Content area
Full text
Abstract: Through cyber threat intelligence (CTI), information is collected and analyzed from the surface web, deep web, and dark web. Threat intelligence refers to the knowledge, context, and insight gained by analyzing a wide range of physical, geopolitical, and cyber threats. CTI specifically involves the collection, processing, and analysis of data, leading to an understanding of the motivations, targets, and attack methods of threat actors. CTI helps facilitate faster, better-informed, and data-driven security decisions. It enables a shift from reactive defense to proactive engagement against threat actors. In the context of cybersecurity, various indicators are used. The indicators that are most used are Indicators of Compromise (l°C) and Indicator of Attack (loA). The collected observational data is used to understand the attacker's motivation for the attack and to predict their future actions. This provides the necessary perspective for decision-making to organize defense from reactive to proactive action. This study analyzes the role of the dark web as a source of l°C and loA, as cyber threat actors primarily operate and communicate on dark web platforms. The dark web is a part of the deep web that is intentionally hidden and inaccessible through regular web browsers. Using the dark web allows for nearly complete anonymity online by encrypting data packets and routing them through several network nodes.
Keywords: Cyber threat intelligence, Dark Web, l°C, loA
1. Introduction
Today systems are attacked more and more by single or multiple hacktivists, state sponsored hackers, cyber criminals, cyber terrorists, cyber-spies or cyber warfare fighters. The cyber security approach requires a balance of cyber threat intelligence, real time cyber-attack detection and especially the ability to cyber early warning.
The global community is facing an increase, sophistication, and successful perpetration of cyber-attacks. As the quantity and value of digital information has increased, so too have the efforts of Criminals and other Malicious actors, for whom the Internet offers the opportunity to prepare and execute anonymous attacks beyond the reach of attribution. Of primary concern is the Threat of organized cyber-attacks capable of causing debilitating disruptions to a nation's critical infrastructures, functions Vital to society, economy, or national security. So far, many proactive techniques have been proposed to deal with these threats. In order to create an effective cyber situational picture,...