July 20, 2016
Joe Franscella

What Open Source Threat Intelligence Means For Hackers

<p>Hackers routinely invade our network defenses using deception tactics. We are bombarded with messages crafted to fool us into installing malware or volunteering login credentials. One way to respond to these threats is to deceive hackers in return by deploying honeypots. Sorting out legitimate traffic from suspicious visitors used to be a great challenge until the concept of setting out a decoy was introduced.</p><p>When interacting with a honeypot, cyber-criminals leave digital evidence. Looking at the source of the traffic, the timing of activity, and considering that in context with what they were trying to access is quite telling. Comparing the data in your honeypot history against other documented honeypot visitors reveals clues about the source of the threat. Considering which assets were accessed and how they were interacted with reveals insight into the hacker’s methods and motivations.</p><p>There was a time when it was a free for all against under-defended SMEs, but that gap has been shored up. Targeting smaller businesses is becoming more difficult as sophisticated solutions are more feasible. Open source software programs are free to download and use. Created in the spirit of cooperation and innovation, open source threat intelligence platforms, like the <a href="https://www.anomali.com/blog">Modern Honey Net</a>, make this technology fungible for small and medium size businesses.</p><p>Tools for open source threat intelligence can be used in a wide variety of applications. They are not classified by their particular form, rather by their use as a deception trap. Low interaction honeypots can work outside the firewall where they detect general online threats. Scanning the net for vulnerable servers, hackers will discover an accessible server or website and explore it. Inside of the firewall, honeypots detect successful breaches as well as insider threats. Corporate intelligence is a <a href="http://www.inc.com/magazine/201302/george-chidi/confessions-of-a-corporate-spy.html" target="_blank">$30 billion dollar industry</a>, an unknown portion of which is performed online illegally. Monitoring a file designated as sensitive or proprietary info for unauthorized or oddly timed access is a simple example of the honeypot principle at work.</p><p>In the process of setting up open source threat intelligence, the organization must first look critically at itself. Identifying assets and potential threats render the user more aware of vulnerabilities and potential threat sources. More widespread use of honeypots means hackers operate under greater scrutiny. Reasonably expecting to be detected, hackers are taking extra steps to avoid detection. Taking the extra effort to conceal their location or waiting to space out attacks makes cyber-crime a little more labor intensive. Even if detected, honeypots are still a deterrent. When hackers run risk of being exposed, they are likely to resort to other methods.</p><p>When blunt force attacks on your network don’t yield results, cyber-criminals must rely on human error. Sending phishing emails to a target’s employees will generally work after a few tries. In some cases the cyber-criminal must resort to <a href="https://www.fbi.gov/file-repository/elicitation-brochure.pdf/view" target="_blank">chatting up those in the know</a> hoping they will reveal secrets. The harder you make it to penetrate defenses around your information, the less enticing of a target you become.</p><p>Studying hackers using open source threat intelligence has created a challenge many embrace with zeal. It is possible for hackers to exploit a honeypot if they discover it. High-interaction honeypots can potentially be hacked and used to deploy threats to others. Low interaction honeypots can be fed misleading information intentionally. So take care to set your traps carefully, and reconfigure them if discovered.</p><p>Possibly the greatest advantage of open source threat intelligence is the collective <a href="https://www.anomali.com/blog/threat-intelligence-platforms-tracking-more-than-just-threats">pooling of data about threats</a>. The more users contributing data collected from their networks, the stronger that base of information becomes a tool for identifying threat actors and their means. Crowdsourcing a reference file of millions of threat indicators is like a super-powered global most wanted list.</p><p>Learning about what forces are working against you is your best bet for protecting your data and the organization which depends on it. Why wait to adopt open source threat intelligence when it has never been easier to harness?</p><p>Make sure this doesn&#39;t happen to you. Build a Threat Intelligence program today! Download our complimentary whitepaper and learn how.</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-f68f0b2e-fb62-48eb-acd6-8b2ad6455083"><span class="hs-cta-node hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" data-hs-drop="true" id="hs-cta-f68f0b2e-fb62-48eb-acd6-8b2ad6455083" style="visibility: visible; display: block; text-align: center;"><a class="cta_button " cta_dest_link="{page_3451}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=0a81b108-0c35-466f-8ccb-36ff661bc040&placement_guid=f68f0b2e-fb62-48eb-acd6-8b2ad6455083&portal_id=458120&redirect_url=APefjpH3vvWO6EbTyThOEDUXhiGAHpwTrQoq2QNDfCGItfRRbauRH-xNDeWXTmo2CmkQI1qvrHf9aHeFQjIEGG8-Tyz6-o2K46PJb8YDTHwMzoi2IUhv690L6mfNYDEMA_NI2BsFvmQlPeH8H42w37oG33P7jhqvKqFdOB3AnrkklqdFQN78zELb-GTWXGjHCQWSe42Cx4KQpyle0BYnyCi_e35cS1vR7JOmmvKDY2Q-gdhXYqeZqBxBmqlurW4NGXrHs0wzX9RagVVgKtW74R4GFLUdMRN9r5XhAG8IPjpdpxK38lv-3rIrpeZapuD2elD126zgiAP3cJyrffuTab2NruoSAUBt-w&hsutk=2767d93d6471d657e0c9f660e4b58ef8&utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fwhat-open-source-threat-intelligence-means-for-hackers&canon=https%3A%2F%2Fblog.anomali.com%2Fwhat-open-source-threat-intelligence-means-for-hackers&pageId=4423279460&__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478822660171.1478831861868.179&__hssc=41179005.77.1478831861868&__hsfp=1335165674" id="cta_button_458120_0a81b108-0c35-466f-8ccb-36ff661bc040" style="margin: 20px auto;" target="_blank" title="View It Here">View It Here </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, 'f68f0b2e-fb62-48eb-acd6-8b2ad6455083', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.