Threat Intel & Info Sharing

NSA Recommends Data Sharing Framework

NSA Recommends Data Sharing Framework

The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. In order to decimate a cybercriminal’s ROI on developing tools and attack playbooks, Ziring is calling...

Ransomware Attacks are Rarely Being Reported to the FBI, Latest Data Shows

Ransomware Attacks are Rarely Being Reported to the FBI, Latest Data Shows

An absurdly small number of companies affected by ransomware reported the incidents to the federal government last year, newly released FBI data shows. While more than a third of all ransomware infections occurred in the U.S. last year, according to U.S. cybersecurity firm Symantec, the FBI’s Internet Crime Complaint Center (IC3) only “received 2,673 complaints identified as ransomware” in...

Is Threat Intelligence Sharing the New Normal?

Is Threat Intelligence Sharing the New Normal?

Individual organizations in high-risk sectors may endure numerous attacks. While the volume and persistence may be frustrating, each attack results in a greater understanding of the adversary — but only when it is shared. The spirit of cooperation seems to be taking hold. Not only are threat intelligence services thriving, but there are organizations now that exist for the sole purpose of...

NSA-Backed OpenC2.org Aims to Guard Systems at Machine Speed

NSA-Backed OpenC2.org Aims to Guard Systems at Machine Speed

The dynamics of a cyberattack often include speed, automation, and adaptive tradecraft. Mounting an effective defense, however, isn’t always fast enough. To help even the score, a group led by the National Security Agency called OpenC2.org is developing an open, standardized computer language for the command and control of computer defenses. “The attackers are attacking at the speed of light,...

Forget About the Malware, Go After the Attacker’s TTPs

Forget About the Malware, Go After the Attacker’s TTPs

Nearly everything used by the attacker is now disposable, making most threat data and traditional anti-virus techniques almost useless. What should defenders look for, then? And which defense techniques should they employ? The answer is: attacker’s tactics, techniques, and procedures (TTPs). The great majority of criminal hackers will always try to get the largest possible payoff through the...

When Threat Intelligence Is the Solution to Drowning in Security Solutions

When Threat Intelligence Is the Solution to Drowning in Security Solutions

The Ovum report finds that an overwhelming number of financial institutions, especially Tier 1 and 2, deploy between 100-200 disparate security solutions. Security teams are overwhelmed with sifting through and prioritizing the vast amounts of alerts that each security tool is often generating with limited threat intelligence sharing between the various tools in a cohesive and adaptive manner....

NYT: U.S. Banks, Corporations Establish Principles for Cyber Risk Ratings Firms

NYT: U.S. Banks, Corporations Establish Principles for Cyber Risk Ratings Firms

More than two dozen U.S. companies, including several big banks, have teamed up to establish shared principles that would allow them to better understand their cyber security ratings and to challenge them if necessary, the U.S. Chamber of Commerce said. Large corporations often use the ratings, the cyber equivalent of a FICO credit score, to assess how prepared the companies they work with are to...

The Hazards of Hunting Cyber Threats with Artificial Intelligence

The Hazards of Hunting Cyber Threats with Artificial Intelligence

Developing accurate malware detection products based on good behavior modeling or hunting is not easy. It is necessary to collect and analyze a huge amount of data. And AI never tires, scales in extraordinary ways to handle very large datasets, and can automatically generate baseline models of normal behavior. Overcoming False Positives: The false positives problem lies in the fact that...

  • More at CBR
  • |
  • |
Preparation, Collaboration Helped HHS Through Ransomware Threat

Preparation, Collaboration Helped HHS Through Ransomware Threat

Adriane Burton, the chief information officer at Health Resources and Services Administration (HRSA) in Department of Health and Human Services (HHS), said she was on several calls about WannaCry. She said one of the reasons HHS and HRSA fared so well was the planning it had done over the last few years to prepare for such an event. “We knew about the event early on because of our security...

CISO: How Operational Cyber Threat Intelligence Fits into Security Program

CISO: How Operational Cyber Threat Intelligence Fits into Security Program

Operational threat intelligence is a level down from strategic CTI, and really articulates information and analysis on intelligence at the campaign level. At the operational level, adversary capabilities (in the form of tactics, techniques and procedures) as well as intentions are identified. Additionally, this is where the analysis of actor capabilities and the opportunities presented by the...

Most Organizations Not Happy with Threat Intelligence

Most Organizations Not Happy with Threat Intelligence

Information Security Forum survey finds just one quarter of companies surveyed say threat intelligence technology is delivering on its promise. With an eye toward gaining intel about attacks from adversaries, the vast majority of companies have threat intelligence in place but only a quarter are achieving the desired business goal, according to a report released June 15 by the Information...

Hacking Threat Rising as Countries Fail to Unite, Cybersecurity Leader Warns

Hacking Threat Rising as Countries Fail to Unite, Cybersecurity Leader Warns

Cyberattacks are going to get worse, and such vital civilian infrastructures as electricity, telecommunications and transportation will be a new battleground for cybercrime as nations fail to cooperate effectively to block the threat, Eugene Kaspersky warned. The security of these systems should be “a matter of national priority, because their protection is a matter of national security,” he...

NSA's New Open Language for Cyber-defenses to Aid Interoperability

NSA's New Open Language for Cyber-defenses to Aid Interoperability

Led by the NSA, a group of cybersecurity experts and vendors has been busy behind the scenes for more than a year, developing an open, standardized computer language for the command and control of cyber-defenses — OpenC2. The idea of OpenC2 is to let different elements of cyber-defense technology communicate at machine speed — regardless of whether or not they are made by the same vendor and...

Incident Response Can Be Improved with SOPs for Cyber Threat Intelligence

Incident Response Can Be Improved with SOPs for Cyber Threat Intelligence

When it comes to improving cyber incident response, security teams can learn a valuable lesson from the military about the importance of standard operating procedures. “SOPs” document prescribe methods for carrying out an activity or responding to a difficult situation. SOPs for cybersecurity—and more specifically, those developed for cyber threat intelligence programs—can improve...

How IOC Sharing Will Help Us Form a More Secure Healthcare Sector

How IOC Sharing Will Help Us Form a More Secure Healthcare Sector

The HITRUST Cyber Threat XChange (CTX), a Deep Discovery Inspector appliance, is already making countless healthcare organizations (HCOs) more resilient to threats. In fact, new data suggests it generated more than 5,700 IOCs in the month of May alone. HITRUST CTX is designed to accelerate threat detection and response. It does so by automating the collection and analysis of known and unknown...

Threat Intelligence Should Be Kept Ahead of the Bad Guys

Threat Intelligence Should Be Kept Ahead of the Bad Guys

Hal Lonas, the CTO of Webroot, shares about where his company’s products fall into the cybersecurity portfolio. Webroot’s product line is focused on prevention and detection. Webroot might be pertinent for a company with important crown jewels of data or digital assets that would undermine the entire business if they were compromised. “Within a company, knowing what threats have occurred...

Check out the latest cyber threat intelligence feeds

This category provides expertly curated news with a sole purpose of acting as cyber threat intelligence for the organizations. Threat intelligence and information sharing has emerged as the pillar of new security paradigm that focuses on actively sharing cyber intelligence and security intelligence on threats and threat actors thus reducing costs for the organizations and providing them a time window for proactive action. It is important for every security professional and team to beware of the changing threat landscape in the cyberspace so that strategies and defences are also adequately moulded to counter them. Cyware feeds under this category aim to keep the user in consistent touch with the changing threat landscape. The objective is to enable the user make an objective assessment of threats and accordingly consolidate resources and make robust strategies against them to protect the organizational security framework.