Enterprise IT Context for the CTO

Bob Gourley

Subscribe to Bob Gourley: eMailAlertsEmail Alerts
Get Bob Gourley via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: iPhone Developer

Blog Feed Post

Another Great Example Of Pattern Analysis Over Hacker Activity

Recorded Future has just posted another nice piece of analysis on the cyber threat. This one in particular deals with interesting patterns which can be observed in hacker forums.

Summary of the analysis:

  • Forums can be analyzed at traffic level, without an analyst knowing foreign languages or tracking individual posts. Analysts can detect patterns in timing, forum participant product and vulnerability, etc. and use this knowledge to determine whether forum participants are a threat. Further, such insights can be used to set up appropriate alerting based on forum activity and help network defenders keep pace with developments around vulnerabilities and exploits.
  • We analyze a prominent Russian hacker forum at the message traffic level with a dataset spanning 900 days. Forum language is by far dominated by Russians and forum product focus reflects general perceptions with focus on Microsoft and Flash but also perhaps a bit surprisingly Linux. On the other hand mobile platforms like iPhone and Android are less in focus.
  • The old saying of “Patch Tuesday … exploit Wednesday” is strongly reflected in the data. Forum message traffic lights up on Wednesdays.

The conclusions of this analysis underscore that in some cases alerts can be set up to provide advanced warning of certain kinds of activity. \

For more see: Hacker Forum Traffic Analysis: ‘Patch Tuesday … Exploit Wednesday’ and Other Patterns

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com