CYBER THREAT INTELLIGENCE

Authored by
Alex Mendez
CYBER THREAT INTELLIGENCE
Cyber threat intelligence is the process of collecting and analysing information about potential cyber
threats. At Remora this is potentially one of the most time consuming, elements of the cyber
security we deliver for our clients, as it includes identifying and tracking the activities of individuals
or groups who may pose a threat, as well as analysing the tactics, techniques, and procedures (TTPs)
that they use. The goal of our cyber threat intelligence is to provide decision-makers at our clients
with actionable information that can be used to prevent, detect, and respond to cyber attacks.

At Remora we split our threat intelligence into two main types of cyber threat intelligence: strategic
and operational.

 Strategic cyber threat intelligence focuses on long-term trends and provides high-level
information that can be used to inform an organisation's overall security strategy.
 Operational cyber threat intelligence, on the other hand, focuses on more immediate
threats and provides specific, actionable information that can be used to protect against
current or imminent attacks.

Remora cyber threat intelligence is typically gathered from a variety of sources, such as monitoring
internal sources including network logs and system data, and analysing malware, and includes open-
source intelligence, commercial intelligence providers, and internal sources such as network logs and
system data. Remora also goes a bit further, by participating in online hacker communities, which
may seem counterintuitive but does provide valuable insights into emerging threats, tactics,
techniques, and procedures being used by hackers. and vulnerabilities. Remora also conduct social
engineering experiments such as phishing and pretexting to gain valuable insights into how
vulnerable their employees are to these types of attacks, as well as identify areas where additional
training and education may be needed.

Remora also utilise machine learning and artificial intelligence to identify patterns that may indicate
a potential threat, and dark web monitoring to gain insights on potential targets of hackers and to
identify if data or systems may have been compromised, and the compromise is being bragged
about.

Sharing of information with clients and partners makes Remora better prepared for potential cyber
attacks, and as such we will analyse information from almost any source. What is rare is to gain
information from organisations that are not partners or clients, as it is very unusual for corporate
entities who are not in the tech or cyber space to reveal information about potential attacks.
However, there are some companies who share cyber threat i8nformation and one of the best I have
seen recently is OpenTable. There is a scam in the UK in which diners are being vished and those
without the requisite knowledge may well fall for their attempts to repay a deposit to the card used
to pay for dinner. OpenTable has done an excellent job in posting information on their website, and
social media to explain the potential attack, and to set out processes to follow as a restaurant or
diner.
Rather than explain the potential vishing attack myself, the best breakdown is to be found here

https://www.opentable.co.uk/blog/scams-targeting-the-hospitality-industry/

Sharing information about cyber threats can be beneficial to both individual organisations and the
broader cyber security community. Companies such as OpenTable clearly see cyber security as a
shared responsibility, and by sharing information about threats help to enhance the collective
defence of the broader cyber security community. By sharing information about the latest threats
and attacks, OpenTable help others to better protect their own systems and data. By working
together, organisations can gain a more comprehensive understanding of the threat landscape and
develop more effective strategies for mitigating risks.
REMORA PROTECTS AGAINST