With a global pandemic being featured in the news and media, we are familiar with what a virus is and what its negative implications are if it is not properly mitigated. In the digital world, there is a similar type of threat of action that does not receive the same prominence, the cyber virus.
Such virtual problems are called viruses because they act in a similar way to biological ones. Here are some characteristics of the types of hazards on the internet:
- There are always new cyber contaminations arising, called zero-day attacks. The cybercriminal community is constantly inventing new ways to breach and exploit organizations and users.
- Cyber threats can mutate, because the cybercriminal community has migrated to a cycle of innovation that has inspired a myriad of similar attacks, which means that each new action is a learning process built on the previous one.
- Problems in the online world have the ability to infiltrate quickly, any time. With new attacks powered by artificial intelligence (AI), trusted individuals can be personified, and the attacks can blend in the background and infiltrate more quickly and effectively.
Like coronavirus, virtual threats cannot be entirely avoided, and our best bet is to quickly detect and mitigate any new attacks. To do this effectively, the cybersecurity community can take advantage of many information sharing principles that the scientific community adopts to fight viruses.
What principles can be used to fight viruses?
Strength in numbers: The more people collect and share threat intelligence information, the more opportunities there are to detect a zero-day attack and share mitigation strategies. The objective is mutual empowerment to obtain collective immunity.
Trust and experience: a community that shares intelligence about threats can also share trust; with that, their data sources and threat mitigation strategies can be updated and credible.
High relevance: Threat intelligence data must be highly relevant to those using it. Cyber attacks in sectors and verticals have the ability to be targeted and contextualized, so the way to fight them must also be specialized and relevant.
As important as the quality of the threat intelligence data sources are the methods used to distribute them regularly and on demand in forms that can be handled by others. Some examples of types of threat intelligence data that may be beneficial for sharing are:
- Common Vulnerabilities and Exposures metadata (CVE – Common Vulnerabilities and Exposures), which allow recipients to search for CVE failures connected with locations through SHA-256 encrypted files;
- reputation of files, which allows recipients to query the data provider’s classification of malicious files recorded based on SHA-256 encrypted documents;
- Bank of URL data, which allows recipients to query the data provider’s rating for certain detected malicious URLs and IPs;
- scheduled feed, which makes it possible for all types of data cited to be programmed for a regular export from the provider to its recipient.
So, who is at risk?
It is important to note that everyone is at risk of a cyber attack and who may be looking for this data, as there are many examples of relationships that benefit from threat intelligence sharing. Government agencies can also benefit by gaining access to information from many private companies, such as the FBI’s InfraGard and Defense Cyber Protection Partnership, with public and private sectors working together for the common good.
Cybersecurity companies that provide consumer-based retail data can also improve the strengthening of their threat detection capabilities from incremental data from other companies in the industry. A successful partnership is defined by the opportunity to obtain reliable, relevant and incremental data, as more information creates stronger threat detection and mitigation resources.
Luis Corrons, biweekly columnist of TecMundo, is an Avast security evangelist. Always attentive to the latest news on cybersecurity, malware and darknet, he is a veteran of the security sector and an industry speaker. He is also a reporter for WildList, chairman of the Board of Directors of the Anti-Malware Testing Standards Organization (AMTSO) and a member of the board of directors of Malicious URLs Tracking and Exchange (Mute).
- because the cybercriminal community has migrated to a cycle of innovation that has inspired a myriad of similar attacks, which means that each new action is a learning process built on the previous one.