Using threat trends to protect network resources:
The threat landscape is developing faster than the usual rate of security analysis
Taking advantage of threat intelligence to improve an organization's security posture should be an essential component of any security strategy.
Security-focused organizations produce an increasing number of threat reports and they occur annually, quarterly, monthly, weekly and even daily. These reports often contain critical information about the latest trends, targets and tactics used by the cybercriminal community.
Tools and Threat Trends
Active threat feeds from security researchers, vendors, regional and vertical organizations can be leveraged by tools such as SIEMs and integrated into SOCs to ensure that systems are continuously attuned to the latest threat trends.
Analyzing threat trends, especially those collected from live production environments, can provide security professionals with insights into how to better protect their organizations against the latest cyber threats.
Cybercriminals tend to work in packs
One of the most interesting insights gained from analyzing recent data collected during the first quarter of 2019 ( PDF ) is that cybercriminals tend to work in unorganized packages. If an exploit or attack vector seems to have worked for one criminal, you can safely assume that there will soon be a swarm of attacks targeting the same thing. This is a high-level trend that anyone familiar with security can see.
Large-scale package behavior
O WordPress is the world's leading CMS (Content Management System), used to create hundreds of millions of websites. It's a fact that data stored on websites has a high value on the black market and the WordPress is a frequent target of attacks. When we recorded more than 100,000 attacks targeting this application in the first quarter, it wasn't a big surprise. There was also an increase in attacks targeting CMS systems from other developers, including those developing third-party plug-ins.
This information may have been overlooked by some analysts. The total number of attacks targeting each CMS was comparatively smaller than the number of attacks targeting the largest player in the space.
Granular package behavior
This behavioral packaging trend is not just limited to large attacks overflowing into related areas. It also seems to occur in some of the more granular details of attacks.
Almost 60% of the threats analyzed in the first quarter of 2019 shared at least one domain used at a specific point in an attack chain. Many attacks also tend to use the same web providers over and over again.
The first is that cybercriminals pay close attention to each other. They interact on obscure web forums, share code and strategies and even reverse engineer each other's tools. And when things work, be it an obfuscation technique or a web domain provider, they are reused.
Secondly, these patterns can be used to identify attacks. Traffic going back and forth between a device and a web domain and that domain is hosted by an ISP is often used by cybercriminals.
read on... http://ftnt.me/0DE131
