Simplify threat intelligence sharing

Protecting the community from online crime

The concept of information sharing to combat physical crime has existed for decades, long before the birth of the internet. As the virtual world evolved, it brought along an unwelcome guest: the cybercriminal. The same threat-sharing mindset that can provide an edge against crime in the real world was brought to life in the cyber world, as well, with multiple organizations springing up to better protect companies (and their customers) from online criminal activity.

Now that philosophy has leaped even further with the development of the Los Angeles Cyber Lab—an online community that combines the power of shared threat intelligence from private industry, government organizations, and everyday citizens. The result: a first-of-its-kind powerful arsenal that better protects business, public sector agencies and Los Angeles residents from increasingly sophisticated cybercrime.

Los Angeles: an attractive target

The city of Los Angeles provides a host of services to citizens—from access to public records, permit and license applications, education, infrastructure, health and human services —to name a few. Many of these services, in part or in whole, have been digitized, providing easy access for citizens and businesses.

At the same time, digitization of public sector information provides a uniquely attractive lure for online predators, who often find the trove of unique data held by state and local agencies fetches a lucrative price—whether it’s held hostage in a ransomware attack, or wholly appropriated and sold. The data held by the city of Los Angeles and surrounding metro areas—with its rich diversity of large corporations, expansive population, and high profile—makes it an attractive target.

When it comes to defending against a quickly changing threat landscape and rapid-fire, sophisticated attacks, data alone is insufficient for protecting large populations. However, threat intelligence, when cultivated from a vast pool of trusted contributors, has the potential to change the game quickly on cybercriminals. That data can be taken even further, curated and converted into meaningful knowledge—which means everyone can act quickly and decisively to prevent cybercrime.

“We wanted to help the business community by providing threat intelligence, and we realized that we needed to automate that, and we knew we couldn't do it alone.”

— Joshua Belk, Executive Director for the L.A. Cyber Lab

L. A Cyber Labs

Facelessness of cybercriminals

Securing the Internet of Things is a challenge

When a physical crime occurs in city streets, law enforcement can quickly respond with myriad physical forces to help protect citizens and businesses. Crime investigators often have insight and physical evidence about a criminal’s tactics and motives, allowing law enforcement to use that information for future crime prevention. In contrast, cybercrime often has no obvious or immediate indications of how an attacker breached a system and what data was stolen or destroyed.

As cybercrime continues to evolve, attackers have a never-ending supply of vulnerabilities to exploit or potential victims to target in social engineering attacks. Threat actors are an opportunistic group and have a catalog of thousands of vulnerabilities available for potential exploitation. However, scan and exploit attacks only accounted for roughly one third of the top access vectors for cyberattacks in 2019, according to the 2020 X-Force Threat Intelligence Index.2 Other cyber criminals prefer stealing legitimate credentials through phishing attacks to gain access. The use of legitimate credentials enables attackers to hide in plain sight and makes detection even more challenging.

Without valid or trustworthy information, local businesses, communities and concerned citizens can be overwhelmed by an attack and look to state, local and federal government agencies to mitigate or investigate cybercrime.

“Ransomware attacks have reached the point where governments need to place an importance on them and develop response plans, similar to how they handle states of emergency.”

— Wendi Whitmore, Vice President X-Force Threat Intelligence, IBM Security

State Local Government