Leveraging Threa T inTeLLigence - IntSightswow.intsights.com/rs/071-ZWD-900/images/Leveraging... · connectivity plays in operational efficiency, have moved oil and gas companies

threat intelligence USe caSeSintSightS

1 A Complete Guide to Industry and Functional Use Cases

Leveraging ThreaT inTeLLigenceA Complete Guide to Industry and Functional Use Cases

Threat Intel l igence Real ized.



inTroducTion To ThreaT inTeLLigenceThe practice of gathering intelligence is not a new concept. While the methods and motives may change,

the main idea is to collect information that will help you stop some form of future damage or harm. Just like

law enforcement and government agencies work to establish intelligence sources to prevent future crimes,

organizations can collect intelligence to prevent future cyberattacks.

With the cyber threat landscape evolving rapidly, many enterprises and other large organizations are seeking

more effective ways to protect themselves and their employees from these threats. This practice has become

known as Cyber Threat Intelligence (CTI). There are lots of definitions that you can find for CTI, but the goal is to

provide advanced warning and proactive detection of cyberattacks before they’re carried out. In other words, it’s

trying to understand the Who, What, Where, When and Why behind a cyberattack.

Threat intelligence and digital risk protection solutions can help you take a more proactive approach to managing

cybersecurity. By translating early warnings and imminent threats into specific security actions, you can

significantly reduce your risk and preemptively mitigate attacks.

However, many organizations have struggled to adopt threat intelligence effectively, either due to lack of

resources or lack of knowledge for how to manage this type of cyber intelligence. This means many companies

are missing out on key intelligence they can leverage to better protect themselves and secure their environments.

In this document, we provide an overview for how Threat Intelligence can be used for the following industries and

use cases.

IndUstrIesAutomotive

Financial services

Gaming & Leisure

Healthcare

Manufacturing

Oil & Gas

retail

Use CAsesBrand Protection

Credential Leakage

dark Web Monitoring

Fraud detection

Incident response & threat Hunting

Phishing detection & takedown

VIP & executive Protection

Vulnerability Prioritization



indusTry use cases

Automotive

Financial services

Gaming & Leisure

Healthcare

Manufacturing

Oil & Gas

retail



auTomoTiveAutomakers are incorporating more technology into the design and production of their

vehicles, increasing their IT complexity and attack surface. Automotive companies make

lucrative targets for hackers because both their information and products are expensive,

and they rely on lots of different technology and business partners.

tHreAt InteLLIGenCe Use CAses Here are some common cyber threats that Automotive organizations need help protecting against.

1. Stolen Vehicles Being Sold on the Dark Web

2. Vehicle Hacking and Attack Strategies

3. Intellectual Property Protection

4. IoT Threats and Attack Indication

5. Architectural Plans or Diagrams

6. Spam or Phishing Attacks

7. Target List or Attack Intention

8. Brand or VIP Impersonation

9. Insider Threats

HOW IntsIGHts CAn HeLPIntSights provides the industry’s most comprehensive view into external threats facing the automotive vertical,

allowing organizations to see, investigate and mitigate new threats targeting them and their customers.

ANTICIPATE DIRECT

THREATS

PROTECT BRAND &

CUSTOMERS

IDENTIFY IPLEAKS



FinanciaL servicesTo boost their competitiveness, financial services companies are moving their operations

to the cloud, and embracing new technologies such blockchain, Bitcoin and other

cryptocurrencies, and digital payment systems. But the SWIFT incident and other high-profile

attacks have made it clear that using these next-gen financial systems introduces new risks.

tHreAt InteLLIGenCe Use CAsesHere are some common cyber threats that Financial Services organizations need help protecting against.

1. Leaked Credit Cards (using BIN)

2. Leaked Bank Accounts

3. Bank Material For Sale on Black Market

4. Leaked M&A, Investment or Other Private Information

5. Fake Social Media Accounts

6. Phishing Sites (Targeting Employees and/or Customers)


8. Cash Back or Tax Refund Scheme


10. Insider Threats

HOW IntsIGHts CAn HeLP IntSights enables firms to identify, understand, and preemptively mitigate attacks before they impact

customers, disrupt firms’ operations, cause reputational damage, or create regulatory exposure.

ANTICIPATE DIRECT

THREATS

REDuCE fRAuD

PRoTECT CuSTomERS



gaming & LeisureFor years, the Gaming, Hospitality and Leisure industry has been a favored target of

criminals. Unfortunately, hackers are now also finding favor in targeting the industry as

technologies adopted to improve customer experience and maximize revenue have created

online opportunities for exploitation, data theft and fraud.

tHreAt InteLLIGenCe Use CAsesHere are some common cyber threats that Gaming & Leisure organizations need help protecting against.

1. Phishing Websites and Scams

2. Slot Machine Hacking

3. Loyalty Club Attacks



6. Insider Threats

HOW IntsIGHts CAn HeLPIntSights mediates the cyber risks and exposure that comes with new rewards programs, player cards,

multi-channel engagement strategies, and merger and acquisition activity.

ANTICIPATE DIRECT

THREATS

IDENTIfy GAmING SCAmS

mAINTAINbRAND

REPuTATIoN



heaLThcareIt’s well known that the healthcare sector is in in an uphill battle with hackers. What’s less

widely recognized is that as hospitals expand their use of connected medical devices, it’s

opening up new attack vectors for hackers. Now, instead of just holding networks or EMR

systems for ransom, hackers can do the same with things like dialysis machines, insulin

pumps, and CAT scanners.

tHreAt InteLLIGenCe Use CAsesHere are some common cyber threats that Healthcare organizations need help protecting against.

1. Leaked Patient Records or Intent to Leak (HIPAA)

2. Leaked PII From VIPs, Employees or Patients

3. Fake Social Media Accounts



6. Malware Documents Using Entity Name


8. Insider Threats

HOW IntsIGHts CAn HeLPIntSights gives healthcare organizations the tailored intelligence and automated remediation capabilities

they need to protect themselves and their patients from these evolving cybersecurity threats.

ANTICIPATE DIRECT

THREATS

PRoTECTPATIENT PII

PRoTECT mEDICAl DEvICES



manuFacTuringManufacturers are connecting their networks, integrating their OT and IT environments,

and using the Industrial Internet of Things’ sensor data and machine-to-machine

communication to run their supply chains, production lines, and entire factories. This

automation and connectivity delivers big efficiency gains, but it also creates a much larger

attack surface for hackers to infiltrate.

tHreAt InteLLIGenCe Use CAsesHere are some common cyber threats that Manufacturing organizations need help protecting against.

1. Intellectual Property Protection

2. IoT Threats and Attack Indication

3. Architectural Plans or Diagrams



6. Key Generators


8. Insider Threats

HOW IntsIGHts CAn HeLPIntSights gives manufacturers the tailored intelligence and automated remediation capabilities they need to

leverage automation while protecting their plants, equipment, processes, and intellectual property.

ANTICIPATE DIRECT

THREATS

PRoTECTmANufACTuRINg

DEvICES

IDENTIfyIP lEAkS



oiL & gasThe need for a shared approach to critical infrastructure protection, and the increasing role

connectivity plays in operational efficiency, have moved oil and gas companies away from

the ‘air gaps’ that used to protect their networks – and into hackers’ line of fire.

tHreAt InteLLIGenCe Use CAsesHere are some common cyber threats that Oil & Gas organizations need help protecting against.

1. Operational Technology Attacks

2. Phishing Scams

3. Leaked Credentials

4. Industrial Supplier Protection



7. Insider Threats

HOW IntsIGHts CAn HeLP IntSights provides oil and gas companies with the tailored threat intelligence and automated remediation

they need to protect against attacks that aim to exploit their new, more connected networks.

ANTICIPATE DIRECT

THREATS

PRoTECT INDuSTRIAl CoNTRolS

IDENTIfySENSITIvE

DATA lEAkAgE



reTaiLThe rapid adoption of next-generation transactional and virtual shopping technologies in

parallel with demands for customer engagement and rewards programs have introduced new

risks, putting security teams tasked with protecting the brand and its loyal customers in the

crosshairs.

tHreAt InteLLIGenCe Use CAsesHere are some common cyber threats that Retail organizations need help protecting against.

1. Stolen Gift Cards & Gift Card Scams

2. Refund Scams

3. Reward or Membership Scams

4. Carding Methods

5. Company Products Being Sold on Black Market

6. Fake Social Media Accounts & Mobile Applications

7. Phishing Sites (Targeting Customers and/or Employees)


9. Insider Threats

HOW IntsIGHts CAn HeLP IntSights delivers the capabilities necessary to see, investigate and

mitigate the threats designed to exploit the innovations driving change in the retail industry.

ANTICIPATE DIRECT

THREATS

IDENTIfyRETAIl SCAmS

mAINTAINbRAND

REPuTATIoN



generaL use cases & gLossary

Brand Protection

Credential Leakage

dark Web Monitoring

Fraud detection

Incident response & threat Hunting

Phishing detection & takedown

VIP & executive Protection

Vulnerability Prioritization



ThreaT inTeLLigence: gLossary & generaL use cases

BrAnd PrOteCtIOnThe larger your corporate brand and reach, the bigger the target is on your back. It takes lots

of time, effort, and money to create a brand and build brand equity. That’s what makes it so

valuable – and so attractive as a target for hackers. Next-generation threat intelligence platforms

provide real-time scanning of external sources to detect tampering and impersonation that could

negatively affect your brand’s reputation including your organization’s domains, IP addresses,

mobile applications, and social media pages.

In addition, you need access to tools and partnerships that allow you to takedown brand

impersonation campaigns once you identify them. Accelerating the takedown process will

minimize the overall risk and damage from these attacks.

CredentIAL LeAkAGeThe easiest and most effective way for any criminal to succeed is with direct, credentialed access

to protected systems. Stolen emails and passwords are some of the most valued information on

the dark web, and unfortunately social-engineering campaigns and gaps in security processes

leave them exposed and easily attainable. Advanced threat intelligence platforms provide near

real-time notification of credential leakage incidents and can verify if the leaked credentials are

active in your directory system and thus, pose a risk. In addition, you should leverage automation

capabilities to automatically block access or send password reset notifications to any leaked

credentials that are active.

dArk WeB MOnItOrInGProtecting your organization without dark web monitoring is like trying to defend a castle without

any watch posts. Attackers often tip their hands by doing things on the surface and dark web

like scouting targets, using suspicious tools, and collaborating with other hackers. This insight

can be incredibly valuable in helping you thwart attacks before they hit your organization. Next-

generation threat intelligence platforms provide continuous scanning and sophisticated analysis

capabilities to understand how a threat impacts your organization and if action is needed.



FrAUd deteCtIOnMost organizations have a range of IT security tools in place, such as firewalls, gateways, IDS/

IPS, and malware detection systems. They’ve also taken steps to integrate and further harden

those systems. With these tougher defense-in-depth measures to beat, many hackers now use

a variety of fraud tactics to sell personal and/or financial data on black market and circumvent

corporate defense systems.

Advanced threat intelligence platforms can identify fraud campaigns that take place outside your

firewall, so you can protect customers, employees and partners from fraudulent activity.

InCIdent resPOnse & tHreAt HUntInGIn any adversarial situation, it’s critical to study and know your enemy. Next-generation threat

intelligence platforms provide IT Security & SOC teams visibility into potential threats and

detailed, evidentiary trends and campaign data for in-depth threat investigation, monitoring and

engagement.

PHIsHInG deteCtIOn & tAkedOWnPhishing is one of the most popular attacks used by threat actors because it’s simple and it

works. Rather than waiting for a perimeter defense (i.e. Antivirus, Firewall) to detect and block

a phishing sites, there are more proactive measures you can take to thwart these attacks.

Advanced threat intelligence solutions can monitor for suspicious domains that mimic your

corporate domains and/or IP addresses, and tell you if that domain might be used for malicious

activity.

In addition, threat intelligence solutions can help you identify phishing attempts through newer

channels, like social media or application stores, that may be attempting to target customers.

This enables you to extend phishing protection to customers and partners, not just your

employees.

Lastly, make sure you’re using a solution that allows you to takedown and automatically block

malicious URLs and campaigns to stop attacks before they are launched.


VIP & exeCUtIVe PrOteCtIOnGone are the days when executive protection only extended to physical security. With the

amount of information on the web and social media, it’s become incredibly easy to launch

targeted attacks against company executives. And it’s not just executives; organizations need

to worry about cybersecurity for other senior people associated with their businesses, including

investors, board members, and advisors. Next-generation threat intelligence platforms provide

continuous, customized scanning of a wide range of online sources, including email and social

media sites to ensure real-time notification of criminal attempts to spoof executive personas.

VULnerABILIty PrIOrItIzAtIOnGiven how fast the threat landscape grows and changes, manually correlating threat and exploit

data to vulnerabilities is no longer a viable strategy. Automation is a must. Advanced threat

intelligence platforms understand the risk, urgency, and potential impact of exploits to your

organization’s specific vulnerabilities, enabling you to prioritize activities and quickly understand

what’s most important.

Threat Intel l igence Real ized.

ABOUt IntsIGHtsIntSights is redefining cyber security with the industry’s first and only enterprise threat management platform that transforms tailored threat intelligence into automated security operations. Our ground-breaking data-mining algorithms and unique machine learning capabilities continuously monitor an enterprise’s external digital profile across the surface, deep and dark web, categorize and analyze tens of thousands of threats, and automate the risk remediation lifecycle — streamlining workflows, maximizing resources and securing business operations. This has made IntSights’ one of the fastest growing cyber security companies in the world. IntSights has offices in Tel Aviv, Amsterdam, New York, Dallas, Tokyo, Singapore and is backed by Glilot Capital Partners, Blumberg Capital, Tola Capital, Blackstone and Wipro Ventures. To learn more, visit www.intsights.com.