importanza cyber threat intelligence cover Giacomo Lanzi

The importance of Cyber Threat Intelligence

Estimated reading time: 5 minutes

In another article we have already talked about Cyber Threat Intelligence explaining what it is, how it works and its various types. Today, however, we will focus more on the importance of Cyber Threat Intelligence , deepening how it can be useful for companies to provide answers in the security field, containing risks and providing information that support incident response. & nbsp;

The importance of Cyber Threat Intelligence

In a world where technologies and cyber threats are constantly evolving, a company cannot afford to overlook the importance of Cyber Threat Intelligence. Every day on the web there are countless cyber attacks and data thefts to the detriment of companies and individuals. These large amounts of information are then cataloged and sold illegally on the Dark Web.

Hackers usually sell information on this part of the web because it guarantees them anonymity. In fact, unlike the traditional web, in order to access these virtual places, you must use a browser that masks your IP address. This complicates the authorities’ tracking of criminals and makes the dark web a completely anonymous place.

One of the objectives of the CTI is to monitor the information present in this large part of the web for analytical purposes. The aim is to prevent and limit the damage that this data could cause.

Monitoring the Dark Web and the Deep Web

importance cyber threat intelligence iceberg

Often, when we talk about the Deep Web and the Dark Web, we think that there are only and exclusively illegal activities, but that is not correct. There are also forums, blogs and websites that aim to disseminate information that is difficult to find on the traditional web.

Unfortunately, it is also true that criminals use this section of the network to sell all kinds of information . These include telephone numbers, email addresses, bank details, documents, passports, administrative login credentials for websites. There is practically everything.

This kind of information, in the hands of an attacker (or a competitor), could compromise the integrity of an entire company, its employees and its customers. The consequences of a data breach could also manifest themselves in the form of damage to the company’s reputation.

When a customer provides his personal data to a company, he expects them to be treated with the utmost respect. Customers may feel “betrayed” by the company that should have guaranteed them the security of their personal information.

A striking example was the data theft that occurred in 2019 against Facebook Inc. ( Source )
533 million personal data belonging to users of the platform are been stolen, divided by 106 countries and distributed for free on the web, bringing the company back to the center of controversy.

importance cyber threat intelligence facebook

Companies looking to protect their customer, supplier and employee data invest in analytics and monitoring tools.

By relying on professionals, it is possible to promptly receive a notice whenever sensitive information is published on a forum or website on the Dark Web. For this reason the importance of Cyber Threat Intelligence plays a key role in the business cybersecurity branch.

Monitoring the Dark Web therefore means having the possibility of being able to promptly detect any sensitive information before it can cause problems for companies.

Tools for monitoring the Dark Web

Being a portion of the internet that is difficult to access and not indexed by search engines, analyzing and monitoring resources on the Deep Web becomes more complicated. For this reason, we are helped by various tools designed with the aim of simplifying the investigation and analysis process.

One piece of software that could help you during an investigation is Onionscan, a completely free Open Source program.

The Onionscan project and the CTI

The Onionscan project has two objectives:

– Helping operators find and solve operational security problems
– Help researchers monitor and track sites on the Deep Web

The software can be downloaded from the dedicated Github page, which also contains an installation guide and a list of dependencies required to run the software.

Once installed, to use it, simply type in the command line:

onionscan websitename.onion

Of course, just accessing a tool like this isn’t enough to provide effective coverage. In fact, the importance of Cyber Threat Intelligence lies largely in knowing how to perform searches and interpret data.

Conclusions

We have seen what a Dark Web monitoring activity is and how it works and above all we have begun to understand the importance of Cyber Threat Intelligence.

Investing in these solutions guarantees additional security for the company. Securing the data of its customers and employees cannot be optional, every company should be sensitive to these issues and invest their resources to prevent unpleasant situations.

SOD offers a dedicated service which aims to provide valuable CTI information for proactive defense and resolution of critical issues before they become real problems.

If you need further information, do not hesitate to contact us, we are ready to answer all your questions.

Share


RSS

More Articles…

Categories …

Tags

RSS Dark Reading:

RSS Full Disclosure

  • Backdoor.Win32.Nbdd.bgz / Remote Stack Buffer Overflow July 27, 2021
    Posted by malvuln on Jul 26Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/6fab73bf104c6a9211b94f9559faa134.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Nbdd.bgz Vulnerability: Remote Stack Buffer Overflow Description: NetBot_Attacker VIP 5.9 on initial startup listens on port 8080 and on subsequent restarts port 80. Third-party attackers who can reach an infected system […]
  • Backdoor.Win32.Bifrose.acci / Local Stack Buffer Overflow July 27, 2021
    Posted by malvuln on Jul 26Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/611dbff0d68df777c6d6881e00440143.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Bifrose.acci Vulnerability: Local Stack Buffer Overflow Description: Bifrost doesn't properly validate the IP address when importing Bifrost settings (.set) files. The IP address offset is located after a NULL byte which […]
  • Backdoor.Win32.PsyRat.b / Remote Denial of Service July 27, 2021
    Posted by malvuln on Jul 26Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/5817183894cb513239f6aef28895130c_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.PsyRat.b Vulnerability: Remote Denial of Service Description: The PsyRAT 1.02 malware listens by default on TCP port 9863. Third-party attackers who can reach infected systems can send a specially crafted command […]
  • Backdoor.Win32.PsyRat.b / Unauthenticated Remote Command Execution July 27, 2021
    Posted by malvuln on Jul 26Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/5817183894cb513239f6aef28895130c.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.PsyRat.b Vulnerability: Unauthenticated Remote Command Execution Description: The PsyRAT 1.02 malware listens by default on TCP port 9863, but can be changed when building backdoor servers. Third-party attackers who can reach...
  • Backdoor.Win32.Agent.cu / Unauthenticated Remote Command Execution July 27, 2021
    Posted by malvuln on Jul 26Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/ce1963d3fd6a8e1383aac40a1f1c4107_C.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.cu Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP ports 10426, 56185. Third-party attackers who can reach infected systems can execute commands made available by the backdoor....
  • Backdoor.Win32.Agent.cu / Port Bounce Scan (MITM) July 27, 2021
    Posted by malvuln on Jul 26Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/ce1963d3fd6a8e1383aac40a1f1c4107_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.cu Vulnerability: Port Bounce Scan (MITM) Description: The malware listens on TCP ports 10426, 56185, its FTP component accepts any username/password credentials. Third-party attackers who successfully logon can abuse the...
  • Backdoor.Win32.Agent.cu / Authentication Bypass RCE July 27, 2021
    Posted by malvuln on Jul 26Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/ce1963d3fd6a8e1383aac40a1f1c4107.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.cu Vulnerability: Authentication Bypass RCE Description: The malware listens on TCP ports 10426, 56185. Third-party attackers who can reach infected systems can logon using any username/password combination. Intruders may then...
  • Backdoor.Win32.Mazben.me / Unauthenticated Open Proxy July 27, 2021
    Posted by malvuln on Jul 26Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/6681d5e4b68abd21a14c704edf9e2ff5.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Mazben.me Vulnerability: Unauthenticated Open Proxy Description: The malware listens on random TCP ports like 3515, 7936, 3972. Third-party attackers who can connect to the infected system can relay requests from the […]
  • Backdoor.Win32.Hupigon.aaur / Unauthenticated Open Proxy July 27, 2021
    Posted by malvuln on Jul 26Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/16d598c01f7b391986c8c19eded005b1.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.aaur Vulnerability: Unauthenticated Open Proxy Description: The malware listens on TCP port 8080. Third-party attackers who can connect to the infected system can relay requests from the original connection to the...
  • ATLASSIAN - CVE-2020-36239 - Jira Data Center and Jira Service Management Data Center July 27, 2021
    Posted by Atlassian on Jul 26This email refers to the advisory found at https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html CVE ID: * CVE-2020-36239 Products: Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center. Affected Versions - Jira Data Center, Jira Core Data Center, and Jira Software Data Center: 6.3.0

Customers

Newsletter