Threat Intelligence

Our Approach

At Q6 Cyber, we believe in proactive, intelligence-enabled cybersecurity. We believe that in order to adequately defend against increasingly sophisticated adversaries, companies must gain early visibility of their adversaries’ malicious activities, plans, tools, and relationships. Military, law enforcement, and physical security forces require intelligence to make optimal offensive and defensive decisions, and cyber crime is no different.

Our Objectives

Early Detection – Identify cyber and other threats targeting our clients before an attack is executed. We help our clients answer the following questions: Are we a target? What attacks are being planned? Who is behind these attacks? What can we do proactively to eliminate the threats?

Rapid Breach Response – Accelerate discovery of an information security breach and act quickly to minimize damage and recover compromised data. We help our clients answer the following questions: Has there been a data breach? What sensitive information is now compromised? What is the source and scope of the breach? Who is behind the attack? What can we do to minimize damage?

Our Methodology

We continuously monitor multiple public and restricted data sources to collect relevant threat information. We then analyze and correlate the data to produce targeted and actionable intelligence. The international threats we monitor may be directed against organizations, people, events, or other assets, and in some cases may involve a physical element. The intelligence is updated continuously, allowing us to identify and respond to advanced cyber threats with greater speed, accuracy, and effectiveness.

Our Sources

Our sources of intelligence include the following categories, much of which is not publicly accessible:

  • The Darknet – Anonymizing computer networks with restricted access that are extensively used for illegal activities, such as the trading of stolen credit cards, debit cards, and other personal information, copyrighted media, pirated software, and malware programs. Popular darknets include Tor, Freenet and I2P.
  • The Deep Web – The portion of World Wide Web content that is not indexed by standard search engines and thus hidden from the public, because it is stored in password-protected sites, in a database, in HTML pages many layers deep with complex URL addresses, or other reasons. The Deep Web is believed to be thousands of times larger than the public Web.
  • Paste sites – Text-sharing sites such as Pastebin and Pastie, originally created to share chat logs and code snippets. Paste sites have become very popular with hackers, who sometimes post stolen data and credentials on such sites.
  • Hacker forums – Underground chat rooms, Internet Relay Chat (IRC), and boards used to exchange ideas, know-how, and stolen information.
  • Social media – Sites such as Facebook, Twitter, Google+, Weibo (China), and VK (Russia), among others. Some communications occur in private groups.