As cybersecurity and robust threat defense management comes to the forefront in the battle against cybercrime, there is seemingly no end to the flurry of incident reports, alerts and advisories, news, and cyber threat intelligence received and analyzed by security experts and professionals daily. Documents containing information about a new malware, threat or attacker are often peppered with suspicious or malicious URLs linked to these threats for further analysis.
However, these links are potentially dangerous given that anyone can accidentally click on them and be potentially affected by the threat themselves, leak data or compromise their system and network. Even if a meticulous user ensures the document does not include any dynamic links, many applications often detect and automatically convert them into real, live links, potentially putting their recipient(s) at risk.
Cyware has now incorporated a new fang-defang tool to help analysts convert live malicious links into a safer “defanged”, readable format and vice versa.
Defanging is a reliable way to share these malicious URLs without endangering the recipient by changing the URL and removing its clickability. For example, a fictitious, suspicious website www.frostybluecoco.com that may lead to spam can be defanged to remove the HTML but still make it readable and understandable to the reader. In this case, www.frostybluecoco.com (fictitious website, do not click on it) may can be replaced with www[.]frostbluecoco[.]com. Similarly, suspicious IP addresses can also be defanged. For example, a suspicious IP address named 188.8.131.52 may be converted to 216[.]3[.]128[.]12 and vice versa should the analyst require the original IP address for analysis.
Given that analysts often parse through hundreds of malicious websites on a daily basis, defanging these links one by one can be a tedious and time-consuming process.
Instead, an analyst looking to share more information about malicious websites with his/her peers can easily safely do so by using CTIX’s fang-defang tool to change the link into a safe, readable format. Now, the analyst can share documents that include the malicious URL without fear of accidentally distributing the threat or accidentally clicking on the link himself.
On the other hand, an CTIX-using analyst who receives multiple defanged links and wants to collect and investigate these domains easily can convert them back into live links using the same tool.
CTIX offers a streamlined, comprehensive platform for organizations and security analysts to receive, exchange and further investigate structured cyber threat intelligence. By integrating this new tool into the platform, CTIX helps reduce the dreaded analyst fatigue, enhances security posture and improves interoperability in the exchange of real-time threat data.
Posted on: May 12, 2018