Cybersecurity Threat Intelligence: Luxury or Necessity?

The Deep Web is the principal repository of all our most sensitive information. Government agencies, financial service companies, healthcare providers, universities, and law enforcement agencies all store significant amounts of data there.

What these organizations often overlook is that sensitive information on the Deep Web often finds its way to the Dark Web. Moreover, organizations often won't even know that their information was breached and leaked into the Dark Web until it's too late.

A proactive approach that implements Cyber Security Threat Intelligence can close this gap and alert businesses before their assets are leaked into the Dark Web space.

What is Cyber Security Threat Intelligence (CTI)

The 2019 SANS Institute CTI Survey defines CTI as the analysis of "information about the intent, capabilities, and opportunities of adversaries in cyberspace, making it a valuable resource for organizations ..."

The Dark Web market and threat actors present a vast landscape of evolving and emerging threats. Organizations can't rely only on detection and remediation alone. The goal should be to identify vulnerabilities and potential threats proactively, so weakness remediation occurs before a threat materializes.

By taking a proactive approach, CTI empowers organizations to prioritize security resources dynamically and use them for their greatest impact. CTI tools and practices focus on assessing risk level to a specific organization. It starts by understanding the threats native to particular industries.

Financial Services and Banking

Financial and banking services have been the most attacked sector for the past six years, according to NTT Security's Global Threat Intelligence Report (GTIR) for 2019. The GTIR also confirms that credential theft remains a top threat and that phishing is the most common method used.

The recent Capital One breach showcases the hazards of relying on detection. The breach occurred in late March, 2019. Capital One only found out about it because the hacker bragged about it on GitHub. The hacker had over three months to steal social security and social insurance numbers of over one million North Americans.

DDoS attacks are also a common attack method on financial institutions, possibly as a smokescreen for a stealthier attack. It may also be the end goal, especially for hacktivists who are more interested in damaging reputations than profit.

The financial sector is also particularly vulnerable to insider threats. Malicious actors aren't even the main insider threat. The greater risk, by far, comes from insiders who are negligent with logins, passwords, and other sensitive information. Nearly two-thirds of all insider threat incidents occur due to negligence.

Healthcare and Education

According to the GTIR report, cyberattacks on healthcare organizations are up 200% from last year. The push to digitize medical records and credentials drives healthcare's vulnerability. Patient information and medical credentials get sold on the Dark Web. Hospitals and practices are especially vulnerable to ransomware attacks. One example of such is the ransomware attack on the Pacific Alliance Medical Center. Hackers didn't retrieve the protected health information, but they did encrypt it. PAMC required third-party assistance to restore their access.

The education sector became one of "the top five attacked sectors in the Americas".

Schools and universities are becoming more popular targets because they're a mix of high-value data with comparatively minimal security expertise. Data breaches, often initiated through phishing schemes, are a typical cyberattack. As with healthcare organizations, schools are vulnerable to ransomware attacks.

Specifically, threat actors are after research data. At Penn State's Applied Research Laboratory in 2017 there were attempts to steal undersea weapons technology research. The university also suffered a data breach at its College of Engineering in 2015.

Two other types of common cyberattacks against universities include using a university’s extensive number of computers for crypto-mining, a process in which transactions for various forms of digital currencies are verified and added to the blockchain digital ledger, and hacktivists taking over a university’s website to deliver their political messages.

Government and Law Enforcement

Like research institutions, government and law enforcement are often common targets of domestic and foreign hackers. A Chinese hacker group is believed to be the source of the 2015 APT hack on the U.S. federal Office of Personnel Management. Hacktivists like AnonPlus deface government websites all over the world. Law enforcement agencies are vulnerable to political hackers. It’s increasingly common that these agencies store evidence digitally, which attracts cybercriminals.  Another reason why law enforcement agencies are a target for threat actors is for doxxing law enforcement personal, publishing private information about them online to harass or intimidate them,

The more significant threat to local governments is ransomware. The ransomware attack on Baltimore is estimated to have cost it over $18 million, including the $6 million it paid to the hackers.

A more proactive approach should involve intelligence data collection techniques and tools as part of a cybersecurity threat intelligence program to preempt such attacks. With cybercriminals able to monetize the personal information stored in federal, state, and local databases, governments owe a duty of care to the people whose data they hold.

Cybersecurity Threat Intelligence is a Necessity you Can't Afford to Ignore

It’s safe to say that organizations globally have woken up to the threats of a cybersecurity attack and the damage it can cause; most already have some sort of cybersecurity solution in place. However, as we have illustrated,  organizations differ in their vulnerabilities and their level of attraction to cyber criminal activity.

This is why, each organization’s cybersecurity program needs to consider how cybercriminals may value its data and to define which resources the organization has to protect.The growth in sophistication of attacks from the Dark Web requires organizations to understand and assess the specific types of threat actors and threats it faces.

With a CTI solution, organizations can create profiles of the cybercriminals that target them by continuously monitoring the Dark Web marketplaces and discussion forums. They can begin to learn about how hackers select targets and what attack methodologies they prefer. With this cybersecurity threat intelligence, organizations can proactively strengthen their defenses and prevent the next attack.

Regardless of your company's size or industry, the Dark Web holds potential threats to your operations, your finances, and your reputation. Every organization needs an effective cyber-security strategy that helps them identify its security strengths and weaknesses, and the specific threats lurking against it. You can schedule your own live demo with Cybersixgill's automated cyber threat intelligence platform to see how it provides real-time, actionable intelligence.