{"132601":{"#nid":"132601","#data":{"type":"news","title":"Malware Intelligence System Enables Organizations to Share Threat Information","body":[{"value":"\u003Cp\u003EAs malware threats expand into new domains and increasingly focus on industrial espionage, Georgia Tech researchers are launching a new weapon to help battle the threats: a malware intelligence system that will help corporate and government security officials share information about the attacks they are fighting.\u003C\/p\u003E\u003Cp\u003EKnown as Titan, the system will be at the center of a security community that will help create safety in numbers as companies large and small add their threat data to a knowledge base that will be shared with all participants. Operated by security specialists at the \u003Ca href=\u0022http:\/\/www.gtri.gatech.edu\/\u0022\u003EGeorgia Tech Research Institute\u003C\/a\u003E (GTRI), the system builds on a threat analysis foundation \u2013 including a malware repository that analyzes and classifies an average of 100,000 pieces of malicious code each day.\u003C\/p\u003E\u003Cp\u003E\u201cAs a university, Georgia Tech is uniquely positioned to take this white hat role in between industry and government,\u201d said Andrew Howard, a GTRI research scientist who is part of the Titan project. \u201cWe want to bring communities together to break down the walls between industry and government to provide a trusted, sharing platform.\u201d\u003C\/p\u003E\u003Cp\u003EMembers contributing information will do so anonymously so other members won\u2019t know which specific organizations have been attacked. GTRI will independently verify information provided to Titan and carefully vet the members of the community before they are allowed to participate.\u003C\/p\u003E\u003Cp\u003E\u201cPeople tend to think that if an organization gets hit, it was because they had poor security measures,\u201d said Christopher Smoak, a GTRI research scientist who heads up the Titan project. \u201cThat\u2019s not necessarily true, because a variety of factors contribute to intrusions. But until we get to the point that there\u2019s no longer a stigma attached to having an infiltration, people are going to want anonymity to participate.\u201d\u003C\/p\u003E\u003Cp\u003EIn addition to receiving information about attacks and responses at other organizations, members will receive quick reports on malware samples they submit. Based on what they have learned from the malware repository and by reverse-engineering malicious code, GTRI researchers will be able to provide information on the potential harm from an attack, the likely source, the best remedy for it and the risks to the organization.\u003C\/p\u003E\u003Cp\u003E\u201cWe hope to provide information about the trends that organizations can expect to see, and help them prioritize what they should do to address the risks,\u201d said Howard. \u201cWe have a significant system behind the scenes to facilitate the exchange of information.\u201d\u003C\/p\u003E\u003Cp\u003ETitan will be especially valuable to smaller organizations that lack the resources to operate their own security evaluation labs, though all members will benefit from sharing information. GTRI information security researchers collaborate with the \u003Ca href=\u0022http:\/\/www.gtisc.gatech.edu\/\u0022\u003EGeorgia Tech Information Security Center \u003C\/a\u003E(GTISC), which expands the depth of knowledge.\u003C\/p\u003E\u003Cp\u003E\u201cGTRI will maintain the shared resources that companies can use to help solve their own problems,\u201d Smoak noted. \u201cWe\u2019ll have many organizations contributing to this community, and everyone getting information out; it will really benefit everyone.\u201d\u003C\/p\u003E\u003Cp\u003ECompanies today have two primary concerns about malicious software, Howard said. The first is for the loss of intellectual property, such as plans for a new product or bidding documents for a major project. The second is a compromise of the web infrastructure that many companies rely on to do business.\u003C\/p\u003E\u003Cp\u003ETitan will also help companies educate their computer users about such risks as spear-phishing, which uses email that appears to be from a trusted colleague or friend to trick users into taking a risky action, such a opening an infected attachment. The system will alert companies to the newest threat trends so they can warn their users, and identify the IP addresses that malicious software is communicating with.\u003C\/p\u003E\u003Cp\u003E\u201cSpear-phishing is very difficult to defend against, because all it takes is one person clicking on something that lets malware into the network,\u201d Smoak said. \u201cIt\u2019s difficult to train a large workforce with varying skill sets to identify the very small nuances that indicate these emails are malicious.\u201d\u003C\/p\u003E\u003Cp\u003EGTRI has been analyzing the malware attacking Windows-based computers for years. Now the analysts are seeing an increase in malicious code designed for Android-based devices \u2013 and for Macintosh computers, which previously hadn\u2019t been high-priority targets.\u003C\/p\u003E\u003Cp\u003E\u201cWe see Android malware in its infancy right now,\u201d said Smoak. \u201cWe see what it is doing and how it is working, and we can draw parallels to what we saw earlier with the Windows-based malware. We can probably expect to see the Android and Mac malware follow a similar path.\u201d\u003C\/p\u003E\u003Cp\u003EThe danger may be especially great for the users of computer systems that previously had not worried much about malware.\u003C\/p\u003E\u003Cp\u003E\u201cFor Macintosh systems, the threats are starting to get scarier,\u201d Howard said. \u201cWhen more malware authors shift their focus to this platform, a lot of people who thought they were safe by not using the Windows OS will be caught off-guard.\u201d\u003C\/p\u003E\u003Cp\u003ETitan now includes half a dozen Fortune 500 members, along with other government and nonprofit organizations. Smoak and Howard have been getting feedback from those members as they\u2019ve built the system, which will be formally launched in a few months.\u003C\/p\u003E\u003Cp\u003E\u201cWe are looking for additional industry partners to help us use the tool and help refine the system,\u201d said Howard. \u201cWe believe that members of this community will come together to help each other strengthen defenses.\u201d\u003C\/p\u003E\u003Cp\u003EA determined hacker will probably succeed in compromising most corporate computer networks, but the researchers believe Titan can help companies make that as difficult as possible.\u003C\/p\u003E\u003Cp\u003E\u201cYou may not be able to completely prevent an attack, but you can have a higher wall and stronger defense,\u201d Howard said. \u201cHackers tend to go after the low-hanging fruit, so they will attack the companies that are the easiest to attack. We believe that our community can help all the members strengthen their defenses.\u201d\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EResearch News \u0026amp; Publications Office\u003C\/strong\u003E\u003Cbr \/\u003E\u003Cstrong\u003EGeorgia Institute of Technology\u003C\/strong\u003E\u003Cbr \/\u003E\u003Cstrong\u003E75 Fifth Street, N.W., Suite 314\u003C\/strong\u003E\u003Cbr \/\u003E\u003Cstrong\u003EAtlanta, Georgia\u0026nbsp; 30308\u0026nbsp; USA\u003C\/strong\u003E\u003Cbr \/\u003E\u003Cbr \/\u003E\u003Cstrong\u003EMedia Relations Contacts\u003C\/strong\u003E: John Toon (404-894-6986)(\u003Ca href=\u0022mailto:jtoon@gatech.edu\u0022\u003Ejtoon@gatech.edu\u003C\/a\u003E) or Abby Robinson (404-385-3364)(\u003Ca href=\u0022mailto:abby@innovate.gatech.edu\u0022\u003Eabby@innovate.gatech.edu\u003C\/a\u003E) or Kirk Englehardt (404-894-6015)(\u003Ca href=\u0022mailto:kirk.englehardt@comm.gatech.edu\u0022\u003Ekirk.englehardt@comm.gatech.edu\u003C\/a\u003E).\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EWriter\u003C\/strong\u003E: John Toon\u003C\/p\u003E","summary":null,"format":"limited_html"}],"field_subtitle":[{"value":"Titan intelligence system will help companies and government organizations"}],"field_summary":[{"value":"\u003Cp\u003EAs malware threats expand and increasingly focus on industrial espionage, Georgia Tech researchers are launching a new weapon to help battle the threats: a malware intelligence system that will help corporate and government security officials share information about the attacks they are fighting.\u003C\/p\u003E","format":"limited_html"}],"field_summary_sentence":[{"value":"Researchers have launched a new weapon designed to help companies fight back against malware threats."}],"uid":"27303","created_gmt":"2012-05-23 22:17:12","changed_gmt":"2016-10-08 03:12:18","author":"John Toon","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2012-05-23T00:00:00-04:00","iso_date":"2012-05-23T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"132591":{"id":"132591","type":"image","title":"Titan Malware Intelligence System2","body":null,"created":"1449178659","gmt_created":"2015-12-03 21:37:39","changed":"1475894520","gmt_changed":"2016-10-08 02:42:00","alt":"Titan Malware Intelligence System2","file":{"fid":"194716","name":"titan106.jpg","image_path":"\/sites\/default\/files\/images\/titan106_0.jpg","image_full_path":"http:\/\/hg.gatech.edu\/\/sites\/default\/files\/images\/titan106_0.jpg","mime":"image\/jpeg","size":1161901,"path_740":"http:\/\/hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/titan106_0.jpg?itok=4jOf5vit"}},"132581":{"id":"132581","type":"image","title":"Titan Malware Intelligence System","body":null,"created":"1449178659","gmt_created":"2015-12-03 21:37:39","changed":"1475894528","gmt_changed":"2016-10-08 02:42:08","alt":"Titan Malware Intelligence System","file":{"fid":"194715","name":"titan165.jpg","image_path":"\/sites\/default\/files\/images\/titan165_0.jpg","image_full_path":"http:\/\/hg.gatech.edu\/\/sites\/default\/files\/images\/titan165_0.jpg","mime":"image\/jpeg","size":1277971,"path_740":"http:\/\/hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/titan165_0.jpg?itok=rO8G9BVY"}}},"media_ids":["132591","132581"],"groups":[{"id":"1188","name":"Research Horizons"}],"categories":[{"id":"153","name":"Computer Science\/Information Technology and Security"}],"keywords":[{"id":"416","name":"GTRI"},{"id":"7772","name":"malware"},{"id":"167055","name":"security"},{"id":"34351","name":"threat intelligence"},{"id":"13302","name":"Titan"}],"core_research_areas":[{"id":"39431","name":"Data Engineering and Science"},{"id":"39481","name":"National Security"},{"id":"39501","name":"People and Technology"}],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003EJohn Toon\u003C\/p\u003E\u003Cp\u003EResearch News \u0026amp; Publications Office\u003C\/p\u003E\u003Cp\u003E(404) 894-6986\u003C\/p\u003E\u003Cp\u003E\u003Ca href=\u0022mailto:jtoon@gatech.edu\u0022\u003Ejtoon@gatech.edu\u003C\/a\u003E\u003C\/p\u003E","format":"limited_html"}],"email":["jtoon@gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}