Multiple cybersecurity domains are still evolving and are yet to be discovered by people. Based on a recent report by Globe News Wire, the Threat Intelligence Security market size was valued at around US$ 9.89 Billion in 2022 and is projected to reach US$ 30.01 billion by 2030.
The cyber threat intelligence domain attempts to bring in the relevant intelligence (data) from the internet for businesses to make an informed decision. This decision can be in terms of safeguarding their infrastructures based on the known methods used by cybercriminals.
Real-life analogy
Let’s consider cyber threat intelligence to be similar to a weather forecast. Just like the forecast system that tells about the storm details, the direction of winds, severity, and damage it can cause, threat intelligence also does something similar regarding cyberattacks being conducted by criminals.
Another example would be sending the cautionary of a most wanted criminal, the modus operandi, areas of criminal activities, and other relevant details that people can know and safeguard their movements in those regions.
These real-life analogies can give the users some idea of what exactly analysts do while collecting intel as a cyber threat intelligence researcher.
Terms to Know in Cyber Threat Intelligence
So far in this article, you have encountered multiple terms that might seem difficult to comprehend. So before proceeding further, let’s know some common terms used while discussing CTI.
TTP
Tactics, techniques, and procedures (TTPs) describe the methods cybercriminals use to carry out malicious activities. This describes everything from generic to specific instances that a criminal can use and later use for attributing them.
Hosting malicious software, phishing, fake domains, and remote access tools are some known TTPs adversaries use.
Adversaries
The adversary is a cybercriminal entity, individual, or group trying to attack an infrastructure through various TTP. They exploit vulnerabilities and breach an organization’s data under various motivations such as financial, state-sponsored, or simply out of a personal motive.
Threat Actor
To break it down, it is an actor who poses a risk or a threat to an entity. They can be involved in direct or indirect threats due to a need for proper security awareness. These actors operate in various vectors of cyber attacks, such as hacking, malware, social engineering, and ransomware, that intend to damage the security posture of any organization.
Threat
A cyber threat can be anything that tries to cause damage to the business or devices by malfunctioning its routine activities. A cyber threat can affect anyone, from organizations to governments or individuals.
OSINT
Open-source intelligence (OSINT) collects and processes publicly available information to derive quality intelligence. OSINT can help us track a cybercriminal, personally identifiable information, email correlation, internet activities, threats, vulnerabilities, and incidents.
HUMINT
HUMINT (Human Intelligence) involves engaging with individuals to obtain information that might not be available elsewhere. As the name suggests, humans are the critical source for obtaining information in this case.
Dark Web
The dark web is that hidden space on the internet that requires a TOR since the pages are intentionally hidden and not indexed by search engines. Various illegal activities are conducted over marketplaces on the dark web and communication of information that requires anonymity.
Ransomware
Ransomware and ransomware groups encrypt victim files using malicious software and lock them out, disrupting businesses. Additionally, individuals responsible for the ransomware demand payment, usually in the form of cryptocurrency, as a condition for decrypting the file.
Intelligence
Cyber intelligence refers to collecting data from various sources to provide an overview of the cyber threat landscape. It is the actionable information collected to proactively identify and respond to threats before serious damage is caused.
Types of Cyber Threat Intelligence Data
Researchers might require anything and everything under the sun to derive quality intelligence. The data samples mostly include ransomware activities, new cyber criminals, new methods used by adversaries to evade detection techniques, malware samples, phishing templates, and dark web discussions.
Tools and Open Source Platforms for Threat Intelligence Analysts
Certain open-source platforms offer valuable resources such as indicators of compromise (IoCs), TTPs, vulnerabilities, exploits, incidents, and malicious samples used in the wild.
| VirusTotal | Maltego | Intezer Analyze | MITRE D3FEND |
| Hatching Triage | OSINT Framework | MITRE ATT&CK | AlienVault OTX |
Resources to Learn More About Cyber Threat Intelligence
These are some free and paid resources to learn more about Cyber Threat Intelligence. The courses provided here can be a great way to shift into this domain or someone looking for a career switch.
Attack IQ
Attack IQ provides a variety of courses based on MITRE ATT&CK, an important tool that provides a common language and framework for understanding and discussing adversary tactics, techniques, and procedures (TTPs).
Different courses users can enroll for are:
- Countering ransomware with MITRE ATT&CK
- Foundations of Operationalizing MITRE ATT&CK
- MITRE ATT&CK Security Stack Mappings
Pluralsight
Pluralsight provides up-to-date content by industry experts for individuals to learn new career skills. Various courses can be found on this site for topics such as cybersecurity, software development, IT, business, and creative design.
Different courses users can enroll for are:
- Threat Intelligence using MISP
- Introduction to Threat Intelligence
- Threat Intelligence with MSTICPy
- Threat Intelligence- The Big Picture
Cybrary
Cybrary offers a variety of resources through podcasts, blogs, and videos from experienced security professionals who are up-to-date on the latest threats and trends. Cybrary has proven to be an online learning platform that provides a wide range of courses on cybersecurity, including cyber threat intelligence.
Different courses users can enroll for are:
- Advanced Cyber Threat Intelligence
- Intro to Cyber Threat Intelligence
- Open Source Intelligence (OSINT) Fundamentals
- Application of the MITRE ATT&CK Framework
Cyber Threat Intelligence Courses from Udemy
Udemy offers practice tests and extremely affordable courses for anyone learning more about threat intelligence. Many courses cover concepts such as introduction to cyber threat intelligence, threat modeling, threat analysis, etc.
Different courses users can enroll for are:
- Certified Cyber Threat Intelligence Analyst
- Cyber Threat Intelligence – Basics & Fundamentals
- Intelligence Analysis (Comprehensive – Levels 1, 2, and 3)
- OSINT: Open-Source Intelligence
SANS Institute- Cyber Threat Intelligence Training
The SANS Cyber Threat Intelligence (CTI) training program will equip users with fundamentals of intelligence collection and Threat intelligence dissemination methods led by highly experienced researchers. SANS Institute is a global leader in information security training and certification and holds great value for researchers.
Medium Blogs
Medium blogs can be a good source of information for learning about cyber threat intelligence. Many experienced security professionals write blogs on Medium and often share valuable insights and knowledge about the latest threats and trends. Additionally, Medium blogs are often well-written and easy to read, making them a good choice for those new to cyber threat intelligence.
Towards the Conclusion
As we reach the end of this article about cyber threat intelligence, we highlight the best details to our knowledge. The importance of cyber threat intelligence cannot be overstated. Organizations can take steps to mitigate those threats and improve their security posture to protect from cyberattacks.
Author Bio: This article has been written by Rishika Desai, B.Tech Computer Engineering graduate with 9.57 CGPA from Vishwakarma Institute of Information Technology (VIIT), Pune. Currently works as Cyber Threat Researcher at CloudSEK. She is a good dancer, poet and a writer. Animal love engulfs her heart and content writing comprises her present. You can follow Rishika on Twitter at @ich_rish99.
Cybersecurity domains are evolving; the Threat Intelligence Security market was valued at US$ 9.89 billion in 2022, projected to reach US$ 30.01 billion by 2030 (Globe News Wire). Cyber threat intelligence gathers internet data to help businesses protect their infrastructure from known cybercriminal methods. Analogous to a weather forecast, it predicts cyberattacks’ details, severity, and potential damage, enabling informed decision-making. Similarly, it’s akin to sharing information about a most wanted criminal, their modus operandi, and areas of activity, allowing people to safeguard against potential threats. These analogies offer insights into the work of cyber threat intelligence researchers.