It is universally known that no one, be it an individual or a company, can hope to find and neutralize every threat that can be found out in the wild.
In cyber crime there is a tendency towards industrialization. You can find forums and marketplaces where services (such as hacking, spamming, phishing, DDoS and malware deployers), products (like malware builders, panels, exploit kits and phishing kits), and intelligence and know-how, are being sold and exchanged in order to gain profit.
This industrial ecosystem has grown more and more, consequently increasing and strengthening all threats.
The only way for us, the security companies and professionals, to protect the end-user is to be one step ahead of cyber criminals, but that’s impossible as long as we don’t collaborate and share intelligence on our findings and investigations.
Luckily, hacking has always been about learning and sharing that information, and so, nowadays we can find some channels being used to share this intelligence, like, for example, mailing lists.
But, as the threats we faced before aren’t the same that we face today, there’s a need to upgrade these channels, and to improve them in order to make them more efficient and effective.
There are significant advantages for organizations and individuals willing to share threat intelligence content. This collaboration allows organizations to defend their users as a group, because each one has the necessary information to take any precautions against the incoming attack.
Security researchers and individuals also benefit from this kind of information. While researching malware, for example, being able to access panels and samples of that malware, or to read reports about them in a centralized way, makes it easier to understand the inner workings of the sample, and how to protect yourself from it, or how to take the fight to their side, with, for example, a takedown.
Usually, the collaboration takes two forms. The first one is by sharing information internally with multiple individuals in an organization, like threat analysts, SOC analysts, or, in some cases, mailing lists. This is the most common collaborative model nowadays.
On the other hand, there’s also the possibility of sharing intelligence with a group of trusted companies, which usually comes in the form of an alliance between organizations.
Sharing intelligence is starting to become more common, up to the point where structured languages used to share this intelligence and IOCs like STIX and exchange mechanisms such as TAXII are becoming more and more used internally, and between companies.
At Blueliv, we believe that sharing expertise and intelligence is the key to get the upper hand in an ever-changing war on cyber crime and to be part of this ecosystem we have created a community where you can obtain live data about crime servers activity, analyze your IPs to see if they are interacting with crime servers or access to Blueliv’s global intelligence.