Home / Blogs

Threat Intelligence Platform in Action: Investigating Important Use Cases

Jonathan Zhang

As technology gets more and more sophisticated, tech-savvy cybercriminals are having a field day devising increasingly ingenious ways to steal confidential data from ill-prepared targets.

What this means is that an equally sophisticated cybersecurity response is needed to keep attackers at bay. This would involve re-examining reactive cybersecurity practices and adopting a proactive approach towards an active search for risks and vulnerabilities with the help of threat intelligence (TI).

However, it's crucial to remember that the efficient deployment of threat intelligence tools requires a proper acknowledgment of their capabilities. And the best way to learn about them is to examine the variety of TI's use cases. We've already covered this topic in our post 5 More Examples of Threat Intelligence Platform Use Cases. Now in this article, we're going to take a closer look at some of them.

Use Case 1: Catching Phishers

Cyber threats sometimes emerge from familiar sources. Just recently in February 2019, a Payoneer user (and probably hundreds of others) was surprised to receive emails from this digital payment service notifying him about unexpected payments in his favor and thus prompting him to log in on pages strikingly similar to payoneer.com.

Investigators can subject such messages to thorough threat intelligence analysis that scrutinizes different parameters. In our case, the evidence pointed out to a phishing attack. Some important red flags discovered in the WHOIS records' and the SSL configurations' feeds of the TI report included the use of newly-registered domains with hidden owners' contact details and recently acquired SSL certificates — suggesting that the websites were created specifically for this attack.

Use Case 2: Defusing Malware

In the beginning, computer software was created to help businesses do their work faster and better. But then came the hackers who created malware and used them notably to steal sensitive data, delete confidential files, and even cause company operations to shut down. How do you stop it?

A threat intelligence platform can disarm malware attacks by conducting a domain malware check which allows running a suspicious domain through multiple security databases to verify if it is considered dangerous in any of them. Target websites can also be scanned for potentially dangerous .exe or .apk files capable of running malicious code.

Use Case 3: Exposing Social Hacking

We've all heard of corporate websites being hacked, but there's a new phenomenon called social hacking where perpetrators aim to cause damage to the reputation of their targets. To achieve that, they troll social media accounts, post negative messages, or pretend to be the company's representatives to scam people.

A threat intelligence platform can prevent social hacking by analyzing data feeds from WHOIS and malware databases to help spot fake social media profiles as well as allow the deep examination of the links that hackers tempt netizens to click or download since these may contain malware and viruses.

Use Case 4: Unmasking Impostors

How many times have employees been tricked into releasing huge company funds by somebody assuming a fake identity? Many times, apparently, since damage from business-email compromise (BEC) scams reached $12.5 billion last year, according to the FBI. How can you put a stop to this threat that could bring your company to its knees?

A threat intelligence platform can unmask impostors by examining their domain history. Warnings can be raised, for instance, if the target being investigated has changed domain ownership multiple times in a short period of time. Another technique is to verify the validity of its SSL certificates, paying particular attention to recently-acquired certificates which are often indicative of a malicious entity preparing for an attack.

* * *

The threat landscape is getting increasingly dangerous, and it demands a proactive defensive response. Deploying threat intelligence makes it possible by putting the most essential cybersecurity measures at your disposal.

By Jonathan Zhang, Founder and CEO of WhoisXMLAPI & ThreatIntelligencePlatform.com
Follow CircleID on
Related topics: Cybersecurity

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.



Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias


Sponsored byWhoisXML API


Sponsored byVerisign


Sponsored byThreat Intelligence Platform

IP Addressing

Sponsored byAvenue4 LLC