The Cyber Security Whodunnit: Challenges In Attribution Of Targeted Attacks - GADGETS AND INNOVATIONS

Breaking

GADGETS AND INNOVATIONS

Updates On Latest Technology Innovation In Every Walk Of Life Apps Accessories Appliances Gadgets & More

Ad

Post Top Ad

Responsive Ads Here

Post Top Ad

Responsive Ads Here

Thursday, October 4, 2018

The Cyber Security Whodunnit: Challenges In Attribution Of Targeted Attacks



When discussing the latest targeted attack campaign, the question invariably arises, “Who was behind it?” It’s a simple question, but one which has become increasingly difficult and complex to answer.

Attribution of cyber attacks has never been an exact science. Security researchers typically cluster attack incidents together and try to attribute them to known attack groups based on similarity of digital fingerprints, such as code similarities, shared tools and shared infrastructure. However, attribution using such methods is becoming increasingly difficult with the trend of attackersliving off the land,” eschewing custom tools in favor of using standard operating system features and off-the-shelf tools to compromise their targets. There’s also the classic problem of attackers inserting false flags including purposeful misdirection, obfuscation, and fake clues designed to mask their identities.

Despite these challenges, attribution remains an important part of attack analysis. By tying activity to specific groups, we start to see patterns of behavior that allow us to better understand the attackers’ motivation, their target profile, and the assets they’re pursuing. Generating this intelligence is critical to protecting our customers, as well as assisting law enforcement, an area where Symantec has a significant history.

But there are limits to how far we can go with attribution. Even if we can tie specific incidents to a known attack group, identifying who or what organization is directing or funding that activity is not in the scope or focus of what we do. This level of attribution requires the substantial resources and access to information that is generally available only to law enforcement or government intelligence agencies.

These agencies have demonstrated growing success in this area, such as the U.S. government attributing the 2016 election interference campaigns to the Russian government. More recently, the Department of Justice filed charges against a North Korean hacker for the WannaCry attacks and other campaigns. This outcome was achieved through collaboration with members of the security industry, including Symantec. Symantec regularly supports and collaborates with law enforcement and intelligence agencies by sharing our attack data to support their investigations.

https://d.adroll.com/cm/aol/out?advertisable=ZMJFZ7YTD5HNZPHNKXDHTYhttps://d.adroll.com/cm/outbrain/out?advertisable=ZMJFZ7YTD5HNZPHNKXDHTYhttps://d.adroll.com/cm/pubmatic/out?advertisable=ZMJFZ7YTD5HNZPHNKXDHTY
Our focus continues to be on researching the methods, tools, and techniques used by targeted attackers so that we can develop entirely new capabilities to protect our customersSymantec’s Targeted Attack Analytics is just one recent example of a new innovation we’ve developed to help customers to automate the discovery of entirely new and sophisticated attacks. 

Symantec has the largest civilian threat collection network in the world, giving our researchers unparalleled visibility across the entire threat landscape of the Cloud Generation. We encourage you to check back to Symantec's blog platform to get regular updates on our research and innovative new protection capabilities in the future.



No comments:

Post a Comment

Subscribe To Comment

Note: Only a member of this blog may post a comment.

Post Top Ad

Responsive Ads Here