Sorting Through Haystacks to Find CTI Needles

2023-04-04 13:51

CTI systems are confronted with some major issues ranging from the size of the collection networks to their diversity, which ultimately influence the degree of confidence they can put on their signals.

To illustrate the collection networks' size & variety point, without naming anyone in particular, let's imagine a large CDN provider.

Now if you are a large EDR/XDR or whatever glorified antivirus, you also can argue that you have a huge detection network spanning million of devices Of wealthy enterprises.

If the network is big enough, this IP rotation isn't a problem because if the network stops reporting an IP, you can release it, whereas the new one rising in a number of reports needs to be integrated into a blocklist.

Now at the network scale, if you have the same IP knocking at different places using different login/pass, it's credential stuffing, someone trying to reuse stolen credentials in many places to see if they are valid.

Now, to be honest, you don't need AI to sort out Credential bruteforce from Credential Reuse or Credential stuffing, but there are places where it can excel though, specifically when teamed with a large network to get heaps of data.

News URL

https://thehackernews.com/2023/04/sorting-through-haystacks-to-find-cti.html