Kaspersky Labs recently reported on an attack they are calling “Red October”. The report included details on the attack dynamics, including details on what they are referring to as the attackers’ advanced cyber espionage network. After reviewing the report we realized that we had already classified the vast majority of the hosts, thus protecting Umbrella customers. We then performed some additional research on the hosts included.
One of the more powerful tools we have is our own internal search engine that allows us to query the vast amount of intelligence that we collect, index, and collate on a daily basis. This is based on traffic from more than 50 million geographically diverse users with more than 50 billion DNS requests a day. In this blog we highlight how we can correlate attack data to discover additional hosts, locations, Autonomous Systems, networks, and other salient details. Additionally we give a glimpse into how we use our data mining and classification in combination with a powerful security research visualization tool called Maltego.
Combining our indexed and cross-referenced data with visualization not only allows us to assign possible attribution and correlation on attacks, but also gives us the ability to discover and deliver predictive protection for customers. Please view the screencast below for a demonstration on the “Red October” attack.