Visualizing Cyber Threat Trends in Real Time

December 14, 2017 • Monica Todros

When it comes to monitoring mass amounts of data, information overload can significantly hinder a threat analyst’s productivity.

Determining trends in the threat landscape and what’s relevant to your organization requires fine-tuned monitoring and a great deal of time. Unfortunately, time is an extremely valuable and elusive resource for security teams. Being aware of imminent threats as they emerge could help you avoid potentially catastrophic damage to your information or brand.

Recorded Future’s brand new Threat Views are designed to present real-time threat intelligence in concise, single-view dashboards, determining what’s trending and focusing down to what’s relevant to your organization.

Threat Intelligence in a Single View

Threat Views are a monitoring capability with built-in alerting that features synthesized data, made possible by our Threat Intelligence Machine and natural language processing technology, automatically processing raw data and turning it into intelligence.

These dynamic dashboards provide alerting for targeted threat intelligence risk areas and visualize cyber trend analytics, allowing monitoring on both a global and organizational level and highlighting entities that are either trending or have elevated risk.

Let’s take a look at some key Threat View features.

Global Threat Trends

Global Threat Trends

The Global Threat Trends dashboard is the highest-level overview of trends, monitoring for known and emerging threats across our entire dataset that comes from our massive range of open, technical, and dark web sources.

Here, trends and risks are highlighted for threat areas that impact companies globally. Some Threat Views focus on specific business functions, like banking accounts or point-of-sale devices, while others focus on risks, like ransomware and cyber espionage, which affect companies across different industries.

From the dashboard view you can dive deeper into your specific concerns and what’s most relevant to your organization. Hovering over a particular item, like a target, opens up corresponding information, such as related attackers, methods, etc. You can then pivot to a detailed Intelligence Card™ for even more in-depth information on an individual attacker, vulnerability, or method.

Global Vulnerability Risk

Global Vulnerability Risk

The Global Vulnerability Risk dashboard, monitors new exploit chatter and vulnerabilities across all technology products, providing you a quick view of trending CVEs. With this instant view, vulnerability management teams can proactively prioritize what’s trending and what needs patching, enabling them to act accordingly.

Ransomware

The Ransomware Threat View highlights globally trending ransomware, the methods used, and vulnerabilities exploited in a categorized and concise view, making it easy to quickly scan this view and figure out the best plan to protect your organization.

Ransomware Threat View

As an example, Bad Rabbit was among the top trending malwares active across the Ransomware dashboard when this snapshot was taken, having seen a big surge in cyber references in the last 60 days. By pivoting to its corresponding Intelligence Card™, you can readily observe Bad Rabbit’s various references, as well as the exact first and last reference collected, adding valuable context to the malware.

Cyber Espionage

Cyber Espionage

The Cyber Espionage dashboard focuses on attacks that revolve around stealing data from companies, in particular, companies that have a significant amount of intellectual property.

In an investigation, an analyst can observe remote access trojans, APT threat actor groups, vulnerabilities, and nation-state actors, providing valuable background information on potential attackers and enabling companies to more effectively defend against them.

Banking and Payments

The Banking and Payments Threat View informs you of the highest-risk malware and which banks, financial institutions, and businesses that use payment processors are being targeted.

Banking and Payments

When this screenshot was taken, IcedID was the top trending malware affecting banking and payments. From there, you can drill down deeper and find out important details about the malware. For example, the context section of the Intelligence Card™ shows that the malware predominantly affects Windows systems. The Intelligence Cards™ also contains risk scored hashes associated with IcedID, supporting export and use with endpoint systems.

Merchants and POS

Merchants and POS

Merchants and POS highlights threats typically associated with the retail and hospitality industries, but can easily apply to other businesses that use POS systems. Stolen credit card data is a prominent threat for these industries. If evidence of a supplier compromise appears, this is a made clear in a customer Threat View, triggering alerts and visually showing an elevated threat.

An example of this can be taken from retail companies that use POS systems from a certain supplier. If a breach occurs, not only does the supplier of the retailer get hacked, but the retailer’s data also becomes exposed.

ICS/SCADA

ICS/SCADA

The ICS/SCADA Threat View displays threat information pertaining to businesses in utilities, energy, transportation, or other industries that support industrial processes.

While the targets listed in this Threat View are companies that produce ICS/SCADA systems, the data is also useful for the companies that actually use them. For example, ABB Ltd and AREVA S.A. were the top two targets trending when this snapshot was taken — if your organization uses a control system produced by one of these companies, you may be more inclined to take proactive measures.

Watch Lists Relevant to Your Industry, Technology, and Infrastructure

Watch Lists zero in on your company’s specific risks and capture your threat surface area, including domains, IP ranges, IT products, and even third-party suppliers and partners. You can customize the following watch lists:

  • Trends
  • Vulnerability Risk
  • Industry and Third Party Risk
  • Infrastructure and Brand Risk

Watch List Trends

Your custom-tailored Trends monitor for known and emerging threats based on entities defined in your Watch Lists.

Watch List Vulnerability Risk

Vulnerability Risk monitors for vulnerabilities tied to your enterprise’s technology stack.

Watch List Industry and Third-Party Risk

The Industry and Third Party Risk dashboard helps you understand what other organizations in your industry are up against.

Watch List Infrastructure and Brand Risk

Infrastructure and Brand Risk monitors for changes to your IP addresses, infrastructure, and domains.

Learn More

Through the use of Recorded Future Threat Views, your organization’s specific needs can be addressed with relevant trend analytics and improved monitoring and alerting, allowing for significantly faster analysis. To request a demo of our Threat Views, contact us today.

New call-to-action

Related Posts

Special Delivery: Recorded Future Hunting Packages

Special Delivery: Recorded Future Hunting Packages

September 25, 2019 • The Recorded Future Team

Quickly detecting and preventing malicious activity is imperative to effectively protecting your...

With Security Control Feeds, Get Originated Threat Intelligence You Can Trust

August 6, 2019 • Zane Pokorny

Threat intelligence, by definition, should help you make informed decisions faster It needs to...

Staying 1 Step Ahead of the Bad Guys: How to Identify New Tools and TTPs

July 25, 2019 • Avia Navickas

Gathering intelligence is a never-ending job — there are always more leads to find and connect to...