Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence

Article

Samtani, Sagar; Chinn, Ryan; Chen, Hsinchun; Nunamaker, Jay F., Jr.

University of Arizona; University of Arizona; National Science Foundation (NSF); University of Arizona; University of Arizona; University of Arizona; University of Arizona

JOURNAL OF MANAGEMENT INFORMATION SYSTEMS

0742-1222

10.1080/07421222.2017.1394049

2017

1023-1053

Cyber attacks cost the global economy approximately $445 billion per year. To mitigate attacks, many companies rely on cyber threat intelligence (CTI), or threat intelligence related to computers, networks, and information technology (IT). However, CTI traditionally analyzes attacks after they have already happened, resulting in reactive advice. While useful, researchers and practitioners have been seeking to develop proactive CTI by better understanding the threats present in hacker communities. This study contributes a novel CTI framework by leveraging an automated and principled web, data, and text mining approach to collect and analyze vast amounts of malicious hacker tools directly from large, international underground hacker communities. By using this framework, we identified many freely available malicious assets such as crypters, keyloggers, web, and database exploits. Some of these tools may have been the cause of recent breaches against organizations such as the Office of Personnel Management (OPM). The study contributes to our understanding and practice of the timely proactive identification of cyber threats.