Now it is time to talk about the importance of intelligence-gathering. You probably aren’t affiliated with any espionage agencies, but the basic principles of intelligence can still be very helpful. In short, cyber threat intelligence is the gathering of information regarding cyber threats, attacks, vulnerabilities, and methods. Any information that enhances your knowledge of these things can enhance your ability to respond to cyber-attacks, and that is why cyber threat intelligence is a subject worth exploring.
Sources Of Information
Every good spy needs good sources. In the physical world, this might take the form of informants, covert electronic surveillance, or double agents. In the online world, things are a little different but this same principle applies: Your intelligence can only be as good as its source. unreliable agents will make for unreliable information. Cyber threat intelligence mainly comes from five different sources:
1. Open Source Intelligence (OSINT)
These are non-covert sources of information that anyone can use. Instead of constructing elaborate deceptions or searching through covert sources, you can learn quite a bit by analyzing publicly available information. For instance, you can look at all sorts of different examples showing past cyber-attacks. You can look at which attacks have had the highest rate of success and which ones have been the most damaging. You can see which methods are more common and which types of malware are currently in play. All in all, you can learn quite a bit from publicly available sources.
2. Social Media Intelligence (SOCMINT)
This is similar to open-source intelligence because it mainly utilizes information that is available to the public. The difference between SOCMINT and OSINT is very simple: SOCMINT is a lot more interactive and offers the chance to “trick” targeted individuals into giving up useful information. For instance, if you can find someone on social media who seems to be knowledgeable about hacking, you might be able to get them to brag about their exploits by posing as another hacker.
Consider this example: In 2019 a software engineer managed to hack Capital One banking. Over 100 million people had their personal information compromised, but the hacker made the fatal mistake of boasting about her activities on social media. This, combined with other indicators, led the authorities right to her door.
3. Human Intelligence (HUMINT)
This term has traditionally referred to the use of human sources in the intelligence-gathering field. However, most information-gathering is now done online rather than in person. Still, a lot of those old principles can still be applied. One good example would be the recruitment of former cyber-criminals so that their knowledge can be added to the organization’s files. Another good example would be the use of contacts and informants within a cyber-criminal group. Naturally, there is some overlap between HUMINT and SOCMINT.
4. Technical Intelligence (TECHINT)
Here we are referring to the gathering of technical information for cybersecurity purposes. For instance, hackers will often go through the base code of popular software programs. They do this so that a vulnerability can be found and exploited. In essence, they are “testing the perimeter” to see if they can find a way inside. Of course, these kinds of methods only work for as long as they are kept secret. Once a glitch or vulnerability becomes known, it is only a matter of time before it is patched. Thus, technical intelligence can be of great value in the prevention of data breaches.
5. The Dark Web (DWINT)
Finally, we come to the shadiest kind of intelligence gathering. The dark web is a term that refers to the uncatalogued parts of the internet. You won’t find them through standard search engines, that is for sure. In fact, most of these sites cannot be accessed without a special kind of encrypted browser known as TOR (which stands for “The Onion Router”).
To be fair, the dark web is not only used by criminals. However, those do seem to be the main types of people you see on the dark web. The dark web contains a lot of hacking-related sites, including discussion forums where people openly share their illicit knowledge. Needless to say, an observant lurker can find out all sorts of useful things here!
6. Be Aware That Other Models Exist
There are some other models by which people divide the various types of intelligence gathering. For instance, some people use three categories, those being tactical intelligence, operational intelligence, and strategic intelligence. We feel that this model is inferior to the above scheme simply because there is too much overlap between these three things. Tactics, strategy, and operations may not be identical, but they are too similar and too broad to be that useful.
Why Cyber Threat Intelligence Is So Important
Without competent intelligence, there is really no chance to deal with an attack until it has already happened. Even then, any response will surely be hindered if you don’t know your enemy and their tools. Basically, cybersecurity professionals make use of intelligence in the same way that governments do. All of this information is used to guide policy and make important decisions that can affect the lives of many. For instance, research into known malware sites (and their identifying addresses) is the main reason that firewalls are effective. Without up-to-date intelligence, however, firewalls aren’t worth using.
IT and cybersecurity organizations are usually in the best position to conduct cyber threat research and turn that information into actionable intelligence. First of all, they will already have people on staff who are qualified for the job. Secondly, this research directly benefits them, so it is easier to justify that research in the budget. If you would like to see just how effective this research has been for us, we invite you to call PCH Technologies and try our services for yourself. We pride ourselves on being the best IT support provider in the state of New Jersey and our small business computer support is without equal. To learn more, please call (856) 754-7500.