As new threat vectors emerge and grow in numbers, cybersecurity defenders are left with the daunting task of thwarting a rising volume of increasingly sophisticated attacks. Accordingly, threat intelligence has never been a more important tool for enterprises trying to keep up.
Effective threat intelligence is built on knowledge-sharing both within and across organizations. Social media has proven to be a valuable tool for facilitating such cross-organizational collaboration, with 44% of organizations citing the utility social media-borne intelligence brings to their digital protection solutions. As social platforms and open-source tools, from mainstream platforms like Twitter to more specialist forums such as MalwareBazaar, continue demonstrating their value for thwarting threats in the constantly evolving cyber landscape, security professionals should learn how best to use these tools to their advantage.
It Takes a Village
Considering the vast array of attack vectors today, organizations have a hard time keeping up with the frequency and sophistication of cyber-attacks — especially if they don’t employ an efficient, advanced security system and develop a balanced and well-structured cyber strategy. To understand the full scope of emerging attack trends, threat intelligence requires security professionals to work together to maintain a real-time awareness of the evolving attack landscape. Thus, threat intelligence requires tools that can communicate and disseminate the vast array of new and evolving threats, sourced openly from researchers worldwide.
For many security analysts, Twitter has become ground-zero for threat intelligence synergy. The public-facing nature of Twitter, combined with its accessible interface, enables users to post about any threat widely and instantaneously, and to learn about threats other analysts have shared. Some of the biggest threat intelligence accounts, such as @Gi7w0rm and @JAMESWT_MHT, have gained as many as 30,000 followers who regularly turn to them for threat intelligence updates.
Beyond Twitter, cyber specific open-source tools such as MalwareBazaar allow analysts to share IOCs and other files that can prove useful in identifying and thwarting threats.
Give and Take
These open-source communities serve as a vital resource to grow knowledge and experience, as they provide insight and feedback on different threat types and how to defend against them. Moreover, they offer security professionals opportunities to develop new professional relationships in the field and to support one another in the shared pursuit of cyber protection.
Individual analysts are not the only ones who can leverage these professional networks — many organizations involved in threat intelligence are now creating branded business accounts, where they can actively post any threats their group encounters. As with any open-source or social media-based community, these networks are most useful when there is a give-and-take from all invested parties.
Perfecting the Post
While these networks draw from a more generalized social media pool, the open-source threat intelligence community operates with its own set of rules and best practices.
When identifying threats, contributors should never disclose the victim of the attack. Particularly within the threat intelligence community where security is always priority No. 1, it is imperative to maintain privacy and establish good relationships built on trust, even when sharing things on a public forum.
The use of tags for identifying and categorizing different types or topics of posts is another vital element of proper posting. This is especially useful on sites like Twitter, where important posts can easily be overshadowed by the constant deluge of news and information. For example, simply searching #DynamicRAT in the search function results in a plethora of relevant threat intelligence, offering easy and quick access to relevant posts.
Threat intelligence posts are not meant to be homogenous, so the best “analyst influencers” are those who create a unique voice across their posts. This might mean linking to a more thorough blog post for certain threats or choosing to specialize in a particular attack vector that can help an analyst stand out as an expert in a niche area.
Of course, social media alone will not keep organizations safe. Ultimately, it is the strategic application of threat intelligence that helps keep cybersecurity airtight. Social media has proven to be an invaluable resource to distribute information quickly and cultivate a more informed generation of cybersecurity professionals, and enterprises should leverage this trend in developing modern, holistic security strategies throughout their entire security tool sack.
This contributed article first appeared in InformationWeek on July 7, 2023, written by Perception Point Threat Analyst & Incident Response Team Lead Igal Lytzki.