Abstract
Millions of computers worldwide run security software that is deeply interfaced with the operating system and has almost unlimited visibility on the system running it. Many IT-security companies collect data from the installed instances of their products: telemetry. While the main motivation is to enhance the detection quality of the security software, the same data can be used to gain insights into the operations of attackers and sometimes even about their origin. This chapter explains what types of data can be obtained and how they support attribution.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Microsoft: Using Windows Defender telemetry to help mitigate malware attacks. In: MIcrosoft IT Showcase (2016). http://web.archive.org/web/20170901145212/https://www.microsoft.com/itshowcase/Article/Content/782/Using-Windows-Defender-telemetry-to-help-mitigate-malware-attacks. Accessed 1 Sept 2017
Symantec: Monatsbericht. In: Security Response-Veröffentlichungen. https://www.symantec.com/de/de/security_response/publications/monthlythreatreport.jsp. Accessed 3 Sept 2017
Gudkova, D., Vergelis, M., Demidova, N. and Shcherbakova, T.: Spam im Jahr 2016. In: Securelist (2017). https://de.securelist.com/kaspersky-security-bulletin-spam-and-phishing-in-2016/72383/. Accessed 3 Sept 2017
McAfee: McAfee Labs threats-report April 2017. In: McAfee Reports. https://www.mcafee.com/de/resources/reports/rp-quarterly-threats-mar-2017.pdf. Accessed 3 Sept 2017
Marsh, S.: US joins UK in blaming Russia for NotPetya cyber-attack. In: The Guardian (2017). https://www.theguardian.com/technology/2018/feb/15/uk-blames-russia-notpetya-cyber-attack-ukraine. Accessed 26 Dec 2019
Symantec Security Response: WannaCry-Ransomware attacks show strong links to Lazarus group. In: Symantec Offical Blog (2017). https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group. Accessed 3 Sept 2017
Insikt Group: North Korea is not crazy. In: The RecordedFuture Blog (2017). http://web.archive.org/web/20170817185506/https://www.recordedfuture.com/north-korea-cyber-activity/. Accessed 2 Sept 2017
United States District Court for the Central District of California: United States of America v. Park Jin Hyok (2018). https://www.justice.gov/opa/press-release/file/1092091/download. Accessed 10 Dec 2019
Zetter, K.: Researchers say they uncovered Uzbekistan hacking operations due to spectacularly bad OPSEC. In: Motherboard (2019). https://www.vice.com/amp/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec. Accessed 28 Dec 2019
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2020 Springer-Verlag GmbH Germany, part of Springer Nature
About this chapter
Cite this chapter
Steffens, T. (2020). Telemetry—Data from Security Products. In: Attribution of Advanced Persistent Threats. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-61313-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-662-61313-9_7
Published:
Publisher Name: Springer Vieweg, Berlin, Heidelberg
Print ISBN: 978-3-662-61312-2
Online ISBN: 978-3-662-61313-9
eBook Packages: Computer ScienceComputer Science (R0)