In a sea of vulnerabilities clamoring for attention, it’s almost impossible to know which IT security issues to address first. Vendor advisories provide a tried-and-true means for keeping on top of known attack vectors. But there’s a more expedient option: Eavesdrop on attackers themselves.
Given their increasingly large attack surfaces, most organizations tie their vulnerability management cycle to vendor announcements. But initial disclosure of security vulnerabilities doesn’t always come from vendors, and waiting for official announcements can put you days, or even weeks, behind attackers, who discuss and share tutorials within hours of a vulnerability becoming known.
“Online chatter typically [begins] within 24 to 48 hours of the initial public disclosure,” says Levi Gundert, vice president of threat intelligence at Recorded Future, citing the firm’s in-depth analysis of discussions on foreign-language forums.
Vendor advisories, blog posts, mailing list messages, Homeland Security CERT alerts — defenders aren’t the only ones reading these announcements. Knowing what piques attackers’ interest — and how they plan to exploit holes before vendors can respond — is a great way to get a jump on the next wave of attacks.