“Victorious warriors win first and then go to war; defeated warriors go to war first and then seek to win.”
― Sun Tzu, The Art of War
Over the past several years, the cybercrime marketplace has gone through a significant maturation process, achieving parity of sophistication with many of the world’s legitimate markets. Traditional business differentiators such as customer service have migrated to the underground—if the stolen credit card you just bought has been cancelled, you’ll get a refund. Business concepts such as innovate-to-stay-ahead are commonplace amongst cybercrime-as-a-service vendors. This activity, in turn, has generated a lot of noise when it comes to threat intelligence; noise that is making it more difficult for us to distinguish the real threat signal. What is the risk of a single phishing or malware attack? What threat does a conversation between a couple fraudsters about cash out methods pose to your organization? There is just too much noise.
In the world of enterprise security, threat intelligence—the number one buzz word in 2014 amongst security practitioners—is bridging the gap and helping reduce the noise. Coupled with organizational sensory data, threat intelligence acts as a powerful correlator, providing the additional insight security teams can leverage to prioritize alerts and remediation efforts.
But in the world of cyber-fraud (or “consumer cyber security”), intelligence has not significantly advanced in recent years. While in the world of enterprise security, advanced threat intelligence identifies IOCs, TTPs, and causes pain to the threat actor, in the world of fraud, intelligence has remained superficial – here’s a compromised credit card number, or here’s a ZeuS hash. No depth or insight. In the world of fraud, we receive disconnected data points for the most part.
If our plan is to win before we go to war, we must up our cyber-fraud intelligence game. That is exactly what our new Advanced Fraud Intelligence service is designed to offer.
RSA Advanced Fraud Intelligence (AFI) is a complete, externally managed service that is designed to provide organizations with the actionable intelligence they need to help better understand—and counter—today’s cyber-fraud threats. The service is designed to help organizations identify threat clusters across phishing and malware attacks, identify the potential weaknesses in external processes and procedures that are being leveraged by fraudsters, and profile and attribute attacks to specific actors. AFI leverages proprietary technology engineered to correlate and contextualize data harvested from various sources including: forensic data from hundreds of thousands of online phishing and malware attacks globally, human intelligence (HUMINT) operations monitoring cybercriminal underground vetted and closed forums and other fraudster communication channels, and deep-web venues, and Open-source Intelligence (OSINT) gathered from different public-facing sources.
Today’s landscape requires a much wider view of the threat facing your organization. Being able to collect and correlate data from different sources will be a key factor to help successfully assessing risk and prioritizing response. Understanding the links between phishing and malware attacks and correlating that data with underground intelligence is exactly what RSA’s Advanced Fraud Intelligence is designed to do.