Towards Secure and Trustworthy Cyberspace: Social Media Analytics on Hacker Communities

Li, Weifeng, Li, Weifeng

January 2017

Social media analytics is a critical research area spawned by the increasing availability of rich and abundant online user-generated content. So far, social media analytics has had a profound impact on organizational decision making in many aspects, including product and service design, market segmentation, customer relationship management, and more. However, the cybersecurity sector is behind other sectors in benefiting from the business intelligence offered by social media analytics. Given the role of hacker communities in cybercrimes and the prevalence of hacker communities, there is an urgent need for developing hacker social media analytics capable of gathering cyber threat intelligence from hacker communities for exchanging hacking knowledge and tools. My dissertation addressed two broad research questions: (1) How do we help organizations gain cyber threat intelligence through social media analytics on hacker communities? And (2) how do we advance social media analytics research by developing innovative algorithms and models for hacker communities? Using cyber threat intelligence as a guiding principle, emphasis is placed on the two major components in hacker communities: threat actors and their cybercriminal assets. To these ends, the dissertation is arranged in two parts. The first part of the dissertation focuses on gathering cyber threat intelligence on threat actors. In the first essay, I identify and profile two types of key sellers in hacker communities: malware sellers and stolen data sellers, both of which are responsible for data breach incidents. In the second essay, I develop a method for recovering social interaction networks, which can be further used for detecting major hacker groups, and identifying their specialties and key members. The second part of the dissertation seeks to develop cyber threat intelligence on cybercriminal assets. In the third essay, a novel supervised topic model is proposed to further address the language complexities in hacker communities. In the fourth essay, I propose the development of an innovative emerging topic detection model. Models, frameworks, and design principles developed in this dissertation not only advance social media analytics research, but also broadly contribute to IS security application and design science research.

Business Intelligence

Cyber Threat Intelligence

Social Media Analytics

Text Mining

The Challenges in Leveraging Cyber Threat Intelligence / Utmaningarna med att bemöta cyberhot motunderrättelseinformation

Gupta, Shikha, Joseph, Shijo, Sasidharan, Deepu

January 2021

Today cyber attacks, incidents, threats, and breaches continue to rise in scale and numbers, as sophisticated attackers continuously break through conventional safeguards each day. Whether strategic, operational, or tactical, threat intelligence can be defined as aggregated information and analytics that feed the different pillars of any given company’s cybersecurity infrastructure. It provides numerous benefits, enabling improved prediction and detection of threats, empowering and informing organizations to make better decisions during as well as following any cyber attack and aiding them to develop a proactive cyber security posture. It helps provide actionable intelligence, which equips senior management to make timely actions and decisions that might otherwise have an impact on the company’s ability to keep ahead and defend against this growing sea of threats. Driving momentum in this area also helps reduce their reaction times, enabling a shift for organizations to become more proactive than reactive. Perimeter defenses seem to no longer suffice as threats are becoming more complex and escalating with no best practices and guidelines available for companies to follow after, during, or before the time of the threat and risk due to the multiple components involved, including the various standards and platforms. Sharing and analyzing threat data effectively requires standard formats, protocols, shared understanding of the relevant terminology, purpose, and representation. Threat intelligence and its analysis are seen as a vital component of cyber security and a tool that many companies cannot leverage and utilize fully. Securing today's organizations and businesses, therefore, will require a new approach. In our study with security executives working across multiple industries, we have identified the various challenges that prevent the successful adoption of threat intelligence and with the rising adoption of the multiple platforms, including issues related to data quality, absence of universal standard format and protocol, challenge enforcing data sharing based on CTI data attribute, lack of authentication and confidentiality preventing data sharing, missing API integration capability in conjunction with multi-vendor tools, lack of identification of tacticalIOCs, failure to define TTL value(s), lack of deep automation, analytical and visualization capabilities. Ensuring the right expertise and capabilities in these identified areas will help leverage threat intelligence effectively, help to sharpen the focus, and provide the needed competitive edge.

Threat Intelligence

Cyber Threat Intelligence

Computer Systems

Datorsystem

CYBERWAR - Det virtuella kriget

Jusufovic, Almin

January 2014

Syftet med denna uppsats är bland annat att utforskabegreppet cyber-war. Cyber-attacker utgör stora hot mot infrastrukturen,datorstyrda system och nätverksbaserade tjänster, enligt tidigare forskning. Menhur hotfulla är dessa attacker egentligen? Ska vi frukta att framtida krig blirvirtuella? Kan en ond grupp av människor med några rader av kod få kontroll övervår nation? För att få en bättre förståelse och för att kunna svara på frågorna, harjag med hjälp av tidigare publicerade publikationer gjort en litteraturanalys.Analysen bygger på sammanställning och jämförelse av åtta olika publikationer.Enligt forskningen så tyder tecken på att cyber-war kan vara ett framtida hot. / The purpose of this paper is to explore the concept of cyber-war. Cyber-attacks pose major threats to infrastructure, computer systems and network-based services, according to previous research. But how threatening are these attacks? Should we fear that future wars will be virtual? Can a group of people with a few lines of code get control of our nation? To get a better understanding and be able to answer these questions, I have used previously published publications and have made a literature analysis. The analysis is based on a compilation and comparison of eight different publications. According to the research, cyber-war may be a future threat.

Cyber-war

Cyber-threat

Cyber-attack

Cyber-terrorism

Virtuella Attacker

Cyber krig

Virtuellt krig

Cyber war

Cyber threat

Cyber terrorism

Engineering and Technology

Teknik och teknologier

Assessing Terrorist Cyber Threats: Engineering a Functional Construct

Morgan, Deanne

12 1900

Terrorist organizations and individuals make use of the Internet for supportive activities such as communication, recruiting, financing, training, and planning operations. However, little is known about the level of computer-based (“cyber”) threat such terrorist organizations and individuals pose. One step in facilitating the examination and assessment of the level of cyber threat posed by terrorist organizations and individuals is development of an assessment tool or methodology. This tool would guide intelligence collection efforts and would support and facilitate comparative assessment of the cyber threat posed by terrorist organizations and individuals through the provision of a consistent method of assessment across time, amongst organizations and individuals, and between analysts. This study leveraged the professional experience of experts to engineer a new functional construct – a structured analytical technique designed to assess the cyber threat posed by terrorist entities and individuals. The resultant instrument was a novel structured analytical construct that uses defined indicators of a terrorist organization/individual’s intent to carry out cyber attacks, and their capability to actually do so as measures of an organization/individual’s overall level of cyber threat.

terrorism

intelligence analysis

cyber threat

cyberterrorism

analysis instrument

intelligence

Cyberterrorism -- Risk assessment.

Säkerhetisering av cyber? : En studie om inramningen av cyberhot i svensk politik

Pohjanen, Sofia

January 2021

The following thesis intends to study how cyber security and cyber threats are portrayed in Swedish political discourses on cyber between the years 2015-2021. How the question about cyber security is framed can have a major impact on Sweden’s security- and digitization policy and further, on the population's view of which problems are important and how resources should be allocated. Through qualitative text analysis, more specific discourse analysis, political debate articles and government reports will be analyzed to evaluate how the question about cyber security has been framed as an existential threat and if so, for whom?  The purpose is to investigate whether features of securitization occurs and if the question about cyber security can be defined as securitized. And further, what kind of measures has been proposed as protection against these threats? The study also aims to identify which actors' arguments and problem representations have had an impact. The results show that there has been a securitization move within political cyber discourses and a number of safety features have been proposed or have already taken place. The question about cyber security can therefore be defined as securitized. The results also show that a few numbers of government actors have the privilege to represent the problems and furthermore, decide what actions to take.

cyber security

cyber defense

cyber threat

security policy

securitization

Political Science

Statsvetenskap

How Secure are you Online? : A Cybersecurity Assessment of the Recommendations Provided to Swedish Citizens / Hur säker är du online? : En cybersäkerhetsbedömning av rekommendationerna till svenska medborgare

Papadopoulos, Nikolaos

January 2021

With computers, mobile phones and other smart devices being an increasingly part of peoples lives. It is important now, more than ever that people know how to operate them safely and stay protected in the cyber landscape. For citizens to understand how to stay protected online, it is important to understand what to stay safe from. This thesis is therefore examining the cyber threat landscape to understand what threats pose the greatest threat to users. To understand the prerequisites people have in defending themselves, the thesis also examines and evaluates what are recommendations provided to the general public. The results show that the biggest threat is malware with phishing being the usual access vector for it. Recommendations seem to fall behind in reflecting the most prevalent threats, but manage to stay relevant nonetheless.

cybersecurity

recommendations

citizen

individuals

cyber threat landscape

Computer Sciences

Datavetenskap (datalogi)

Understanding Awareness of Cyber Security Threat Among IT Employees

Al-Mohannadi, Hamad, Awan, Irfan U., Al Hamar, J., Al Hamar, Y., Shah, M., Musa, Ahmad S.

11 October 2018

yes / Cyber-attacks have been an increasing threat on people and organisations, which led to massive unpleasant impact. Therefore, there were many solutions to handle cyber-attacks, including Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS). These solutions will provide a huge number of alarms that produce more are false positives. Therefore, the IDS tool result should be operated by a human intelligent be filtered effectively the huge amount of alerts to identify true positive attacks and perform accordingly to the incident response rule. This requires the IT employees to have enough knowledge and competency on operating IDS, IPS and incident handling. This paper aims to examine the awareness of cyber security threat among all IT employees, focusing on three domains: Knowledge, Monitoring and Prevention.

Cyber-attack

Security awareness

Cyber threat

IT employees

Knowledge

Monitoring

Prevention

Cyber Threat Intelligence from Honeypot Data using Elasticsearch

Al-Mohannadi, Hamad, Awan, Irfan U., Al Hamar, J., Cullen, Andrea J., Disso, Jules P., Armitage, Lorna

18 May 2018

yes / Cyber attacks are increasing in every aspect of daily life. There are a number of different technologies around to tackle cyber-attacks, such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), firewalls, switches, routers etc., which are active round the clock. These systems generate alerts and prevent cyber attacks. This is not a straightforward solution however, as IDSs generate a huge volume of alerts that may or may not be accurate: potentially resulting in a large number of false positives. In most cases therefore, these alerts are too many in number to handle. In addition, it is impossible to prevent cyber-attacks simply by using tools. Instead, it requires greater intelligence in order to fully understand an adversary’s motive by analysing various types of Indicator of Compromise (IoC). Also, it is important for the IT employees to have enough knowledge to identify true positive attacks and act according to the incident response process. In this paper, we have proposed a new threat intelligence technique which is evaluated by analysing honeypot log data to identify behaviour of attackers to find attack patterns. To achieve this goal, we have deployed a honeypot on an AWS cloud to collect cyber incident log data. The log data is analysed by using elasticsearch technology namely an ELK (Elasticsearch, Logstash and Kibana) stack.

Cyber attacks

Cyber threats

Honeypot data

Elasticsearch

Cyber threat intelligence technique

Reference Model to Identify the Maturity Level of Cyber Threat Intelligence on the Dark Web

Santos, Ricardo Meléndez, Gallardo, Anthony Aguilar, Aguirre, Jimmy Armas

01 January 2021

El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado. / In this article, we propose a reference model to identify the maturity level of the cyber intelligence threat process. This proposal considers the dark web as an important source of cyber threats causing a latent risk that organizations do not consider in their cybersecurity strategies. The proposed model aims to increase the maturity level of the process through a set of proposed controls according to the information found on the dark web. The model consists of three phases: (1) Identification of information assets using cyber threat intelligence tools. (2) Diagnosis of the exposure of information assets. (3) Proposal of controls according to the proposed categories and criteria. The validation of the proposal was carried out in an insurance institution in Lima, Peru, with data obtained by the institution. The measurement was made with artifacts that allowed to obtain an initial value of the current panorama of the company. Preliminary results showed 196 emails and passwords exposed on the dark web of which one corresponded to the technology manager of the company under evaluation. With this identification, it was diagnosed that the institution was at a “Normal” maturity level, and from the implementation of the proposed controls, the “Advanced” level was reached. / Revisión por pares

Cyber threat intelligence

Cybersecurity

Dark web

Maturity model

Information assets

Intelligence tool

Maturity levels

Reference modeling

Technology managers

Kybernetická bezpečnost: vztah USA a Číny / Cyber Security: US - Chinese Relations

Debnárová, Barbora

January 2015

This diploma thesis deals with cyber relation of the United States of America and the People's republic of China. The aim of this diploma thesis is to answer the following questions: What kind of cyber threat for the United States does China represent? How is China's cyber strategy characterised? How do USA react on this threat and what are the gaps in this reaction? The thesis is divided into four chapters. The first chapter deals with definition of cyberwarfare and its perception in Chinese context. The second chapter analyses USA - China relation and its implication for cyber security. The third chapter represents US reaction on Chinese cyber threat. The last chapter deals with the gaps in the reaction. Keywords USA, China, cyber threat, cyberwarfare, cyber espionage