Coordinating distributed denial-of-service attacks, displaying new malware code, offering advice about network break-ins and posting stolen information – these are just a few of the online activities of cyber-criminals. Fortunately, activities like these can provide cyber-security specialists with advance warning of pending attacks and information about what hackers and other bad actors are planning.
Gathering and understanding this cyber-intelligence is the work of BlackForest, a new open source intelligence gathering system developed by information security specialists at the Georgia Tech Research Institute (GTRI). By using such information to create a threat picture, BlackForest complements other GTRI systems designed to help corporations, government agencies and nonprofit organizations battle increasingly-sophisticated threats to their networks.
“BlackForest is on the cutting edge of anticipating attacks that may be coming,” said Christopher Smoak, a research scientist in GTRI’s Emerging Threats and Countermeasures Division. “We gather and connect information collected from a variety of sources to draw conclusions on how people are interacting. This can drive development of a threat picture that may provide pre-attack information to organizations that may not even know they are being targeted.”
The system collects information from the public Internet, including hacker forums and other sites where malware authors and others gather. Connecting the information and relating it to past activities can let organizations know they are being targeted and help them understand the nature of the threat, allowing them to prepare for specific types of attacks. Once attacks have taken place, BlackForest can help organizations identify the source and mechanism so they can beef up their security.