Threat Hunting is a military activity focusing on computer network operations. It is a “new concept” in the area of military intelligence, but one with obvious potential value to both military and civilian users. Cyber threat hunting is an interactive cyber defense activity.
It’s “the process of actively and interactively hunting through cyberspace to detect and eliminate specific, high-confidence threats that usually evade existing detection and protection solutions.” The goal is to deploy military and civilian users with the latest and most up-to-date protection capabilities against the latest and greatest cyber offensive and defensive tools and techniques.
Hunting for a virus or worm requires information about the attacker and their environment. This information must then be analyzed for a working solution. Threat hunting is often part of a coordinated response involving many different departments within the military or government. For instance, the Department of Defense creates a Cyber Command, which directs the Cyber Military Force, to conduct daily operations and exercises to protect our nation from cyber attacks.
A cyber-hunting operation may begin when someone sends an email to a friend or work colleague offering to deliver a virus-sized payload of data to the target system. If the target machine is not infected with the data or has an immunity to the attack, the malware or attack will fail.
On the other hand, if the machine is infected, it could open a flood of further attacks. Many military intelligence collection and cyber operations use this methodology. It is a time-tested way to discover what machines are infected with viruses and what organizations or people have vulnerabilities.
Another form of hunting for cyber threats is to monitor a network of machines. Often, military and civilian agencies use computer monitoring software to determine what’s going on in a given location. These programs can detect unusual activity and, if needed, provide warnings to network administrators or IT leaders.
Other forms of hunting include determining the presence of a computer or server under attack from a malicious computer or server. Often, military or civilian agencies use a combination of monitoring techniques and hunting techniques to track down and eliminate any threats.
There are two main types of hunting for information on cyber behavior: manual and automated. Manual hunting requires the observation of an attacker’s actions or activities, which may require the user to intervene.
This method is used to discover if an organization’s firewall is allowing in infected data or is not protecting sensitive information from attackers on their network.
Automated hunting collects information in real time from networks that are not infected with harmful code. It’s often used by large corporations to discover hackers or spy-ware that is rapidly gaining access to their systems. This method is often used before a company makes a decision to engage in offensive cyber-behavior.
The information gathered during hunting campaigns can be extremely valuable. Companies may use the information to determine the effectiveness of their firewall or to ascertain the location of their networked computers.
Threat hunting can also be employed by a government agency such as the CIA or FBI. The goal of this type of hunting is usually to find a way to prevent a cyber attack on a U.S. firm from originating from foreign sources. While this might seem difficult, it’s necessary to stay one step ahead of cyber criminals who have the ability to send fake email to millions of people, causing mass confusion. Once this happens, the only way to defend your company or your personal information is to take appropriate preemptive measures and prevent an attack.
For companies or individuals facing cyber threats, it’s important to keep the information that you hold very confidential. Never provide any information to an attacker unless you are 100% confident that they will not try to use the information against you. Also, always be careful about what information you publish on the Internet. Only post the information that you would feel comfortable with others knowing.