How do Threat Hunters Generate Intelligence to Shut Down Cyberattacks?
July 18th, 2019
Subscribe to our blog and stay up to date
The dark web is a sprawling underground network of secrecy where cybercriminals plan and coordinate cyberattacks against organizations in various industries around the world. Cybersecurity teams know they must monitor dark web forums and hacker hangouts to identify and validate potential threats against their organizations. But this is no simple task – threat hunters are often sniffed out by hackers and can inadvertently make their organization a target if their cover is blown. Therefore, gathering intelligence via threat hunting is a task that must be carried out with precision.
IntSights recently held a webinar, “How to Hunt Threats on the Dark Web to Prevent Cyberattacks,” to help cybersecurity teams better understand how to approach this delicate – yet vitally important – task. We also recently released an ebook, “Dark Web 201: How to Leverage External Threat Hunting to Prevent Cyberattacks,” that explores the concepts further.
Before engaging in threat hunting, you need to be keenly aware of the following:
Key Dark Web Sources You Need to Monitor
Gathering intelligence is only valuable if you can identify what matters to your organization. Some factors to keep in mind are the cybersecurity challenges and threats facing your industry at large, how the size of your company influences your cyber risk, what digital exposure you have, and the vectors cybercriminals could use to penetrate your network and launch attacks. It’s important to tailor your threat hunting according to these variables; no two threat hunters will be in search of the same information.
How to Covertly Establish Access Behind Enemy Lines
Once you identify the right sources, entering the community is not always as simple as picking a username and getting in on the action. Threat actors know law enforcement agents and cybersecurity professionals are constantly looking to find and shut down their activity, and they protect themselves accordingly. If they have even a slight inkling that you may not be a like minded cybercriminal, you’ll probably find yourself banned by moderators – and, if you aren’t using proper security protocols to protect yourself, possibly have your identity exposed for targeted hacking in retribution.
Generating Actionable Intelligence
Threat hunters inevitably come across seemingly limitless intelligence about potential threats – it’s just a reality of the ever-growing dark web cybercriminal underground. But this intelligence is useless unless it can serve a purpose for your security team. To determine whether or not intelligence is actionable, a good threat hunter assesses if the threat is benign, suspicious, or malicious. An effective strategy pairs manual threat hunting with an automated external threat intelligence solution.
To learn more, watch the webinar on demand below and make sure to download your copy of Dark Web 201: How to Leverage Threat Hunting to Prevent Cyberattacks.
Kevin Diffily is a Product Marketing Manager at IntSights. He strives to provide security teams with the knowledge and tools they need to enable proactive defense against emerging cyberattacks. Kevin has a background in journalism, brand development, content marketing, and social media management. He received his B.A. in Communication from Curry College and his M.A. in Integrated Marketing Communication from Emerson College. He is a staunch proponent of gratuitous Oxford comma use.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.