This morning I ran a quick Google Trends look at three types of vulnerabilities: buffer overflows, SQL injections and cross-site scripting (XSS). The results are interesting to me, though certainly no shock.
You can view the graphs and data here.
What we see are spikes of interest in injections while both XSS and buffer overflow searches remain about the same level as they have for the last year or so. This is of course, no surprise, given the recent spate of injection compromises, defacements and malware attacks. What is interesting to me is the news graph. I did not think it would be so quite so spiky. There are a number of places where mentions in the press of both injections and XSS spike heavily. That is really good news, because it means that the mainstream press is covering those topics to a larger extent. The more mainstream press coverage the issues get, theoretically, the more awareness there should be of the topic.
Also interesting to me is that Indonesia shows up as the largest source for searches in injection and Malaysia is number 7. In XSS, Indonesia shows up at number 7, while Malaysia does not make the list. More than likely these search results are good indicators of the research and work involved between both countries in their “hacking war”, a sort of online cyber-conflict that has been taking place for the last few years without much mainstream media attention.
South Korea shows up on all of the lists as a popular source of search activity around the vulns, and some of the other countries on the list that should be drawing interest are Iran, Israel and India. Obviously, some groups in these countries are building some cyber capabilities, as they are searching on enough data to be listed. This brings up some interesting questions.
With detail analysis over long periods, perhaps this data would be useful for tracking the growth of capabilities in a given locale? Also, from a corporate security stance, is there any way that the data could be used in the short term to provide a focal lens for risk management? How could analysis of short term data be used to “forecast” potential areas of trouble in the near future? Does increased research of a topic area correlate with near future attack increases in that particular vulnerability family?
Further study into gaining intelligence from Google Trends is needed. There just might be a way to tap it for insight into emerging patterns and a deeper understanding of attack type prevalence and other indicators of underground strategic changes. Only time will tell how much power we can wring from this juicy cache of information. In the meantime, play with it a bit and see what interesting stuff you can find.