Exploring Open Source Information for Cyber Threat Intelligence

The cyberspace is one of the most complex systems ever built by humans, the utilization of cyber-technology resources are used ubiquitously by many, but sparsely understood by the majority of the users. In the past, cyber attacks were usually orchestrated in a random pattern of attack to lure unsuspecting targets. More evidence has demonstrated that cyber attack knowledge is shared among individuals and hacker forums in the virtual ecosystem. This paper proposes using open source intelligence from the surface web (Twitter) and deep web hacker forums to identify texts related to cyber threats.Our model can provide cybersecurity experts and law enforcement agencies reliable information that can be adopted in developing control and containment strategies for cyberattacks with 82% accuracy. The proposed methodology combines information extracted from the deep web and technical indicators of threats from the surface web. In this paper, we analyzed more than 10 billion records breached in over 8,000 reported cases between 2005 - 2019 in the United States that were obtained from the Privacy Rights Clearinghouse (PRC) Chronology of Data Breaches. Finally, we propose a future research direction on risk profiling for cyberattacks using geo-spatial techniques.