Improving Forensic Triage Efficiency through Cyber Threat Intelligence

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR

Agriculture 4.0 and beyond: Evaluating cyber threat intelligence sources and techniques in smart farming ecosystems

The digitisation of agriculture, integral to Agriculture 4.0, has brought significant benefits while simultaneously escalating cybersecurity risks. With the rapid adoption of smart farming technologies and infrastructure, the agricultural sector has become an attractive target for cyberattacks. This paper presents a systematic literature review that assesses the applicability of existing cyber threat intelligence (CTI) techniques within smart farming infrastructures (SFIs). We develop a comprehensive taxonomy of CTI techniques and sources, specifically tailored to the SFI context, addressing the unique cyber threat challenges in this domain. A crucial finding of our review is the identified need for a virtual Chief Information Security Officer (vCISO) in smart agriculture. While the concept of a vCISO is not yet established in the agricultural sector, our study highlights its potential significance. The implementation of a vCISO could play a pivotal role in enhancing cybersecurity measures by offering strategic guidance, developing robust security protocols, and facilitating real-time threat analysis and response strategies. This approach is critical for safeguarding the food supply chain against the evolving landscape of cyber threats. Our research underscores the importance of integrating a vCISO framework into smart farming practices as a vital step towards strengthening cybersecurity. This is essential for protecting the agriculture sector in the era of digital transformation, ensuring the resilience and sustainability of the food supply chain against emerging cyber risks

Aquisição e modelação de Threat Intelligence para desenvolver um sistema de reputação

A internet é a tecnologia crucial da Era da Informação, pois permite melhorar o desempenho das organizações e agilizar processos de negócio. A pandemia que marcou a segunda década do século XXI, a COVID-19, veio reforçar esta situação, pois fez com que o teletrabalho se tornasse uma realidade na generalidade das organizações, resultando num crescimento exponencial dos dispositivos conectados às redes das organizações. Consequentemente, os dispositivos vulneráveis a ataques, bem como os pontos de acesso à rede aumentaram, como tal a segurança da informação, das infraestruturas digitais e a forma como são armazenados os dados, têm gerado uma preocupação crescente no seio das organizações. Paralelamente, a threat intelligence aplicada no âmbito da cibersegurança é preponderante, pois permite partilhar dados sobre indicadores de compromisso com o objetivo de mitigar ameaças, bem como minimizar o impacto das ameaças do dia zero nos sistemas de informação. O presente trabalho visa o desenvolvimento de um modelo preciso e robusto para calcular a reputação de ameaças, tendo como base a threat intelligence. Desta forma, foi desenvolvido um conector compatível com a plataforma OpenCTI, utilizada para recolher e partilhar informações sobre as ameaças. Este conector permite recolher dados de plataformas externas e, através de um algoritmo, avaliar o nível de ameaça (ThreatScore) do indicador de compromisso, bem como o nível de confiança (TrustRating) da pontuação atribuída. A framework desenvolvida é de prevenção de ameaças, ou seja, é um mecanismo complementar às defesas da organização para a tomada de decisão.Internet is the crucial technology of the information age. It improves company’s performance and speeds up the business process. The pandemic situation that marked the second decade of the 21st century, COVID-19, reinforced this situation, many public and private organizations implemented teleworking, resulting in an exponential growth of devices connected to organizations networks. Therefore, devices vulnerable to attacks, as well as network access points, have increased, this generated a growing concern within organizations, about the security of information, digital infrastructures and the way in which data are stored. At the same time, threat intelligence applied to the cybersecurity is beginning to be predominant, as it allows sharing data about indicators of compromise (IoC) with the aim of mitigating threat risks, as well as minimizing the impact of zero-day vulnerability to steal vital and sensitive data from the companies. In the present work, we focus on developing a lightweight and accurate model to calculate a reputation score, based in the acquisition of threat intelligence. In this way, a compatible connector was developed for the OpenCTI platform, this platform is used to collect and share information about threats. The developed connector allows collecting data from external platforms and using an algorithm to calculate the threat level (ThreatScore) of the indicator of compromise analyzed, as well as the confidence level (TrustRating) of the assigned score. This framework is designed to complement, not to replace, cybersecurity program and risk management processes, providing credible information for decision making