Cybersecurity is one of the primary concerns of internet users nowadays, which includes commercial and governmental organizations as well. Recent, large-scale data breaches at Gmail, Equifax, Facebook, Google+ Cathay Pacific Airways, and Yahoo, etc., have made it clear that the bigger the organization, the higher would be the cybersecurity threat.
The role of Dark Web forums in making such wide-ranged cyber attacks possibly cannot be overlooked. There is a dire need to develop methods that can identify well advance if an organization is on the radar of cyberattackers through monitoring the Dark Web. One such system has already been developed by an international cyber-security research team.
Predicting future attacks is no more a dream. Researchers from Lockheed Martin Laboratories, Cyber Reconnaissance, and Arizona, USC, and UNS universities have published a paper [PDF] to describe the new system they have developed to predict cyber attacks and prevent infiltrations by hackers.
This new AI-based system has been named DARKMENTION and it works by understanding the association rules that connect attack indicators to actual cyber-attacks. The system has been developed under the Cyberattack Automated Unconventional Sensor Enrivonment (CAUSE) program from IARPA.
DARKMENTION monitors the forum discussions on mainstream platforms and illegal marketplaces and matches the information with the data that it already has. The system contains over 500 historical records of cyber-attacks that actually have occurred. The data has been obtained from CYR3CON, a cyber-threat intelligence firm.
“DARKMENTION specifically predicts enterprise-targeted attacks and the periods in which those threats are predicted,” researchers explain in the paper.
DARKMENTION can be understood as a tool developed to address the issues that are closely linked to resource allocation, situational awareness, and prioritization of countermeasures. Particularly, DARKMENTION offers four types of warnings.
It indicates the accurate time-point within which an attack is predicted to occur; it offers a warning and metadata details such as the type of attack, targeted organization, volume, the vulnerabilities prevailing in the software, and threat actor. It can also predict the unseen actual attacks that may increase with an average of 45% for an organization and 57% for the other. Lastly, it lets analysts track the warnings back to the discussions and being designed for the attack. In this way, this system tends to be timely, actionable, accurate, and transparent, as claimed by the researchers.
The tool collects data from 400 different platforms and then filters it through machine learning models and deleted data related to irrelevant aspects such as drugs and weapons. It is through this kind of real-time tracking that the tool is able to get the hint about probable future threats in order to generate warnings and then the information is transmitted to a security operations center.
The system is already receiving warnings with an average of three warnings per day, which is way higher than the currently prevailing baseline systems. It is believed to be a productive system in this sense.
“Although the problem is difficult,” the paper reads, “our system proves to be useful as a tool that helps SOC teams to identify risks, potential sources of risk (vulnerabilities or threat actors) and context on which it builds its reasoning in a timely, actionable accurate, and transparent manner.”
It is worth noting that the Dark Web marketplaces are the thriving platform for buying fake documents, illegal drugs, and guns, and their discussion forums are used to plan for new cyber attacks. Hackers anonymously use these forums to discuss the vulnerabilities and to buys/sell malicious software.