The need for collaborative threat intelligence
Another tool in the attacker’s arsenal is that they are highly adept at sharing information with each other. On hacker forums and other “underground” communities, attack tools and techniques are widely shared, discussed, vetted and promoted. As with any community, there are active rivalries and controversies. However, ultimately, this sharing gives attackers additional resources to be more effective in their efforts.
Clearly, the same collaborative approach is needed for defenders. Remember that “recycled attack platform” used by attackers? Why wouldn’t defenders likewise collaborate on the source, tools and techniques used for these attacks and reap the tremendous benefits of threat sharing? Not to mention that such collaboration among defenders can also increase the costs associated with executing these attacks.
Once an attacker has targeted any member of a collaborative platform, command-and-control servers are easily identified by their IP addresses throughout the network. This means that attackers can no longer benefit from the isolation of their targets; they must use a new IP for each attack that they launch. Instead of being able to launch thousands of attacks from a single IP, they have to pay the cost of acquiring a number of IPs that is proportional to the number of attacks they wish to mount.
Additionally, an attacker’s tools and tactics become much less effective when defenders collaborate to protect themselves from the attacker. A “Neighborhood Watch” for the Internet makes sense from an economic perspective as well as from an operational one.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.