Cyber attacks happen all the time and in multiple forms, causing tremendous harm — e.g., broken trust, financial loss, reputation damage, and intellectual property theft. So preventing and stopping threats surely sounds like a priority, right? The tricky part is that there is not just a one-size-fits-all approach to achieve that. Each organization is unique in size, industry, IT systems, and corresponding weak links. How can cybersecurity professionals account for that? They can do so through threat intelligence.
Threat intelligence the practice of gathering evidence-based data from various sources to analyze companies’ infrastructure and find the most salient vulnerabilities. Cyber threat intelligence services are designed to help prioritize resources and take targeted actions. Let us illustrate this point considering three common types of cyber attack.
In the dangerous world we live in, thousands of malicious programs emerge every hour. AV-TEST Institute reports that over 350,000 malware and unwanted applications are recorded on a daily basis. Can security professionals keep track of every one of them on their own? Not really, but threat intelligence can help.
Imagine that you want to check whether the websites most frequently visited by your employees contain malicious code or files. Threat intelligence feeds automatically collect data from major malware databases. Some of these databases are Web of Trust, Yandex Safe Browsing, and Ransomware Tracker. Additionally, the feeds let IT security teams know which of these sites may contain known dangerous documents with extensions such as .exe, .zip, or .docm. This capability frees specialists from doing the legwork and allows them to proceed directly with analysis.
Some phishing attacks, such as spear phishing and BEC scams, are notoriously hard to detect through traditional antivirus applications and firewalls. As such, fraudulent emails often make it to your employees’ inbox. When other methods fail, threat intelligence provides an alternative to spot potential phishy senders through the collection and use of publicly available records about domain owners.
For instance, cyber threat intelligence services can collect “whois data”. They use this data to build lists of recently registered domain names that are confusingly similar to those of well-known organizations, long-term suppliers, and large customers. Unfortunately, many staff members are likely to trust these domain names when prompted to disclose sensitive information.
Threat Intelligence Hacking
Websites are attacked 44 times a day on average, in part due to weak encryption and sub-optimal configurations. Cybersecurity specialists in charge of keeping large fleets of sites safe can use threat intelligence to identify where hackers are the most likely to hit considering:
- The risk of website forgery based on the status of SSL certificates and HTTPS enforcement.
- Mail servers and the use of DKIM and DMARC authentication protocols to prevent man-in-the-middle attacks.
- The security configurations of third parties with shared sensitive data.
Organizations and their IT infrastructure are unique in many ways, and threat intelligence is helpful to identify which vulnerabilities are the most salient and, therefore, the types of attacks cybersecurity professionals are the most likely to face.