The Importance of Cyber threat intelligence
Cyber threat Intelligence involves tracking, and analyzing digital security threats with the sole aim of protecting assets that might be affected with incidents that are generated or spread via electronic media. This intelligence is often shared among security researchers to harden security. It can be shared by the Black hats who are probably trying to brag about their exploits or sell credit cards, and compromised login credentials.
Some of these bad guys post their exploits and illicit accomplishments on dark web forums, social media, and paste sites to gain reputation, causing damage and a host of other reasons.
With cyber intelligence, users and companies can detect when there is a breach against them and they can take actions to mitigate further damages. For example, when a credit card is stolen and exposed in the dark web, the user or the credit card company can take actions to disable that particular credit card that has been compromised and investigations can commence to detect the extent of the breach.
Cyber threat Intelligence over the years has helped security companies (antivirus, IDS, EDR) to mitigate attacks by sharing Indicators of Compromise (IOC) such as malware signatures, IP addresses, and file hashes.
Open Source threat intelligence techniques can also be used to stay up to date with threats in the cyber space. OSINT and the tools used for OSINT are discussed in one of our blog posts here.
Sources of Cyber Threat Intelligence
Social Media: Facebook, Twitter, and Telegram are good sources, monitoring these platforms can be quite difficult so tech guys write scripts to automate the monitoring process on these platforms.
Email Compromise Check: These type of sites can be used to check if your email has been compromised, so hurry up and check.
Paste Sites: There are a lot of database leaks and compromised credentials that end up on pastebin so a first step is to check if your data or your organisation’s data has leaked. Scripts can also automate the process of watching what happens on paste sites.
The Dark Web: The dark web is the ungoverned part of the internet so the bad guys make use of dark web forums to communicate, there are markets on the dark web where illegal materials such as credit card, and weapons are sold. The only way to access the dark web is via the Tor network, this is made easy with the Tor Browser. Keeping an eye on the dark web as well as knowing which forums to visit is quite difficult so a lot of organisations rely on cyber intelligence companies to provide feeds on what is going on in there.
Cyber threat Intelligence is very useful in containing and implementing quick response to breaches.
