Cybercrime is criminal activity committed with computers and/or over a network, such as the Internet. The computer may have been used in the commission of a crime, or it may be the victim of a crime. Cybercrime countermeasures aim to prevent or mitigate the effects of a cyber attack against a computer, server, network or associated device.
A number of countermeasures exist that can effectively combat cybercrime and improve security. The RSA CyberCrime Intelligence Service, for example, from EMC Corporation of Hopkinton, Mass., provides information on corporate machines, network resources, access credentials, business data, and email correspondence that may have been compromised by malware (collectively referred to herein as compromised enterprise information). The exfiltration of information can then be controlled, for example, by severing communication between malware-infected resources and drop zones (where a fraudster aggregates stolen data from infected hosts).
Such countermeasure products typically process specific organizational information in large general data repositories containing largely unstructured information retrieved from such drop zones. Thus, searches and queries on the large data repositories are typically focused to predefined criteria for every specific customer (enterprise) and generate reports for these customers about compromised information of their employees and resources (to enable corporate Information Technology (IT) to identify and sanitize infected hosts). Most of the data for the countermeasure products, however, is not being analyzed or clustered in a wider scope that can be leveraged for expanding countermeasure products and services:
A need therefore exists for improved techniques for analyzing and processing large data repositories containing largely unstructured information relating to compromised enterprise information.