Every day, thieves, “hacktivists,” even nationstates, use the global network to steal information and compromise businesses. Organizations today have to rethink their defenses and move from reaction to anticipation – figuring out when, why, or from where the next attack is coming. The most effective way to do that, we’ve found, is semantic analysis.
We used this approach when U.S. financial institutions suffered a series of distributed denial of service (DDoS) attacks by a hacktivist group, the Izz ad-Din al-Qassam Cyber Fighters, reportedly related to furor over an anti-Islam video on Youtube.
Starting in September 2012, we tracked internet chatter that mentioned banks along with keywords related to the al-Qassam DD0S attacks – even before the group had claimed responsibility. We created a visualization of the average volume of discussion about the attacks (the wave) and mentions of attacks on specific banks (the dots). the AmEx attack, for instance, generated unusually heavy discussion, but because general chatter had subsided, the average volume remained lower. We also mapped the data against real-world events (other cyberattacks, religious holidays, elections). Companies can use this approach to develop hypotheses, anticipate future events, and head off attacks more reliably.