Cyberattacks are devastating for the victims, regardless if these are individuals, companies, agencies, or government organizations. Finding out who is behind the attacks is crucial to take action against the threat actors and to prevent future attacks. This process is known as cyber attribution; the process of tracking, identifying and holding the threat actor(s) behind a cyberattack or other hacking exploit responsible.
Cyber attribution is a complicated process since threat actors must be identified, their activities have to be traced, and their affiliation with certain groups must be detected to map patterns of behavior that allow investigators and analysts to get insight into their motivation, (potential) targets and victims, business model, and conducted and planned cyberattacks.
Since the majority of their activities and communications take place online, threat actors use the architecture of the internet, specifically the dark web, to remain anonymous, obfuscate the origin of their cyberattack, and hide their tracks. This means that investigators and analysts must process huge amounts of web data from the surface, deep, and dark web to attribute the cyberattacks with a high degree of certainty with limited resources and budgets. Since threat actors operate across borders and know how to raise false flags by casting suspicion on other actors, an AI-powered WEBINT platform is needed that is easy to use and can handle the quantity and quality of data needed for evidence to ensure the integrity of the investigative process.
So how can a WEBINT platform play a crucial part in cyber attribution?
The WEBINT platform of Cobwebs will collect, analyze, and extract public data on all web layers, message boards, social media, etc. relating to the cyberattack automatically to provide executable insights. It also enables analysts and investigators to search for specific individuals and/or keywords to investigate certain online forums and market places on the dark web where threat actors and persons of interest might hide. Since even the savviest threat actors leave digital footprints, the sophisticated machine-learning algorithms and AI will analyze the collected data to de-anonymize the threat actors behind the cyberattack.
Overall, an AI-powered WEBINT platform functions as a Swiss army knife when it comes to cyber attribution, utilizing:
• Natural Language Processing (NL) algorithms for AI text and entities analyses in minutes.
• AI Sentiment Analysis, which enables analysts and investigators to determine potential cyberattacks by gaining insights into the sentiment of each instance and communication.
• Structuring Big Data, which consists of the transformation of unstructured data into structured data that can easily be sorted through.
• AI Image Analysis, which provides analysts and investigators with image recognition and automatic image detection to keep track of threat actors and get alerted when a relevant image reappears.
• Trends Search, consisting of the analysis of geo-trending hashtags and keywords to assist analysts and investigators to follow trends and receive relevant information.
• Machine Learning algorithms to improve AI capabilities in terms of text analysis and face recognition, providing analysts and investigators with faster and more reliable results.
Last but not least, the platform can trigger real-time alerts regarding certain malicious activities, individual threat actors, and their social and business networks to prevent cyberattacks and related activities.