UNSW experts use social media data to develop modelling to strengthen cyber threat intelligence.
2022 proved to be a rough year in the cybersecurity space.
While cyber warfare played out in global markets, Australia was also hit with its own kind of cyberattacks. Last year, Optus reported its system had been hacked, exposing the personal details of its 9.7 million customers. Weeks later, Medibank suffered a similar fate.
Defending cyberattacks have become increasingly difficult as cyber attackers are continuously evolving their strategies and techniques to bypass the security mechanisms deployed by the targeted organisations.
However, UNSW cybersecurity experts Professor Sanjay Jha and Dr. Jiaojiao Jiang have developed new modelling to help businesses strengthen their cyber threat intelligence.
The model is used to help funding partner, Avertro, toughen its own Cyber Management Decision System platform called CyberHQ. Aimed at supporting businesses with their cybersecurity capabilities, the platform can also identify, track, and manage cyber risks for executives at the business level, as well as cybersecurity teams at the technical level.
"In today's modern world, businesses need to keep up with the latest cyber threat intelligence to withstand any chance against an attack," says Prof. Jha, Director of UNSW Institute of Cyber Security.
"Our aim is to use the latest cyber security research and translate it in a way to empower businesses to make informed decisions - which will ultimately benefit the public."
Cyber whispers
Many corporate cybersecurity programs on the market usually draw data from either internal sources or external sources.
However, this poses two major limitations: most of them provide scores and metrics that are mainly derived from one type of source, either internal or external sources, and secondly, they are incapable of learning the dynamic evolutionary patterns of cyber threats.
To address this, the modelling inputted into Avertro CyberHQ draws from both internal sources such as system logs, network equipment, boundary security devices, and antivirus systems, and external sources such as popular social media platform, Twitter. It uses artificial intelligence to learn patterns of cyber threats and grades the business according to the predicted level of risk it poses.
Why the focus on social media as another source? Dr. Jiang says they typically see cyber security experts, and even the hackers themselves, discuss crucial technical information about trending attacks and new and emerging cyber threats on social media, blogs, and forums.
"What we've found is that there is usually online chatter within the hacker network about potential threats before a cyberattack takes place," says Dr. Jiang.
"We're taking advantage of this behaviour by listening and analysing this information and feeding it into Avertro's CyberHQ to empower businesses using the platform to make informed cybersecurity decisions.
"The modelling gathers all this chatter about the attack and determines how much of a risk it poses to the business," she says.
"For example, if we're seeing talk online about a potential threat to Outlook, CyberHQ then warns businesses that also use Outlook."
Ian Yip, CEO and Founder or Avertro and UNSW Software Engineering alumnus, says cyber security is no longer just a technical issue and that cybercriminals have made it a business and social issue.
"Industry is not evolving fast enough, which is why we have seen an increase in the number of cyber incidents," he says.
"Good cyber resilience is only possible with the right culture within an organisation, and culture in any place is dictated by its leaders."
Cyber landscape
Findings from the Australian Cyber Security Centre (ACSC) 2021/2022 Annual Cyber Threat Report found there was increase in the number and sophistication of cyber threats, making crimes like extortion, espionage, and fraud easier to replicate at a greater scale.
In that year alone, the ACSC received over 76,000 cybercrime reports, an increase of nearly 13 per cent from the previous financial year.
What happened with Optus and Medibank last year should be taken as a big wake up call for other businesses to take cybersecurity more seriously, warns Prof. Jha. He says cases of identity theft are on the rise in Australia, and around the world, and the public should be reassessing how much personal information they willingly share.
"In a time where anything, including buying groceries, can be done in the palm of your hand, it's meant people are left to trust external parties with private information," he says.
"We've entered this tricky period where it's normal for a business to ask for your birthday when you're buying something online or set pop ups when you visit their website asking you to sign up to their newsletter.
"Why would a retailer need to know my birthday? It's very unnecessary.
"What we should be doing is sharing our details on a needs-to-know basis and there should be expiration dates on collected data.
"I do not want a company sending me emails 10 years down the track about their product because I used their services once."