP depth (Domains 1, 3, 8).
  • Anderson, R., Security Engineering (3rd ed.). 🏗️ For durable background on cryptographic agility, systems that fail, and why migrating cryptography is so hard in practice — read alongside §35.5.

Reading order by path

  • 🛡️ SOC: StopRansomware guide → DBIR ransomware sections → MITRE ATT&CK (LOTL/exfiltration) → deepfake incident reporting.
  • 🏗️ Engineer: NIST PQC standards (FIPS 203/204/205) → NIST PQC migration guidance → SLSA/OpenSSF → Anderson on crypto-agility.
  • 📋 GRC: CISA advisories + sector ISAC → DBIR → NIST AI RMF → StopRansomware (for the IR/decision side).
  • 📜 Cert: Security+ / CISSP study guides (threats + crypto chapters) → skim FIPS 203/204/205 names and purposes → KEV for the "compliance ≠ prepared" lesson.

⚖️ Authorization & Ethics reminder: Some sources describe offensive ransomware tradecraft and synthetic-media generation. Study them to defend — to build resilience and verification — never to replicate. Creating deepfakes of real people without consent, or operating ransomware, is criminal in most jurisdictions; the value here is entirely in not being fooled and in surviving the attack.