With a global pandemic being featured in the news and media, we are familiar with what a virus is and what its negative implications are if it is not properly mitigated. In the digital world, there is a similar type of threat of action that does not receive the same prominence, the cyber virus.
Such virtual problems are called viruses because they act in a similar way to biological ones. Here are some characteristics of the types of hazards on the internet:
There are always new cyber contaminations emerging, called zero-day attacks. The cybercriminal community is constantly inventing new ways to breach and exploit organizations and users.
Cyber threats can change, as the cybercriminal community has migrated to a cycle of innovation that has inspired a myriad of similar attacks, meaning that each new action is a learning process built on the previous one.
Problems in the online world have the ability to infiltrate quickly, at any time. With new attacks powered by artificial intelligence (AI), trusted individuals can be personified, and the attacks can blend in the background and infiltrate more quickly and effectively.
Like coronavirus, virtual threats cannot be entirely avoided, and our best bet is to quickly detect and mitigate any new attacks. To do this effectively, the cybersecurity community can take advantage of many information sharing principles that the scientific community adopts to fight viruses.
What principles can be used to fight viruses?
Strength in numbers: the more people collect and share threat intelligence information, the more opportunities there are to detect a zero-day attack and share mitigation strategies. The objective is mutual empowerment to obtain collective immunity.
Trust and experience: a community that shares intelligence about threats can also share trust; with that, their data sources and threat mitigation strategies can be updated and credible.
High relevance: threat intelligence data must be highly relevant to those using it. Cyber attacks in sectors and verticals have the ability to be targeted and contextualized, so the way to fight them must also be specialized and relevant.
As important as the quality of the threat intelligence data sources are the methods used to distribute them regularly and on demand in forms that can be handled by others. Some examples of types of threat intelligence data that may be beneficial for sharing are:
Common Vulnerabilities and Exposures (CVE) metadata, which allows recipients to search for CVE flaws connected with locations through SHA-256 encrypted files;
file reputation, which allows recipients to query the data provider’s classification of malicious files recorded based on SHA-256 encrypted documents;
URL database, which allows recipients to query the data provider’s rating for certain detected malicious URLs and IPs;
scheduled feed, which allows all types of data cited to be scheduled for a regular export from the provider to its recipient.