Websense Finds Cyber-Crime Evidence by Analyzing Network Crash Data
Combining Windows error reports with application data, Websense analyzed crash patterns to find a previously unknown cyber-crime campaign targeting retailers.A research project aimed at detecting cyber-attacks by analyzing the application crash data has borne fruit. The technique, which uses the crash dumps created by the Windows operating system, helped unveil a cyber-crime campaign that targeted retailers, researchers from security firm Websense said on Feb. 19. Using the information created and submitted by Microsoft's Windows Error Reporting tool, also known as "Dr. Watson," researchers at Websense discovered that certain anomalous patterns are signs that an attacker is trying to exploit a vulnerability and inadvertently caused an application to crash, Alex Watson, director of security research at Websense, told eWEEK. "Instead of trying to identify a specific attack, we look for indicators that could be a sign of attacker activity," Watson said. "When we combine it with other intelligence, we get a picture of a possible campaign."
Application crashes are an all-too-frequent annoyance for computer users and developers alike. Yet security researchers view an application crash as a signal that a vulnerability exists in the software—a vulnerability that could be exploited to compromise the computer system. The technique gained widespread attention when documents leaked from the National Security Agency by former contractor Edward Snowden indicated that intelligence analysts had used the crash reports to identify applications that could potentially be exploited.