Hidden Link Analysis Reveals 92% of Suspicious IPs Not Blacklisted

Hidden Link Analysis Reveals 92% of Suspicious IPs Not Blacklisted

August 11, 2015 • Staffan

Immediately Available: Download your free copy of this report now.

Blacklists are a useful and common tool for enterprises actively looking to keep suspicious IP addresses and URLs off their network and away from their infrastructure. Traditional blacklists are populated with information from intelligence feeds, intrusion detection systems, honeypots, and log files. But we at Recorded Future posit that traditional blacklists can be bettered by incorporating threat intelligence from deep and dark Web sources.

By scouring the entire Web for mentions of known malware related to specific domains, we were able to identify nearly 1,400 instances of malware-infested domains that were not recognized on established blacklists. Recorded Future analyzed 890,000 documents that mention malware (including Web pages, tweets, and pastes) from nearly 700,000 Web sources that we track with the Recorded Future Web index. This means that 92% of the suspicious IP addresses identified in our project were not found elsewhere on other blacklists!

It’s important to note that in this particular test, the criteria for inclusion was two instances of malware mentions. When looking for suspicious domains with only one associated malware, the number of potential threats increases. Increasing the mentions of malware, we believe, increases the accuracy of the findings, meaning organizations can improve their threat intelligence and threat detection capabilities, and drive down risks.

Network Graph

Network graph of 1,521 IP addresses (blue) and 198 malware (red).

To learn more about this threat intelligence research using hidden link analysis, please download the full report “Two Shady Men Walk Into a Bar” or contact us for more information.

New call-to-action

Related Posts

New Year, New SOC — 2022 is the Year for Integrated Intelligence

New Year, New SOC — 2022 is the Year for Integrated Intelligence

January 20, 2022 • Matt Ellis

The beginning of any year is a natural time to take stock of your processes, resources, and systems...

How to Make the Attack Lifecycle Actionable with Intelligence

How to Make the Attack Lifecycle Actionable with Intelligence

January 13, 2022 • Jake Munroe

The Cyber Attack Lifecycle and Cyber Kill Chain are time and again used as the primary reference...

Using Intelligence to Defend Two of the World’s Largest Cities

Using Intelligence to Defend Two of the World’s Largest Cities

December 16, 2021 • Matt Ellis

How do you protect the two most populous cities in the United States New York City and Los Angeles...