What Social Media Has to Offer Threat Intelligence

Social media is the first spot many security analysts go to learn about threat intelligence, creating a popular community for sharing information about cyber-attacks.

Igal Lytzki

July 6, 2023

4 Min Read

As new threat vectors emerge and grow in numbers, cybersecurity defenders are left with the daunting task of thwarting a rising volume of increasingly sophisticated attacks. Accordingly, threat intelligence has never been a more important tool for enterprises trying to keep up.

Effective threat intelligence is built on knowledge-sharing both within and across organizations. Social media has proven to be a valuable tool for facilitating such cross-organizational collaboration, with44% of organizations citing the utility social media-borne intelligence brings to their digital protection solutions. As social platforms and open-source tools, from mainstream platforms like Twitter to more specialist forums such as MalwareBazaar, continue demonstrating their value for thwarting threats in the constantly evolving cyber landscape, security professionals should learn how best to use these tools to their advantage.

It Takes a Village

Considering the vast array of attack vectors today, organizations have a hard time keeping up with the frequency and sophistication of cyber-attacks -- especially if they don’t employ an efficient, advanced security system and develop a balanced and well-structured cyber strategy. To understand the full scope of emerging attack trends, threat intelligence requires security professionals to work together to maintain a real-time awareness of the evolving attack landscape. Thus, threat intelligence requires tools that can communicate and disseminate the vast array of new and evolving threats, sourced openly from researchers worldwide.

For many security analysts, Twitter has become ground-zero for threat intelligence synergy. The public-facing nature of Twitter, combined with its accessible interface, enables users to post about any threat widely and instantaneously, and to learn about threats other analysts have shared. Some of the biggest threat intelligence accounts, such as @Gi7w0rm and @JAMESWT_MHT, have gained as many as 30,000 followers who regularly turn to them for threat intelligence updates.

Beyond Twitter, cyber specific open-source tools such asMalwareBazaar allow analysts to share IOCs and other files that can prove useful in identifying and thwarting threats.

Give and Take

These open-source communities serve as a vital resource to grow knowledge and experience, as they provide insight and feedback on different threat types and how to defend against them. Moreover, they offer security professionals opportunities to develop new professional relationships in the field and to support one another in the shared pursuit of cyber protection.

Individual analysts are not the only ones who can leverage these professional networks -- many organizations involved in threat intelligence are now creating branded business accounts, where they can actively post any threats their group encounters. As with any open-source or social media-based community, these networks are most useful when there is a give-and-take from all invested parties.

Perfecting the Post

While these networks draw from a more generalized social media pool, the open-source threat intelligence community operates with its own set of rules and best practices.

When identifying threats, contributors should never disclose the victim of the attack. Particularly within the threat intelligence community where security is always priority No. 1, it is imperative to maintain privacy and establish good relationships built on trust, even when sharing things on a public forum.

The use of tags for identifying and categorizing different types or topics of posts is another vital element of proper posting. This is especially useful on sites like Twitter, where important posts can easily be overshadowed by the constant deluge of news and information. For example, simply searching #DynamicRAT in the search function results in a plethora of relevant threat intelligence, offering easy and quick access to relevant posts.

Threat intelligence posts are not meant to be homogenous, so the best “analyst influencers” are those who create a unique voice across their posts. This might mean linking to a more thorough blog post for certain threats or choosing to specialize in a particular attack vector that can help an analyst stand out as an expert in a niche area.

Invaluable intelligence

Of course, social media alone will not keep organizations safe. Ultimately, it is the strategic application of threat intelligence that helps keep cybersecurity airtight. Social media has proven to be an invaluable resource to distribute information quickly and cultivate a more informed generation of cybersecurity professionals, and enterprises should leverage this trend in developing modern, holistic security strategies throughout their entire security tool sack.

About the Author(s)

Igal Lytzki

Igal Lytzki is currently a Threat analyst & Incident Response team leader at Perception Point. Prior, he served as a Commander in the Israeli Air Force's Iron Dome division. With his background in programming and cyber, Igal has become an expert on all things malware, his interest fueled by the curiosity of understanding hackers and their methods. In his spare time Igal can be found on Twitter @0xToxin hunting malware.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights