Finding Cryptocurrency Attack Indicators Using Temporal Logic and Darkweb Data
This addresses cybersecurity risks for cryptocurrency stakeholders, but it is incremental as it builds on existing methods.
The study tackled the problem of identifying cyber threats targeting cryptocurrency traders and exchange platforms by analyzing hacker activity from over 400 darkweb forums, finding that certain observed activities make subsequent incidents at least twice as likely to occur.
With the recent prevalence of darkweb/deepweb (D2web) sites specializing in the trade of exploit kits and malware, malicious actors have easy-access to a wide-range of tools that can empower their offensive capability. In this study, we apply concepts from causal reasoning, itemset mining, and logic programming on historical cryptocurrency-related cyber incidents with intelligence collected from over 400 D2web hacker forums. Our goal was to find indicators of cyber threats targeting cryptocurrency traders and exchange platforms from hacker activity. Our approach found interesting activities that, when observed together in the D2web, subsequent cryptocurrency-related incidents are at least twice as likely to occur than they would if no activity was observed. We also present an algorithmic extension to a previously-introduced algorithm called APT-Extract that allows to model new semantic structures that are specific to our application.