Threat intelligence can help identify a threat actor’s motives, targets, and behaviour, all while isolating threats before causing harm.
In September, Transport for London suffered a significant data breach that greatly impacted Londoners. Live data feeds to travel apps have paused, and 30,000 employee passwords are due to be reset. Only a month later, the Internet Archive suffered a monumental breach, with over 31 million users’ data hacked.
Cybercrime is continually on the rise all over the globe, and artificial intelligence (AI) advancements make the situation worse rather than better. As of April 2024, there have been 7.78 million cyber attacks on UK businesses, with 58% of UK companies experiencing this growing issue. Seeing the numbers as well as the staggering costs of the attacks, many organisations wonder what more they need to do to protect themselves from proliferating cyber threats.
According to Oxylabs, a leading web intelligence collection platform, a focus on proactive rather than reactive cyber defence measures might help identify some threats before they strike. Combining threat hunting – a proactive approach to identifying and isolating cyber threats, with threat intelligence – publicly available data on cyber actors, their motivation, and emerging techniques, can help businesses gain an upper hand in the never-ending battle.
Vaidotas Sedys, Head of Risk at Oxylabs, said, “A growing number and impact of cyber incidents call for changes in how organisations respond to threats. A reactive approach is expensive in many ways and might bring financial and reputational damage as well as harm to clients if their data is affected. Threat hunting is a proactive approach. Cyber teams go out into the wild and proactively identify potential risks and threat patterns, isolating them before they can cause any harm.”
A threat hunting team requires specific knowledge and skills. These teams consist of various professionals, such as threat analysts, analysing available data to understand and predict attacker’s behaviour; incident responders, reducing the impact of a security incident; and cybersecurity engineers, responsible for building a secure network solution capable of protecting the network from advanced threats.
“Specialists use a combination of tools that help in threat hunting”, added Sedys. “Most employ security information and event management (SIEM) systems that collect event log data from various sources and analyse it in real-time to identify deviations. Intrusion detection systems (IDS) enable network monitoring for suspicious activity, while Endpoint Detection and Response (EDR) security systems combine continuous real-time monitoring and collection of end-point data with a rule-based automated response.”
However, for threat hunting to be effective, it needs proper intelligence. Threat intelligence uses various sources to gather relevant data points encompassing technical data, Social Media Intelligence (SOCMINT), Human Intelligence (HUMINT), and Open-Source Intelligence (OSINT). The latter usually refers to publicly available web data that can be gathered from the Internet using web scraping tools.
Sedys continued, “OSINT contains information from public websites, open forum chats, dark web marketplaces, and many other open sources. Monitoring these spaces can help companies identify their vulnerabilities. OSINT uses publicly available information, meaning companies don’t have to invest in resources to access classified or restricted data. Modern data scraping tools, powered with advanced AI and machine learning (ML) features, are significantly improving the threat intelligence collection process as they enable pulling and analysing raw data in real-time.”
Advancing AI capabilities is also changing how businesses approach and combat cyber risks, with cyber specialists experimenting with various AI solutions to enhance threat hunting and intelligence efforts.
“AI algorithms can analyse massive amounts of information, such as network traffic, systems logs, and user behaviour data,” added Sedys. “Specific patterns and deviations that might be unnoticeable to the human eye can suggest a potential threat. AI-powered threat detection also includes historical threat data analysis, being the basis for predictive model development. Speed is the main advantage of using AI-driven technologies. Such systems can monitor and detect anomalies in nearly real-time, which is impossible for cyber teams that rely solely on human intelligence.”
“We must learn from the damaging cyber incidents we’ve seen lately. Threat hunting and intelligence is the way to proactively search for cyber threats using an organisation’s internal and external data, helping detect risks before they cause any real damage. Enhanced AI-based systems are also helping to automate risk identification processes, including real-time web data collection and analysis. Organisations must enhance their threat intelligence systems before they succumb to impending attacks,” concluded Sedys.