惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
WordPress大学
WordPress大学
云风的 BLOG
云风的 BLOG
Stack Overflow Blog
Stack Overflow Blog
MongoDB | Blog
MongoDB | Blog
腾讯CDC
V
V2EX
Martin Fowler
Martin Fowler
A
About on SuperTechFans
大猫的无限游戏
大猫的无限游戏
Blog — PlanetScale
Blog — PlanetScale
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
酷 壳 – CoolShell
酷 壳 – CoolShell
C
Check Point Blog
博客园 - 【当耐特】
Cisco Talos Blog
Cisco Talos Blog
The Hacker News
The Hacker News
K
Kaspersky official blog
Security Latest
Security Latest
H
Help Net Security
博客园_首页
美团技术团队
Spread Privacy
Spread Privacy
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
S
SegmentFault 最新的问题
G
Google Developers Blog
NISL@THU
NISL@THU
爱范儿
爱范儿
I
Intezer
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
N
News and Events Feed by Topic
P
Privacy International News Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog
S
Security @ Cisco Blogs
Schneier on Security
Schneier on Security
雷峰网
雷峰网
人人都是产品经理
人人都是产品经理
V
Vulnerabilities – Threatpost
W
WeLiveSecurity
P
Palo Alto Networks Blog
G
GRAHAM CLULEY
Hacker News: Ask HN
Hacker News: Ask HN
I
InfoQ
The Cloudflare Blog
F
Full Disclosure
SecWiki News
SecWiki News
宝玉的分享
宝玉的分享
N
Netflix TechBlog - Medium

Intel 471 Blog

TeamPCP Supply Chain Attacks Turning Geopolitical Tension into Actionable Intelligence CVE-2025-68613: Zerobot botnet exploits critical vulnerability impacting n8n AI orchestration platform Introducing Cyber Threat Exposure Bundle: A Unified Approach to External Risk CVE-2026-20127: Critical Cisco SD-WAN vulnerability exploited in wild Handala Threat Group OpenClaw: A viral AI assistant and a magnet for infostealer malware and ClickFix trickery Israeli, US strikes against Iran triggers a surge in hacktivist activity CVE-2026-1731: Finding a critical RCE in an age of AI-driven vulnerability research Born to bypass MFA: Taking down Tycoon 2FA The UK Cyber Security Resilience Bill How AI and the human advantage beat tomorrow’s threats Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotage How Threat Hunting and “Good” Metrics Help The Business Likely fake ransomware operator 0APT causes panic — Our analysis Hunting APTs: from state policy to TTPs CrazyHunter Ransomware DevMan Ransomware Introducing HUNTER Tuning: a New Tool for Driving Behavioral Threat Hunt Detections Battling check fraud in the U.S. Gootloader Malware Update Shai-Hulud Worm 2.0 New FvncBot Android banking trojan targets Poland White Paper Preview: Black "Fraud Day” and Beyond — The Key Cyber Threats Facing the Retail Sector this Holiday Season Threat hunting case study: Detecting IAB activity Using deception to extract cyber threat intelligence Lynx Ransomware Qilin Ransomware Group ClickFix: Tricking users into installing infostealers Cybercrime Takedowns: Trust, Partnerships and Focus How card fraud is powered by underground card checkers Tracking down The Com Turning Chaos into Clarity: The Next Phase of Intel 471’s Geopolitical Intelligence Solution The FBI’s Group 78: Covertly fighting ransomware? How threat actors bypass multifactor authentication Crimson Collective In a digital age, US paper check fraud flourishes How you can defend against AI-driven fraud and phishing Detecting cybercriminal activity on Telegram NPM - Shai-Hulud Worm Threat hunting case study: ToolShell AMOS Stealer How AI can (and can’t) help in threat hunting The Phrack leak: Examining an APT’s workstation How initial access offers power intrusions and ransomware Drawing value from cyber threat intelligence “Pig-Butchering” Scams: The Dark Side of Social Engineering and Why Terminology Matters After disruption, XSS cybercrime forum faces loss of trust Update: Salt Typhoon Bridging the CTI Gap: New Exposure Modules on Verity471 Deliver Market-Disrupting Views of Threats Introducing Verity471: Cyber Threat Intelligence Ready to Operationalize FileFix Social Engineering Technique Guided Threat Hunts Takes Your Behavioral Threat Hunting to the Next Level Defending against doxing CVE-2025-53770 - Microsoft Sharepoint Mass Exploitation (ToolShell) Threat hunting case study: Lumma infostealer Pro-Russian hacktivism: Shifting alliances, new groups and risks mommy Access Broker NATO summit commences in tandem with tense cyber, kinetic conflict A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator Threat hunting case study: DragonForce Two critical challenges facing CTI teams and how to overcome them: Intel 471’s additional insights into the SANS 2025 CTI Survey Android malware trends: Stealthier, easier-to-use Fingerprinting threat actors by their anonymity techniques DanaBot malware disrupted, threat actors named Intel 471 brings HUNTER behavioral threat hunts to Google Security Operations SANS 2025 CTI Survey: It’s Business Time for Cyber Risk How an alleged Russian hacker slipped away Threat hunting case study: Medusa ransomware CVE-2025-31324 - SAP NetWeaver Vulnerability DragonForce Ransomware Managing a cyber crisis LabHost: A defunct but potent phishing service Understanding and threat hunting for RMM software misuse Threat-hunting case study: Windows Management Instrumentation abuse VanHelsing Ransomware An in-depth look at Black Basta's TTPs Six Key Takeaways From the SANS 2025 Threat Hunting Survey Update: Medusa Ransomware Writing high-quality IDS detection rules Threat hunting case study: RMM software Update: LockBit Ransomware Zservers: Bulletproof hosting for online crime Update: Black Basta Ransomware and Threat Group Black Basta exposed: A look at a cybercrime data leak BadPilot Campaign The evolution of Russian cybercrime Android trojan TgToxic updates its capabilities Threat hunting case study: SocGholish DeepSeek AI poses cybersecurity risks Law enforcement hammered cybercrime in 2024. Is it working? Remote Monitoring and Management (RMM) Abuse How threat actors are using artificial intelligence Threat hunting case study: PsExec How ransomware may trend in 2025 What 2025 May Hold for Cybersecurity Bring Your Own Hunts to HUNTER ‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful Holiday Tactics Collecting Useful CTI from Underground Markets Expanding source coverage: adding Signal chats to threat intelligence
3 Factors Holding Back Threat Hunting Today
Intel 471 · 2020-03-26 · via Intel 471 Blog

Enterprises increasingly understand the benefits of proactively hunting for cyber threats lurking in their environments. According to a recent study by Cybersecurity Insiders, some 83% of security pros today think that threat hunting should be a major component of their security programs.

The trouble is that most organizations are just barely treading water to keep up with the security detection and response status quo, let alone transforming the way they hunt for threats.

That same study showed 70% of organizations admit that they don’t have adequate time to search for emerging and advanced threats in their security operation centers (SOC). More tellingly, only about 15% of SOC employees are involved in threat hunting in any capacity.

As we see it, there are three major factors that are holding back the progress that enterprises are trying to make on threat hunting today:

1. OVERABUNDANCE OF UNQUALIFIED INFORMATION

SOC analysts are drowning in low-quality, unvetted threat data. Dig into the typical threat intelligence feeds that vendors pump into SOCs today and you’ll find a laundry list of indicators of compromise (IOCs) chock full of IP addresses marked as malicious that have zero context around how, when, or why the IP was tagged as ‘bad.’ Because attackers constantly change their infrastructure and behaviors, these IOCs have a limited window of ‘freshness’ where that data remains relevant. Unfortunately, much threat intelligence today doesn’t add the context of this ‘decay model’ into the information streamed to analysts.

Not only does this increase the noise from false positives and false negatives, but generally makes it difficult for threat hunters to swiftly connect the dots between relevant clues generated by active threats in their environments.

2. OVERRELIANCE ON MACHINE LEARNING AND ARTIFICIAL INTELLIGENCE

Meantime, vendors across the cybersecurity world trump up the promise of machine learning (ML) and artificial intelligence (AI) as the magic wands to wave on this voluminous store of unqualified security data. The marketing spiel is that you can just let the ML/AI engine do the work of cleaning, normalizing, and contextualizing data.

The truth, though, is that ML/AI depends on algorithmic training to work right. And so, ML/AI is only as good as the data that gets fed into the models and rule sets, as well as the people designing the rule sets. Right now the technology is very rudimentary for threat hunting, and is likely to stay that way for a long time.

3. CYBERSECURITY SKILLS SHORTAGE

Keeping the limitations of ML/AI in mind, most cybersecurity veterans understand that the only way that we’re going to find the most acute and the most hidden advanced threats is through human-powered threat hunting. People are best able to adjust to the changing strategies of adversary, and by getting informed eyes on raw data it is possible to find the most relevant activity and follow the attack chain to find stealthy attacks. Great threat hunters are able to create their own custom content based on that data to drive their hunts. But the security skills shortage makes it impractical for every organization to build out teams of specialized experts who can dedicate the kind of time they need to develop that content and run threat hunting activity.

BREAKING THE CYBERSECURITY STATUS QUO

These blockers to threat hunting make it necessary for enterprises to look for an accelerant to break through the cybersecurity status quo. The threat hunting professionals at Cyborg believe the key ingredient to that accelerant is people-powered content that helps organizations contextualize unvetted threat intel and search activity in their environments using security tools they already have and the people they already have on staff in-house. With the right contextual content, organizations shouldn’t have to scramble to outsource threat hunting activities or hire legions of in-house threat hunters.

Download the Whitepaper!