Visualizing Cyber Threat Trends in Real Time
December 14, 2017 • Monica Todros
When it comes to monitoring mass amounts of data, information overload can significantly hinder a threat analyst’s productivity.
Determining trends in the threat landscape and what’s relevant to your organization requires fine-tuned monitoring and a great deal of time. Unfortunately, time is an extremely valuable and elusive resource for security teams. Being aware of imminent threats as they emerge could help you avoid potentially catastrophic damage to your information or brand.
Recorded Future’s brand new Threat Views are designed to present real-time threat intelligence in concise, single-view dashboards, determining what’s trending and focusing down to what’s relevant to your organization.
Threat Intelligence in a Single View
Threat Views are a monitoring capability with built-in alerting that features synthesized data, made possible by our Threat Intelligence Machine and natural language processing technology, automatically processing raw data and turning it into intelligence.
These dynamic dashboards provide alerting for targeted threat intelligence risk areas and visualize cyber trend analytics, allowing monitoring on both a global and organizational level and highlighting entities that are either trending or have elevated risk.
Let’s take a look at some key Threat View features.
Global Threat Trends
The Global Threat Trends dashboard is the highest-level overview of trends, monitoring for known and emerging threats across our entire dataset that comes from our massive range of open, technical, and dark web sources.
Here, trends and risks are highlighted for threat areas that impact companies globally. Some Threat Views focus on specific business functions, like banking accounts or point-of-sale devices, while others focus on risks, like ransomware and cyber espionage, which affect companies across different industries.
From the dashboard view you can dive deeper into your specific concerns and what’s most relevant to your organization. Hovering over a particular item, like a target, opens up corresponding information, such as related attackers, methods, etc. You can then pivot to a detailed Intelligence Card™ for even more in-depth information on an individual attacker, vulnerability, or method.
Global Vulnerability Risk
The Global Vulnerability Risk dashboard, monitors new exploit chatter and vulnerabilities across all technology products, providing you a quick view of trending CVEs. With this instant view, vulnerability management teams can proactively prioritize what’s trending and what needs patching, enabling them to act accordingly.
The Ransomware Threat View highlights globally trending ransomware, the methods used, and vulnerabilities exploited in a categorized and concise view, making it easy to quickly scan this view and figure out the best plan to protect your organization.
As an example, Bad Rabbit was among the top trending malwares active across the Ransomware dashboard when this snapshot was taken, having seen a big surge in cyber references in the last 60 days. By pivoting to its corresponding Intelligence Card™, you can readily observe Bad Rabbit’s various references, as well as the exact first and last reference collected, adding valuable context to the malware.
The Cyber Espionage dashboard focuses on attacks that revolve around stealing data from companies, in particular, companies that have a significant amount of intellectual property.
In an investigation, an analyst can observe remote access trojans, APT threat actor groups, vulnerabilities, and nation-state actors, providing valuable background information on potential attackers and enabling companies to more effectively defend against them.
Banking and Payments
The Banking and Payments Threat View informs you of the highest-risk malware and which banks, financial institutions, and businesses that use payment processors are being targeted.
When this screenshot was taken, IcedID was the top trending malware affecting banking and payments. From there, you can drill down deeper and find out important details about the malware. For example, the context section of the Intelligence Card™ shows that the malware predominantly affects Windows systems. The Intelligence Cards™ also contains risk scored hashes associated with IcedID, supporting export and use with endpoint systems.
Merchants and POS
Merchants and POS highlights threats typically associated with the retail and hospitality industries, but can easily apply to other businesses that use POS systems. Stolen credit card data is a prominent threat for these industries. If evidence of a supplier compromise appears, this is a made clear in a customer Threat View, triggering alerts and visually showing an elevated threat.
An example of this can be taken from retail companies that use POS systems from a certain supplier. If a breach occurs, not only does the supplier of the retailer get hacked, but the retailer’s data also becomes exposed.
The ICS/SCADA Threat View displays threat information pertaining to businesses in utilities, energy, transportation, or other industries that support industrial processes.
While the targets listed in this Threat View are companies that produce ICS/SCADA systems, the data is also useful for the companies that actually use them. For example, ABB Ltd and AREVA S.A. were the top two targets trending when this snapshot was taken — if your organization uses a control system produced by one of these companies, you may be more inclined to take proactive measures.
Watch Lists Relevant to Your Industry, Technology, and Infrastructure
Watch Lists zero in on your company’s specific risks and capture your threat surface area, including domains, IP ranges, IT products, and even third-party suppliers and partners. You can customize the following watch lists:
- Vulnerability Risk
- Industry and Third Party Risk
- Infrastructure and Brand Risk
Through the use of Recorded Future Threat Views, your organization’s specific needs can be addressed with relevant trend analytics and improved monitoring and alerting, allowing for significantly faster analysis. To request a demo of our Threat Views, contact us today.