Researchers Solicit Sinkhole-Sharing Among Researchers

  /     /     /  
Publicated : 22/11/2024   Category : security


Researchers Solicit Sinkhole-Sharing Among Researchers


Dell SecureWorks researchers will provide their homegrown tools in open source to researchers from other companies and organizations



SAN FRANCISCO -- RSA CONFERENCE 2013 – Renowned malware analyst Joe Stewart and his team are reaching out to researchers from other firms in a research-sharing effort to expedite identifying new attacks and victims.
Stewart and Silas Cutler, a Dell SecureWorks security researcher, here this week announced that they will share their homegrown sinkhole-sharing technology with their counterparts in the industry to streamline attack research as well as to avoid researchers mistaking one anothers sinkhole servers as an attackers domain.
If youre not sharing information with other researchers and law enforcement, they have no idea when they see that server if its really a command and control and its temporarily broken, or if its a sinkhole, or what, says Stewart, director of malware research for Dell SecureWorks. Hopefully, as we get more researchers into this sharing community, there will be less of the blue-on-blue violence where we lose resources because they thought it was something bad.
Stewart is referring to cases of mistaken identity among researchers going after the same malware and attacks. Its not uncommon for one research group to misidentify anothers sinkhole server as a real attackers domain, for example, or report it and get it wiped out by an ISP or law enforcement.
Cutler wrote tools to facilitate sharing between his sinkhole and Stewarts to hep better investigate and identify new attack evidence and victim organizations. You dont know in advance what youre going to see, and I was seeing lots of different malware hitting [my sinkhole] and lots of traffic. Trying to make sense of that was the most difficult part, he says. Silas wrote some tools to facilitate this, and then we started getting great data. We can now isolate malware anomalies weve never seen before and easily identify victims.
Stewart says it makes sense to get other researchers on board to set up a shared sinkhole approach rather than keeping and studying that intelligence in a silo. We want to share these tools with others and were getting them prepped to go out in open source, he says. Were going to present this to others who are doing sinkholing, those with the same mindset toward sharing.
He says hes seeing a mindset shift in some cases for more sharing among researchers, akin to how the antivirus community ultimately had to come together. If youre trying to use sinkhole data for some advantage and some other company has different domains, its not like youre competing. If you are, that could be a big problem. We want to nip that in the bud—stealing sinkhole domains away from each other, Stewart says. Thats ultimately more damaging for end users or victims.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Researchers Solicit Sinkhole-Sharing Among Researchers