{"310331":{"#nid":"310331","#data":{"type":"news","title":"BlackForest Aggregates Threat Information to Warn of Possible Cyber Attacks","body":[{"value":"\u003Cp\u003ECoordinating distributed denial-of-service attacks, displaying new malware code, offering advice about network break-ins and posting stolen information \u2013 these are just a few of the online activities of cyber-criminals. Fortunately, activities like these can provide cyber-security specialists with advance warning of pending attacks and information about what hackers and other bad actors are planning.\u003C\/p\u003E\u003Cp\u003EGathering and understanding this cyber-intelligence is the work of BlackForest, a new open source intelligence gathering system developed by information security specialists at the \u003Ca href=\u0022http:\/\/www.gtri.gatech.edu\/\u0022\u003EGeorgia Tech Research Institute\u003C\/a\u003E (GTRI). By using such information to create a threat picture, BlackForest complements other GTRI systems designed to help corporations, government agencies and nonprofit organizations battle increasingly-sophisticated threats to their networks.\u003C\/p\u003E\u003Cp\u003E\u201cBlackForest is on the cutting edge of anticipating attacks that may be coming,\u201d said Christopher Smoak, a research scientist in GTRI\u2019s Emerging Threats and Countermeasures Division. \u201cWe gather and connect information collected from a variety of sources to draw conclusions on how people are interacting. This can drive development of a threat picture that may provide pre-attack information to organizations that may not even know they are being targeted.\u201d\u003C\/p\u003E\u003Cp\u003EThe system collects information from the public Internet, including hacker forums and other sites where malware authors and others gather. Connecting the information and relating it to past activities can let organizations know they are being targeted and help them understand the nature of the threat, allowing them to prepare for specific types of attacks. Once attacks have taken place, BlackForest can help organizations identify the source and mechanism so they can beef up their security.\u003C\/p\u003E\u003Cp\u003EOrganizing distributed denial-of-service (DDoS) attacks is a good example of how the system can be helpful, Smoak noted. DDoS attacks typically involve thousands of people who use the same computer tool to flood corporate websites with so much traffic that customers can\u2019t get through. The attacks hurt business, harm the organization\u2019s reputation, bring down servers \u2013 and can serve as a diversion for other types of nefarious activity.\u003C\/p\u003E\u003Cp\u003EBut they have to be coordinated using social media and other means to enlist supporters. BlackForest can tap into that information to provide a warning that may allow an organization to, for example, ramp up its ability to handle large volumes of traffic.\u003C\/p\u003E\u003Cp\u003E\u201cWe want to provide something that is predictive for organizations,\u201d said Ryan Spanier, head of GTRI\u2019s Threat Intelligence Branch. \u201cThey will know that if they see certain things happening, they may need to take action to protect their networks.\u201d\u003C\/p\u003E\u003Cp\u003EMalware authors often post new code to advertise its availability, seek feedback from other writers and mentor others. Analyzing that code can provide advance warning of malware innovations that will need to be addressed in the future.\u003C\/p\u003E\u003Cp\u003E\u201cIf we see a tool pop up written by a person who has been an important figure in the malware community, that lets us know to begin working to mitigate the new malware that may appear down the road,\u201d Smoak said.\u003C\/p\u003E\u003Cp\u003EOrganizations also need to track what\u2019s being made available in certain forums and websites. When a company\u2019s intellectual property starts showing up online, that may be the first sign that a network has been compromised. Large numbers of credit card numbers, or logins and passwords, can show that a website or computer system of a retail organization has been breached.\u003C\/p\u003E\u003Cp\u003E\u201cYou have to monitor what\u2019s out in the wild that your company or organization owns,\u201d said Spanier. \u201cIf you have something of value, you will be attacked. Not all attacks are successful, but nearly all companies have some computers that have been compromised in one way or another. You want to find out about these as soon as possible.\u201d\u003C\/p\u003E\u003Cp\u003EMonitoring comments on websites can also reveal what kinds of security reputations organizations may have. If the advice is to avoid a particular organization because previous attacks have failed, that can give an organization a sense that its security is good. Attackers often seek the easiest targets, Spanier noted.\u003C\/p\u003E\u003Cp\u003EIndividual organizations could gather the kinds of information monitored by BlackForest, but few organizations have the resources to connect the information. GTRI customizes the system to gather information specific to each user and their industry segment.\u003C\/p\u003E\u003Cp\u003E\u201cThe average organization doesn\u2019t have the means to crawl all of this data and put together the complex algorithms needed to identify the useful information,\u201d Smoak explained. \u201cBecause we have the environment and the connectivity, we have what we need to obtain this information.\u201d\u003C\/p\u003E\u003Cp\u003EBy automating much of the work involved in gathering and monitoring information, BlackForest can allow human resources to be used for more challenging information security activities.\u003C\/p\u003E\u003Cp\u003E\u201cOur goal is to have tools that will help focus the resources so that the most valuable resources are used for the more difficult issues,\u201d said Smoak. \u201cRight now, we tend to find all kinds of security fires the same. This will help us focus on the most important threats.\u201d\u003C\/p\u003E\u003Cp\u003EBlackForest joins two other GTRI cyber-security systems already available. Apiary is a malware intelligence system that helps corporate and government security officials share information about the attacks they are fighting. Phalanx helps fight the spear phishing attacks that are carried out by tricking email recipients to open malware-infected attachments or follow malicious web links.\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EResearch News\u003C\/strong\u003E\u003Cbr \/\u003E\u003Cstrong\u003EGeorgia Institute of Technology\u003C\/strong\u003E\u003Cbr \/\u003E\u003Cstrong\u003E177 North Avenue\u003C\/strong\u003E\u003Cbr \/\u003E\u003Cstrong\u003EAtlanta, Georgia\u0026nbsp; 30332-0181\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EMedia Relations Contacts\u003C\/strong\u003E: Lance Wallace (404-407-7280) (\u003Ca href=\u0022mailto:lance.wallace@gtri.gatech.edu\u0022\u003Elance.wallace@gtri.gatech.edu\u003C\/a\u003E) or John Toon (404-894-6986) (\u003Ca href=\u0022mailto:jtoon@gatech.edu\u0022\u003Ejtoon@gatech.edu\u003C\/a\u003E).\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EWriter\u003C\/strong\u003E: John Toon\u003C\/p\u003E","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003EResearchers have developed a new open source intelligence gathering system designed to create a picture of developing threats. BlackForest complements other GTRI systems designed to help corporations, government agencies and nonprofit organizations battle increasingly-sophisticated threats to their networks.\u003C\/p\u003E","format":"limited_html"}],"field_summary_sentence":[{"value":"Researchers have developed a new open source intelligence gathering system known as BlackForest."}],"uid":"27303","created_gmt":"2014-07-23 16:05:44","changed_gmt":"2016-10-08 03:16:48","author":"John Toon","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2014-07-23T00:00:00-04:00","iso_date":"2014-07-23T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"310311":{"id":"310311","type":"image","title":"BlackForest Aggregates Threats","body":null,"created":"1449244726","gmt_created":"2015-12-04 15:58:46","changed":"1475895020","gmt_changed":"2016-10-08 02:50:20","alt":"BlackForest Aggregates Threats","file":{"fid":"199844","name":"black-forest109-m.jpg","image_path":"\/sites\/default\/files\/images\/black-forest109-m_0.jpg","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/black-forest109-m_0.jpg","mime":"image\/jpeg","size":90021,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/black-forest109-m_0.jpg?itok=SSVwpUFW"}},"310321":{"id":"310321","type":"image","title":"BlackForest Aggregates Threats1","body":null,"created":"1449244726","gmt_created":"2015-12-04 15:58:46","changed":"1475895020","gmt_changed":"2016-10-08 02:50:20","alt":"BlackForest Aggregates Threats1","file":{"fid":"199845","name":"black-forest259-m.jpg","image_path":"\/sites\/default\/files\/images\/black-forest259-m_0.jpg","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/black-forest259-m_0.jpg","mime":"image\/jpeg","size":83349,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/black-forest259-m_0.jpg?itok=OI0tGXnS"}}},"media_ids":["310311","310321"],"groups":[{"id":"1188","name":"Research Horizons"}],"categories":[{"id":"153","name":"Computer Science\/Information Technology and Security"},{"id":"135","name":"Research"}],"keywords":[{"id":"98341","name":"BlackForest"},{"id":"98361","name":"Chris Smoak"},{"id":"344","name":"cyber"},{"id":"98381","name":"cyber-attack"},{"id":"9651","name":"cyber-security"},{"id":"416","name":"GTRI"},{"id":"856","name":"Intelligence"},{"id":"98351","name":"Ryan Spanier"},{"id":"3761","name":"threat"},{"id":"98371","name":"threat information"}],"core_research_areas":[{"id":"39431","name":"Data Engineering and Science"},{"id":"39481","name":"National Security"}],"news_room_topics":[{"id":"71901","name":"Society and Culture"}],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003EJohn Toon\u003C\/p\u003E\u003Cp\u003EResearch News\u003C\/p\u003E\u003Cp\u003E\u003Ca href=\u0022mailto:jtoon@gatech.edu\u0022\u003Ejtoon@gatech.edu\u003C\/a\u003E\u003C\/p\u003E\u003Cp\u003E(404) 894-6986\u003C\/p\u003E","format":"limited_html"}],"email":["jtoon@gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}