Ransomware, trojans, cybercrime forums, and stolen credentials shops are commonly hosted on bulletproof hosting servers. Even though defenders are spending billions of dollars to mitigate
these threats by reactively collecting and pushing convicted domains, IPs, and signatures into enforcement products, cyber crime continues to increase and cause more damage. In this talk,
we’ll present proven approaches to upgrade your threat intelligence from being IOC-driven to being more proactive with a longer-lasting advantage. We’ll show how to extract behaviors of criminal-hosting infrastructures used for malware, phishing, crimeware forums, and various toxic content, and how to track evolving evasion patterns used by adversaries. We correlate findings using different threat intelligence collection, and analysis techniques applied to large-scale network data and OSINT. This talk will be useful to security practitioners, threat analysts, and law enforcement personnel, and it will provide actionable best practices to improve security controls in protecting organizations.
Dhia Mahjoub (@DhiaLite), Head of Security Research, Cisco Umbrella (OpenDNS)
Upgrading Your CTI to Track Down Criminal Hosting Infrastructures – SANS CTI Summit 2018