Leveraging Open Threat Exchange (OTX) to Understand Spatio-Temporal Trends of Cyber Threats: Covid-19 Case Study

TL;DR

This paper analyzes the spatio-temporal evolution of cyber threats using data from Open Threat Exchange, revealing patterns and the impact of COVID-19 measures on attack behaviors across countries.

Contribution

It introduces a comprehensive analysis of global cyber threats, modeling attack spread patterns and assessing COVID-19's influence on threat dynamics.

Findings

Identified most targeted countries and common malware types.

Modeled attack spreading using probabilistic transition graphs.

Found COVID-19 measures affected cyber threat patterns.

Abstract

Understanding the properties exhibited by Spatial-temporal evolution of cyber attacks improve cyber threat intelligence. In addition, better understanding on threats patterns is a key feature for cyber threats prevention, detection, and management and for enhancing defenses. In this work, we study different aspects of emerging threats in the wild shared by 160,000 global participants form all industries. First, we perform an exploratory data analysis of the collected cyber threats. We investigate the most targeted countries, most common malwares and the distribution of attacks frequency by localisation. Second, we extract attacks' spreading patterns at country level. We model these behaviors using transition graphs decorated with probabilities of switching from a country to another. Finally, we analyse the extent to which cyber threats have been affected by the COVID-19 outbreak and sanitary measures imposed by governments to prevent the virus from spreading.