There are a lot of scary presentations made by pentesters on security conferences. We’ll present our views and thoughts based on our research. We keep using them? The question reminds a similar question: is the AV dead? We saw today that were indeed seen yesterday."įollowing our claim a key question raises: how effective are indicator blacklist and should Tail claim: "We saw more threats today that weren’t seen at all yesterday, than the threats Our set aim was to validate the long tail theory for cyber threats, and paraphrasing the Long We also comparedĭifferent top-level domains for the purpose used by these newly registered domains, inĪddition to the different statistics for each one. Surprising facts on the statistics of usage of newly registered domains. The domain and from which geo-locations.Then we analyzed our results and came up with The monitoring process checked forĪctivity in the domain, such as: IP registration, HTML content, OSINT tracking, who resolved Registered, and kept monitoring them on a daily basis. In our research, we monitored a large set of newly registered sites as soon they were The campaigns are built from low-visibility domains which, by definition, are very The feeds creators do not encounter most of the long tail of cyber threat indicators, since Only a portion of the attacks seen and analyzed by security professionals on a daily basis. Only a small portion of those will make it into one of theĭozens threat intelligence community or commodity feeds. Everyĭay there are hundreds of thousands of new domains registered, many of which are usedįor scamming and cyber attacks. We found that the Long Tail theory is relevant for threats coming from the internet. Use of the phrase “the long tail” theory in business as "the notion of looking at the tail itselfĪs a new market" of consumers was first coined by Chris Anderson, editor-in-chief of Wired He has a passion for Ruby on Rails and has built numerous tools and applications for analysis and consumption of threat intelligence and security data. Josh Porter is a Software Engineer at McAfee with a specialty in building data-driven threat intelligence applications. A speaker at Defcon, Hope and other Security and Hacker Conference. He has performed numerous security assessments and responded to computer attacks for clients in various market verticals. Marco Figueroa is a senior security analyst at Intel whose technical expertise includes reverse engineering of malware, incident handling, hacker attacks, tools, techniques, and defenses. Eddings has leveraged user behavior analytics to identify and track anomalous network activity. Eddings has created a wide variety of security tools in efforts to automate the identification of malicious activity. Ronald Eddings is a Cyber Fusion Analyst with a diverse background in Network Security, Threat Intelligence, and APT Hunting.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |