Threat Intelligence

What is Threat Intelligence?

Threat intelligence enables users and organizations to interpret, anticipate, or intercept a potential attack using credible and actionable evidence acquired from various sources.

The main objective of threat intelligence is to streamline and improve the ability to exchange information among different networks, bodies, organizations or industries. This is especially critical when considering the extremely-interconnected nature of today’s information systems.

According to Gartner's Emerging Technologies: Critical Insights for Threat Intelligence Demand report, worldwide spending on threat intelligence is growing.

The results from the increasing awareness of the importance of cybersecurity and the realization of the need to support decision making and processes with operationalized threat intelligence. Gartner estimates that the worldwide spending on threat intelligence in 2025 will reach $2.855 billion.

Benefits of Threat Intelligence

Cyber threat intelligence has become the core cyber defence concept in today's world. Rather than an optional security enhancement, it is now an absolute requirement for different entities.

Cyber threat intelligence has become an essential tool for detecting when an outsourced software provider is compromised or a new vulnerability is detected for an outsourced software or framework.

Moreover, threat intelligence detects when critical data provided to your suppliers has leaked into the cyber underground or a high-end threat actor group targets a well-known global vendor.

The benefits of threat intelligence include, but are not limited, to the following:

Keeping track of supply chain attacks
Indicators of Comprise (IoC) and exchange of cyber attack data among multiple organizations
Direct notifications of insider threats from external sources

Threat Intelligence vs Cyber Intelligence

Threat intelligence defines a highly autonomous approach, mainly relying on the automatic exchange of cyber threat data. On the other hand, cyber intelligence uses intelligence collection methodologies in the cyber domain.

Threat intelligence solutions collect artefacts and attack patterns from various resources, including previous victims and already-targeted organizations.

Contrastingly, cyber intelligence adopts a more proactive approach by focusing on present cyberattacks by closely monitoring threat actors on a real-time basis.

To better understand the difference between threat intelligence vs cyber intelligence, we will look at the challenges organizations face due to the completely-automatized nature of the threat intelligence industry.

Benefits of Cyber Intelligence

Even though cyber intelligence might seem like a manual work-driven approach, the reality is different.

Cyber intelligence adopts a series of analyst interventions at several steps in-between a series of automatic collection and filtering methods. For this reason, it’s a superior approach that delivers more relevant, relatable and actionable results for an organization.

One of the most significant benefits of cyber intelligence is that it makes sure all cyber defence operations of an organization are directed according to an actual real-world scenario.

Cyber intelligence provides an outlook on the inner workings of threat actors by focusing on them rather than operational IOC data and technically-created heuristic alerts in the organization.

Who Benefits from Threat Intelligence

All critical infrastructures are meant to use cyber intelligence. To better assess who benefits from threat intelligence, it would be sufficient to overview the attack trends of 2021.

According to the metrics and statistics of PRODAFT’s U.S.T.A. cyber threat intelligence platform, the most targeted industries in 2021 were:

PRODAFT_Industries (1)

Banking

The banking industry is the most-targeted sector among all critical infrastructures. Threat actors worldwide are continually searching for new vulnerabilities in mobile applications, online banking applications, and banks' internal networks.

The cyberattacks aren’t limited to the organization itself; there are also attacks against banks' customers. These attacks create a significant fraud-related financial loss for banking institutions.

Aviation

Particular threat actors usually target the aviation industry. Once they acquire unauthorized access to these organizations’ networks, they export corporate and customer data, encrypt systems and require a hefty ransom.

Moreover, as aviation is considered a mission-critical infrastructure for a country, different members of the aviation sector are constantly targeted by state-sponsored threat actors.

E-Commerce

The eCommerce industry is one of the most frequent targets of threat actors. All threat actors are aware of the valuable personal data that these e-commerce vendors process. Therefore, various threat actors constantly search and try critical attack scenarios like SQL injection.

Additionally, use eCommerce vendors as “cashout” mechanisms by stealing unsuspecting users' login credentials and using these accounts to purchase different high-valuable goods.

Insurance

Due to the nature of information processed by insurance brokers and insurers, insurance agencies are targeted daily. In 2020 and 2021, the U.S.T.A. platform has detected 2.1 million stolen credit cards, all compromised in the insurance industry.

Threat actors use different attack vectors, including spear phishing attacks, social engineering, customized malware and mobile MaaS malware. Attackers target work computers and personal computers of insurance agents to acquire this personnel's corporate insurance panel logins.

Dark Web Monitoring

Dark web monitoring can be defined as a core practice of cyber intelligence used to acquire information about the latest developments in the cyber underground.

Most prominent examples of dark web platforms are underground forums, communication channels such as Jabber communication servers, ICQ/Telegram or Discord groups, black market platforms or simply NetFlow data related to specific networks.

Cyber threat intelligence providers develop tailor-made technologies for collecting data from these platforms without being noticed by threat actors. The collected data is further interpreted and put into context before being forwarded to the platform users accordingly.

Intelligence Collection Challenges

There are multiple challenges that threat intelligence services face. Some of the threat intelligence challenges we’ve identified include the following:

The constant development of new tools and techniques for evading detection mechanics,
Focusing solely on operational scalability and automation instead of investigating the incidents, and
The lack of effort into understanding the TTP of threat actors

If these challenges aren’t addressed properly, consumers will only receive unstructured data or non-verified information.

Threat Intelligence Platforms

There are multiple cyber threat intelligence platforms on the market. These platforms feature different approaches to the detection of threats. While some offer raw data, others provide pre-analyzed threat information.

Unfortunately, most of these threat intelligence platforms are designed to be scalable, minimizing the interception of an analyst and bringing some disadvantages that have to be faced.

However, you can also find platforms that perform collection, filtering, analysis and verification steps before forwarding a threat to a client and enable the user to focus only on what’s critical. This allows the user to focus only on what’s vital.

PRODAFT Funnel

The True Intelligence Process

Fraud Intelligence

Fraud intelligence is a term that is derived from “cyber intelligence” or “threat intelligence”. It can be summarised as detecting external threats to prevent future fraud incidents in an organization that processes monetary/valuable transactions.

The main objective of fraud intelligence is to provide data about clients or accounts detected to be at risk of fraudulent actions.

Compared to threat intelligence/cyber intelligence, fraud intelligence can be regarded as “much more actionable” data. The data fed to the beneficiary organization is almost always direct, specific, and actionable.

Fraud intelligence can be used to address cases such as detecting compromised credit cards, compromised client accounts, or merchants used for money laundering.

Brand Protection

Brand protection is a series of cyber intelligence practices created to detect and takedown cyber fraud and cybersecurity threats that use an organization's brand for malicious purposes.

The main threats are malicious websites, mobile applications, and social media profiles that impersonate a company's brand.

These “phishing” threats aim to trick an organization’s customers into downloading a malicious application or filling in their secret information such as credit card or login credentials. Therefore, brand protection services are created to detect these fraudulent engagements proactively.

PRODAFT's Threat Intelligence Platform

PRODAFT’s solution, the U.S.T.A. cyber threat intelligence platform, responds directly and effectively to complex cyber threats. U.S.T.A. relies on dozens of intelligence collection tools that monitor thousands of different sources.

If you want to talk to an expert and learn how PRODAFT can help you protect yourself from cyberattacks, request a live demo of the U.S.T.A. platform.