Home Cyber Situational Awareness Virtualized Cyberspace Example: Visualizing Three WPScan Events in Near Real Time

Virtualized Cyberspace Example: Visualizing Three WPScan Events in Near Real Time

6443
0
SHARE
WPScan 2017-08-09 at 3.46.15 PM
WPScan 2017-08-09 at 3.46.15 PM

Here is an example of flying in virtualized cyberspace in near real time, looking at risks while enjoying cup of coffee, and quickly noticing a pattern of three cyber objects. After selecting these objects we can see that all three are on the same IP subnet and all three ran WPScan against the website. Of course, the visualization showed the objects on the same subnet before confirming with a mouse click.

WPScan is a black box WordPress vulnerability scanner and these types of scans are normal and not particularly interesting. But this particular case, the “attacker” is running a WordPress vulnerability scan against a non-WordPress website. This means it is probably not a well targeted scan and more-than-likely not a serious threat.

However, I was not in a particularly forgiving mood during that cyber run so I selected one of the nodes with a quick click of the mouse and blocked the entire subnet:

iptables -A INPUT -s 208.100.26.235/24 -j DROP  # “United States” RiskScore: 6/21 UnixTime: 1502268301

This provides a pretty clear example how virtualizing cyberspace provides strong visual clues to the naked eye that helps us quickly protect cyberspace from potential cyber attacks.