Hidden Link Analysis Reveals 92% of Suspicious IPs Not Blacklisted
Predict 21: The Intelligence Summit Register Today

Hidden Link Analysis Reveals 92% of Suspicious IPs Not Blacklisted

August 11, 2015 • Staffan

Immediately Available: Download your free copy of this report now.

Blacklists are a useful and common tool for enterprises actively looking to keep suspicious IP addresses and URLs off their network and away from their infrastructure. Traditional blacklists are populated with information from intelligence feeds, intrusion detection systems, honeypots, and log files. But we at Recorded Future posit that traditional blacklists can be bettered by incorporating threat intelligence from deep and dark Web sources.

By scouring the entire Web for mentions of known malware related to specific domains, we were able to identify nearly 1,400 instances of malware-infested domains that were not recognized on established blacklists. Recorded Future analyzed 890,000 documents that mention malware (including Web pages, tweets, and pastes) from nearly 700,000 Web sources that we track with the Recorded Future Web index. This means that 92% of the suspicious IP addresses identified in our project were not found elsewhere on other blacklists!

It’s important to note that in this particular test, the criteria for inclusion was two instances of malware mentions. When looking for suspicious domains with only one associated malware, the number of potential threats increases. Increasing the mentions of malware, we believe, increases the accuracy of the findings, meaning organizations can improve their threat intelligence and threat detection capabilities, and drive down risks.

Network Graph

Network graph of 1,521 IP addresses (blue) and 198 malware (red).

To learn more about this threat intelligence research using hidden link analysis, please download the full report “Two Shady Men Walk Into a Bar” or contact us for more information.

New call-to-action

Related Posts

Why Monitoring the Dark Web is Essential for Third-Party Risk Management

Why Monitoring the Dark Web is Essential for Third-Party Risk Management

May 13, 2021 • Trevor Lyness

The dark web is often portrayed as vast, mysterious, and out of reach for companies without...

Simplify and Accelerate Threat Hunting with High-Speed, High-Confidence Threat Intelligence

Simplify and Accelerate Threat Hunting with High-Speed, High-Confidence Threat Intelligence

April 15, 2021 • Neha Mehra

As your attack surface continues to grow -- expanding into the cloud and employees working from...

How Contextualized Intelligence Maximizes Security Outcomes in SecOps Tools

How Contextualized Intelligence Maximizes Security Outcomes in SecOps Tools

April 14, 2021 • Ellen Wilson

As the attack surface grows,  it’s difficult for security teams to maintain a comprehensive,...