Are crowd-sourced CTI datasets ready for supporting anti-cybercrime intelligence?

Cyber crimes rapidly increased over the past years, with attackers performing large-scale activities, using sophisticated and complex tactics and techniques, that have targeted governments, companies, and even strategic infrastructures. To tackle these attacks, the cyber-security community usually shares Cyber Threat Intelligence (CTI) that includes the collected Indicators of Compromise (IoC) using several open or private sharing platforms. In this paper, we study the informativeness and relevance of the IoCs related to cyber crimes following a major real-world event such as the war in Ukraine, which started in February 2022. To this end, we analyze different kinds of attacks available in a crowd-sourced dataset of Cyber Threat Intelligence (CTI) reports. Our analysis shows that while this data is able to capture major trends such as the ones following major events, the degree of miscellaneous information inside the reports makes it difficult to discern the association of a specific trace unequivocally.

Are crowd-sourced CTI datasets ready for supporting anti-cybercrime intelligence? Articles