Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence

Sagar Samtani, Ryan Chinn, Hsinchun Chen, Jay F Nunamaker

Research output: Contribution to journalArticle

12 Citations (Scopus)

Abstract

Cyber attacks cost the global economy approximately $445 billion per year. To mitigate attacks, many companies rely on cyber threat intelligence (CTI), or threat intelligence related to computers, networks, and information technology (IT). However, CTI traditionally analyzes attacks after they have already happened, resulting in reactive advice. While useful, researchers and practitioners have been seeking to develop proactive CTI by better understanding the threats present in hacker communities. This study contributes a novel CTI framework by leveraging an automated and principled web, data, and text mining approach to collect and analyze vast amounts of malicious hacker tools directly from large, international underground hacker communities. By using this framework, we identified many freely available malicious assets such as crypters, keyloggers, web, and database exploits. Some of these tools may have been the cause of recent breaches against organizations such as the Office of Personnel Management (OPM). The study contributes to our understanding and practice of the timely proactive identification of cyber threats.

Original languageEnglish (US)
Pages (from-to)1023-1053
Number of pages31
JournalJournal of Management Information Systems
Volume34
Issue number4
DOIs
StatePublished - Oct 2 2017

Fingerprint

Computer networks
Information technology
Personnel
Costs
Industry
Threat
Assets
Malware
Attack

ASJC Scopus subject areas

  • Management Information Systems
  • Computer Science Applications
  • Management Science and Operations Research
  • Information Systems and Management

Cite this

Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence. / Samtani, Sagar; Chinn, Ryan; Chen, Hsinchun; Nunamaker, Jay F.

In: Journal of Management Information Systems, Vol. 34, No. 4, 02.10.2017, p. 1023-1053.

Research output: Contribution to journalArticle

@article{18dead1e2d7c4af09304398850e71cab,
title = "Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence",
abstract = "Cyber attacks cost the global economy approximately $445 billion per year. To mitigate attacks, many companies rely on cyber threat intelligence (CTI), or threat intelligence related to computers, networks, and information technology (IT). However, CTI traditionally analyzes attacks after they have already happened, resulting in reactive advice. While useful, researchers and practitioners have been seeking to develop proactive CTI by better understanding the threats present in hacker communities. This study contributes a novel CTI framework by leveraging an automated and principled web, data, and text mining approach to collect and analyze vast amounts of malicious hacker tools directly from large, international underground hacker communities. By using this framework, we identified many freely available malicious assets such as crypters, keyloggers, web, and database exploits. Some of these tools may have been the cause of recent breaches against organizations such as the Office of Personnel Management (OPM). The study contributes to our understanding and practice of the timely proactive identification of cyber threats.",
author = "Sagar Samtani and Ryan Chinn and Hsinchun Chen and Nunamaker, {Jay F}",
year = "2017",
month = "10",
day = "2",
doi = "10.1080/07421222.2017.1394049",
language = "English (US)",
volume = "34",
pages = "1023--1053",
journal = "Journal of Management Information Systems",
issn = "0742-1222",
publisher = "M.E. Sharpe Inc.",
number = "4",

}

TY - JOUR

T1 - Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence

AU - Samtani, Sagar

AU - Chinn, Ryan

AU - Chen, Hsinchun

AU - Nunamaker, Jay F

PY - 2017/10/2

Y1 - 2017/10/2

N2 - Cyber attacks cost the global economy approximately $445 billion per year. To mitigate attacks, many companies rely on cyber threat intelligence (CTI), or threat intelligence related to computers, networks, and information technology (IT). However, CTI traditionally analyzes attacks after they have already happened, resulting in reactive advice. While useful, researchers and practitioners have been seeking to develop proactive CTI by better understanding the threats present in hacker communities. This study contributes a novel CTI framework by leveraging an automated and principled web, data, and text mining approach to collect and analyze vast amounts of malicious hacker tools directly from large, international underground hacker communities. By using this framework, we identified many freely available malicious assets such as crypters, keyloggers, web, and database exploits. Some of these tools may have been the cause of recent breaches against organizations such as the Office of Personnel Management (OPM). The study contributes to our understanding and practice of the timely proactive identification of cyber threats.

AB - Cyber attacks cost the global economy approximately $445 billion per year. To mitigate attacks, many companies rely on cyber threat intelligence (CTI), or threat intelligence related to computers, networks, and information technology (IT). However, CTI traditionally analyzes attacks after they have already happened, resulting in reactive advice. While useful, researchers and practitioners have been seeking to develop proactive CTI by better understanding the threats present in hacker communities. This study contributes a novel CTI framework by leveraging an automated and principled web, data, and text mining approach to collect and analyze vast amounts of malicious hacker tools directly from large, international underground hacker communities. By using this framework, we identified many freely available malicious assets such as crypters, keyloggers, web, and database exploits. Some of these tools may have been the cause of recent breaches against organizations such as the Office of Personnel Management (OPM). The study contributes to our understanding and practice of the timely proactive identification of cyber threats.

UR - http://www.scopus.com/inward/record.url?scp=85039915592&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85039915592&partnerID=8YFLogxK

U2 - 10.1080/07421222.2017.1394049

DO - 10.1080/07421222.2017.1394049

M3 - Article

AN - SCOPUS:85039915592

VL - 34

SP - 1023

EP - 1053

JO - Journal of Management Information Systems

JF - Journal of Management Information Systems

SN - 0742-1222

IS - 4

ER -