Cyber Threat Intelligence and IoCs and IoAs Search on the Dark Web

Abstract

Through cyber threat intelligence (CTI), information is collected and analyzed from the surface web, deep web, and dark web. Threat intelligence refers to the knowledge, context, and insight gained by analyzing a wide range of physical, geopolitical, and cyber threats. CTI specifically involves the collection, processing, and analysis of data, leading to an understanding of the motivations, targets, and attack methods of threat actors. CTI helps facilitate faster, better-informed, and data-driven security decisions. It enables a shift from reactive defense to proactive engagement against threat actors. In the context of cybersecurity, various indicators are used. The indicators that are most used are Indicators of Compromise (IoC) and Indicator of Attack (IoA). The collected observational data is used to understand the attacker's motivation for the attack and to predict their future actions. This provides the necessary perspective for decision-making to organize defense from reactive to proactive action. This study analyzes the role of the dark web as a source of IoC and IoA, as cyber threat actors primarily operate and communicate on dark web platforms. The dark web is a part of the deep web that is intentionally hidden and inaccessible through regular web browsers. Using the dark web allows for nearly complete anonymity online by encrypting data packets and routing them through several network nodes.