Top 6 Ways To Back Your Business Up With Cyber Threat Intelligence

   January 8, 2025  Posted in CyberSecurityNews


Threat intelligence is a cornerstone of a reliable cybersecurity framework. It implies gathering information about сyber threats, analyzing them, and making data-based decisions that ensure the sustainability of your business.

This work is important since a single successful hacker attack can lead to financial losses, operational disruptions, reputation damage, and all the other sorts of trouble. 

For example, a big British company KNP Logistics went bankrupt in September 2023 as a consequence of a ransomware attack.

A worldwide logistic operator claimed insolvency and fired 730 employees (81% of the staff) without warning or compensation.

The same autumn, an Australian insurance company Latitude Group lost $76 mln due to ransomware and narrowly escaped bankruptcy. 

To stay on top of emerging threats and gain deeper understanding of known ones, your cybersecurity team can employ a number of tools and information sources:

Threat Intelligence Solutions

Threat intelligence services gather, process, and enrich data to make it searchable and suitable for deriving analytical insights. ANY.RUN’s TI Lookup is an example of such a platform. It empowers users to:

  • Investigate known threats: Malware names, IP addresses, URLs, domains, file names and hashes, and other entities known as Indicators of Compromise (IOCs) can be used as search queries. Complex search requests can be made combining several parameters.
  • Discover emerging threats: Deeper research of Indicators of Compromise, Activity and Behavior (IOCs, AOCs, BOCs) exposes trouble that just may happen unless preventive measures are taken.

Grow users’ expertise: TI tools help to understand threat landscape and mechanics better. For instance, threats can be linked to known tactics, and vice versa, with such tools as the MITRE ATT&CK framework enriched by samples from real incidents analysis

TI Lookup provides samples of threats for each TTP

MITRE ATT&CK Matrix lets you explore threats that employ particular TTPs — attackers’ tactics, techniques, and procedures.

On the screenshot above TI Lookup provides information on the tactic of encrypting system or network data in order to disrupt their functioning and demand a ransom.

Users can explore the examples of malware that employ this tactic and switch to the Interactive Sandbox to view any piece of malware in action.

For example, if you click on the second item in the list, from the third column you’d be able to choose a sandbox session and see how Babyk attacks a user’s computer:

Babyk malware encrypted user data and demands ransom in cryptocurrency

Here are a couple of examples of Lookup searches:

1. threatName:”phishing” AND submissionCountry:”CA” NOT taskType:”url”

Search results illustrate the current situation with phishing attack targeting Canadian users

As a result, we see a selection of public analysis sessions run in ANY.RUN’s Interactive Sandbox by users from Canada. These are the sessions that include phishing documents, emails, and other types of content, but not URLs.

By clicking any item on the list, you can view the analysis session in the sandbox.

2. destinationIP:”78.110.166.82″

The results of an IP analysis: a malicious address associated with Agent Tesla trojan

Unusual IP connections often trigger security alerts, but in many instances, these are legitimate IPs generating false positive signals. In order not to miss a malicious IP, addresses can be checked in TI Lookup -> Try TI Lookup with 50 free requests.

Threat Intelligence Feeds

Integrate real-time streams of data on malware, emerging threats and vulnerabilities with your cybersecurity systems (like SIEM) for continuous automated monitoring. For efficient intelligence:

  • Correlate Information: Use multiple feeds to cross-reference threats and identify patterns.
  • Customize for Your Needs: Focus on feeds that provide the most pertinent information for your industry or organization’s needs.

Threat Intelligence Feeds provided by ANY.RUN are easy to integrate in one click via API. You can test them via demo samples in STIX and MISP formats.

Publicly Available Reports

Cybersecurity companies regularly analyze attacks and vulnerabilities and publish their research. To get the most out of this source, your security team should:

  • Integrate the recent report analysis into their routine;
  • Keep their eye out for trends;
  • Implement recommendations from the reports.

Dark Web Forums

Home sweet home for hackers. Security experts visit them there from time to time to see what they are up to. By monitoring these forums, they ferret valuable information about planned attacks, new exploit techniques, and stolen data. They need to:

  • Use monitoring tools. Such tools can automatically track topics and discussions based on given keywords;
  • Analyze information. Chatter is raw data; to make it of use, research the discussed threats, mentioned malware, attacks, victims and targets.

Data Mining

Analyzing the data on your corporate network performance allows your team to identify potential threats:

  • Anomaly Detection: By scrutinizing network traffic and system logs, data mining techniques can reveal suspicious behavior that may indicate an attack in progress;
  • Predictive Analytics: Historical data can predict future attack trends.

Deploying Honeypots

Honeypots are fake targets set up to attract cybercriminals and gather intelligence on their tactics and methods. To use honeypots effectively:

  • Simulate Real Systems: Honeypots should mimic genuine vulnerabilities to lure attackers;
  • Gather Attack Data: Record all interactions with the honeypot to study the attackers’ methods, tools, and behaviors in a controlled environment. 
  • Power Your Threat Intelligence with TI Lookup

The best strategy is combining the most powerful tools and exploiting each of them to their full potential. And a threat intelligence platform like ANY.RUN’s TI Lookup is fit to be the core of your safety architecture.

It offers:

  • Extensive and growing database: over 40 different threat data types, including system events and indicators of compromise (IOCs), indicators of behavior (IOBs), and indicators of attack (IOAs).

    Fresh Results: Access to the latest data collected over the past 180 days from thousands of sandbox sessions.

    Customizable Queries: choose from several dozens of parameters, combine multiple indicators, use wildcards and YARA rules.

    Integration with Sandbox: View sandbox sessions — malware detonated in safe environment of a virtual machine — where particular indicators or events were discovered.

    Real-time Updates: Receive timely alerts on relevant threats to ensure ongoing protection.

Want to have a go? Get 50 free requests and test all the features of TI Lookup



Source link