How Cyberattacks can be prevented by using open source threat intelligence
By Tim Green, Last updated: 2022-07-06 (originally published on 2021-03-11)
Here we will take a look at what threat intelligence is. And how open source threat intelligence can be a vital tool in your fight against cybercrime.
Notably, the Covid-19 pandemic has had a significant impact on many businesses. But one area that has not had as much media attention is the extreme increase of cybersecurity attacks on those businesses during this time. In some countries, businesses have seen cybercrime rise by nearly a third over the course of the pandemic.
Now, it can be easy to overlook this area of your business when you’re making cuts or re-strategising elsewhere. But, it’s never been more important to maintain your awareness of these kinds of threats.
That is why it is vital that businesses start to take more care when it comes to cybersecurity. Of course, this starts with investing in the right areas of your digital defences. However, having a strong firewall and antivirus system in place is not enough. Instead, businesses and organisations must get vital information about the types of attacks that are taking place. And the techniques and tactics that criminals are using.
In short, businesses need more intelligence. Threat intelligence is extremely valuable to a company. And, one of the most important ways to get it is through open-source threat intelligence resources.
What is ‘threat intelligence’?
Essentially, the phrase ‘threat intelligence’ can mean a myriad of things and it can also take many forms. But, at its core, it’s simply information about the kinds of things you might need to watch out for.
Keeping an ear to the ground about the latest cybersecurity threats is vital to ensuring you’re able to continue to carry out your day-to-day business activities without fear of falling victim to the recent prevalence of cybercrime.
In fact, threat intelligence can come from a number of sources. This includes human intelligence, technical intelligence, and even social media.
What is meant by ‘open source’?
Of course, businesses need as much information as possible in order to be able to defend themselves against cybercrime. Companies effectively outsource the gathering of information by using products and cybersecurity services that rely on threat intelligence. However, it is also important that they are kept aware of situations that arise.
Open source threat intelligence is crucial to stamping out cyber attacks. Simply put, anyone can contribute and access this crucial information, which could help save your business from being hacked.
The important thing to understand about open source threat intelligence is that it is freely available and a part of a non-profit business model. There are no gate-keepers who might be able to prevent any information from entering the public sphere. Rather than being a product that a business must pay for, open source intelligence is free of charge.
What are the advantages of open source threat intelligence?
Along with the fact that open source threat intelligence is available for free, there are other benefits as well. Chiefly, one of the many advantages is that it is able to evolve constantly in line with cybercriminals changing their methods and access points.
Rather than relying on software that might only protect you with information from up to a specific point in time, threat intelligence is constantly evolving. As a result, it is most likely to be able to offer the most up to date information on any threats and how to resolve them.
Having the right intelligence is all-important in making strategic decisions on things such as which areas might benefit from additional cybersecurity. Or, what products and services your business should invest in.
The dangers of operating without threat intelligence
Unfortunately, there are still too many businesses and organisations that don’t place enough importance on cybersecurity. Of course, it’s easy to assume that cybercrime is something that will happen to other businesses. However, yours is just as likely to be a target as any other.
Nowadays, cybercrime is a major problem. Notably, 43% of cyber attacks are now directed at small businesses. So, if you are under the impression you are safe from cybercrime because hackers would consider you too small to be worth breaching, think again.
Essentially, suffering a cyberattack can cause untold damage to a business. In fact, around 60% of companies don’t survive after just one cyber attack against them. Usually, it is not just the financial cost of dealing with the attack, but also the damage to reputation that affects your customers, clients and suppliers.
On top of this, it is important to remember that compliance with rules around data protection is an important aspect of cybersecurity. Some data protection legislation, such as the GDPR, has made it possible to finance and punish businesses and organisations that fail to keep their data secure.
Effectively, what this ultimately shows is that businesses can’t do without threat intelligence. Cybercrime is not a trivial issue only affecting the minority. This is something that has the potential to damage any business at any time. And if it happens to yours it could mean the end of your company. Subsequently, you need to prioritise threat intelligence with both your time and budget.
So, if threat intelligence is so important – where can you find it?
What are the best places to find open source threat intelligence?
There are actually many places that you can find high-quality open source threat intelligence material. A great place to start is the Malware Intelligence Sharing Platform (MISP). This is an EU-funded open source project that is free to download. It allows businesses and organisations to share intelligence on threats between each other.
Another important resource for open-source intelligence is the AlienVault Open Threat Exchange (OTX). This is a community-driven project that shares information on threat data. It has fantastic and useful details on how to mitigate cybercrime risk.
Another resource that is often overlooked is Twitter. There are many informative Twitter accounts that are ether businesses happy to offer information or individual experts working in cybersecurity. Follow these accounts closely and monitor the news and information that they give out. This can be one of the fastest methods of gaining threat intelligence, with Twitter’s constant updates.
Additionally, there is a source of threat intelligence you may have forgotten. This is direct human threat intelligence. It is vital that members of your team be ready to share ideas and information on cybercrime. Having more people in the team aware of the threats and dangers can help mitigate risk further.
How can I use open source threat intelligence to prevent cyber attacks on my business?
Keeping abreast of the ever-changing landscape of cyber threats isn’t an easy task. Indeed, given the fact that there are many different sources of threat intelligence, it can be very challenging to keep track of that intelligence and utilise it in a way that is actually useful for your business.
Often, you may find that you’re unable to carry this out in-house. You’re unlikely to have anyone on your team with the know-how and resources to manage it. Hiring a cyber-security specialist for your team may also prove prohibitively expensive. So, many businesses choose to outsource this role to an outside organisation.
“A managed security service is a service designed to help organisations improve or augment their cybersecurity capabilities. There are many different types of managed security service, each often focused around the management and monitoring of particularly security technologies, such as SIEM, EDR and vulnerability scanning tools.” (Redscan)
A professional team will take care of everything on your behalf. This will save you the hassle and ensure to mitigate risks in a timely fashion to protect your organisation.
The importance of threat hunting
Open source threat intelligence is often seen only by the fact that it is a method of preparing your defences for known attacks. But when it works with threat hunting, that open-source intelligence is at its most effective.
Threat hunting is a proactive form of cybersecurity. It involves actively looking for previously unknown threats that could potentially be hiding within your environment. It utilises powerful software that tracks and records the activity on your system. Over time this data is able to understand what is considered to be normal behaviour.
From having a baseline of normal behaviour, the software is then able to recognise suspicious or unusual activity. This activity can then be flagged to be reviewed by a member of staff.
Businesses and organisations need to ensure that they have the right intelligence and data available to make good decisions on prioritising budgets and putting services in place to mitigate the risk of cybercrime.
Cybercriminals become increasingly sophisticated every day and the tactics and techniques that they use evolve constantly. It is only by having access to the kind of useful information you can find in open-source threat intelligence that you can keep on top of it and ensure that you comply with best practice.
Tim Green has a MSc in Advanced Computer Science. Since graduating many moons ago, Tim has expanded his knowledge and skillset through a number of roles and is now looking to connect with equally passionate professionals in the cybersecurity sector. Find out what Tim has been up to over on Twitter: @TimGreenCyber
This article does not constitute legal advice.
The opinions expressed in the column above represent the author’s own.