DreamPirates DreamPirates

Connectors facilitates the collaboration between cybersecurity professionals and vendors. Its immersive virtual event platform provides every facet

Author : balmu
Publish Date : 2021-03-28 19:09:25
Connectors facilitates the collaboration between cybersecurity professionals and vendors. Its immersive virtual event platform provides every facet

Connectors facilitates the collaboration between cybersecurity professionals and vendors. Its immersive virtual event platform provides every facet


https://etrakit.sumtercountyfl.gov/eTRAKiT3/zfdsg/video-israel-v-sco-li-fi-usgs-021213.html?
https://etrakit.sumtercountyfl.gov/eTRAKiT3/zfdsg/video-israel-v-sco-li-fi-usgs-082131.html?
https://etrakit.sumtercountyfl.gov/eTRAKiT3/zfdsg/video-israel-v-sco-li-fi-usgs-0412321.html?
https://etrakit.sumtercountyfl.gov/eTRAKiT3/zfdsg/video-israel-v-sco-li-fi-usgs-0523131.html?
https://etrakit.sumtercountyfl.gov/eTRAKiT3/zfdsg/video-israel-v-sco-li-fi-usgs-0621654.html?

After any major attack or malicious campaign such as the one that SolarWinds disclosed last December, the tendency is to focus on the who-did-it, rather than the what-happened or the what-can-we-learn-from-it. That's a problem for a couple of reasons.

The first is that attack attribution is difficult. Threat actors often employ a variety of techniques to conceal the origins of their malware. The second is that knowing who the attacker is is less important than knowing what you need to do to prevent becoming the next victim.

By focusing only on where malware attacks are coming from, you are forgetting to take into account the nature of past attacks and what you can learn from them. Here's what your team needs to know, so you can increase your cyber resilience.

1. Modern compilers make code analysis a challenge
Previously, you would look for hints in the code itself to see if there was anything that would point to an attacker, likely by doing a Bayesian analysis to generate a probability of where the code originated. Then, you would look at the source code, the binaries, the subroutines, the sequence of instructions, and the language embedded in the code to get an idea of where the malware might have originated.

With today's modern optimizing compilers, however, it has become almost impossible to do that kind of analysis. Everything is moved around and hidden, and things have gotten fuzzier.  

2. Comments in language or messages are not good indicators
Tags and the language and variable names in the code can give you an idea of who might have written it. But the reality is that attackers can easily put tags and misleading language in the malicious code that is not their own just to distract defenders and point them in a different direction.

A threat actor can easily put comments in Russian to make it look as though the code originated from a Russian entity, and Farsi or some other Middle Eastern language could make it look like the malware came from the Middle East. So you can't go by those clues anymore.  

Another complicating factor is the hacker that attacked your organization could be using code purchased from a threat actor in another country. Players in Russia, China, and other countries sell their malware to different entities, who then weaponize and use the malware in attacks. The reality is that attackers are getting smarter and are not doing dumb things.

Attackers also often reuse and share codebases, so it can be hard to attribute a particular piece of malware to a specific threat actor with any certainty. Some compilers have time stamps that are put into the code, but with globalization, the code could be assembled anywhere. So you can't depend on the stamps or any of the license information in the compiler code.

You can take a look at whom the malware is talking with—the command and communication path. What is the C2 path, where is it going, and what is the termination node? The problem is that it's not easy to trace back through multiple layers. How do you know the attackers are not using multiple compromised machines for C2 communications?

You could always look to see if somebody is taking credit for an attack. But that doesn't prove anything. Hackers have a tendency to take credit for things just to build a reputation.

3. Past tactics should be included in analysis but are often overlooked
You can learn a lot by looking at the style and nature of past attacks. Past tactics can and should be included in analysis but are often overlooked. For example, threat actors from Russia have a tendency to go after infrastructure components such as water filtration systems, the power grid, and the transportation grid for an entire country. In general, their focus is on infrastructure-layer attacks that are designed to create widespread disruption.

The Chinese, on the other hand, are always in it for the long game. Once they get their malware in place on a network, they might not activate it until much later. Their goal is always to gather information and not necessarily to disrupt things. For attackers in the Middle East, the focus is more on ransomware and disruption of services to make money.

Focus on the acts, not the bad actors
At the end of the day, when it comes to becoming more cyber resilient, it doesn't matter who hacked you. It's only in very rare cases that you are going to be able to hold them accountable. So it's better to concentrate on stopping them and preventing the attacks instead. Who did it is far less relevant than how it was done, so focus on what was stolen and how. 

Look at the science behind it and what you can learn from it so you don't allow the same thing to happen to you again. And be careful about attribution. If you blame one entity and it was someone else, are you just lying to yourself?

Keep learning
Home in on what matters with TechBeacon's the State of SecOps Guide, and get the free 2020/21 State of SecOps Report.

Join this discussion on March 9 with CTO Stephan Jou on how behaviorial analytics can help prevent supply chain attacks. 

Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.

Learn lessons from this Webinar discussion on cyber resilience in the age of COVID-19.

Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.

Now, a year into the pandemic, and with a vaccine rollout likely in the near future, their strategy continues to attract international attention. ABC News looked at the pitfalls and merits of their approach in May last year, and a year later, the evidence shows that now, as much as ever, their unique approach offers invaluable lessons to the international community for living in the long term with COVID-19.
After any major attack or malicious campaign such as the one that SolarWinds disclosed last December, the tendency is to focus on the who-did-it, rather than the what-happened or the what-can-we-learn-from-it. That's a problem for a couple of reasons.

The first is that attack attribution is difficult. Threat actors often employ a variety of techniques to conceal the origins of their malware. The second is that knowing who the attacker is is less important than knowing what you need to do to prevent becoming the next victim.

By focusing only on where malware attacks are coming from, you are forgetting to take into account the nature of past attacks and what you can learn from them. Here's what your team needs to know, so you can increase your cyber resilience.

1. Modern compilers make code analysis a challenge
Previously, you would look for hints in the code itself to see if there was anything that would point to an attacker, likely by doing a Bayesian analysis to generate a probability of where the code originated. Then, you would look at the source code, the binaries, the subroutines, the sequence of instructions, and the language embedded in the code to get an idea of where the malware might have originated.

With today's modern optimizing compilers, however, it has become almost impossible to do that kind of analysis. Everything is moved around and hidden, and things have gotten fuzzier.  

2. Comments in language or messages are not good indicators
Tags and the language and variable names in the code can give you an idea of who might have written it. But the reality is that attackers can easily put tags and misleading language in the malicious code that is not their own just to distract defenders and point them in a different direction.

A threat actor can easily put comments in Russian to make it look as though the code originated from a Russian entity, and Farsi or some other Middle Eastern language could make it look like the malware came from the Middle East. So you can't go by those clues anymore.  

Another complicating factor is the hacker that attacked your organization could be using code purchased from a threat actor in another country. Players in Russia, China, and other countries sell their malware to different entities, who then weaponize and use the malware in attacks. The reality is that attackers are getting smarter and are not doing dumb things.

Attackers also often reuse and share codebases, so it can be hard to attribute a particular piece of malware to a specific threat actor with any certainty. Some compilers have time stamps that are put into the code, but with globalization, the code could be assembled anywhere. So you can't depend on the stamps or any of the license information in the compiler code.

You can take a look at whom the malware is talking with—the command and communication path. What is the C2 path, where is it going, and what is the termination node? The problem is that it's not easy to trace back through multiple layers. How do you know the attackers are not using multiple compromised machines for C2 communications?

You could always look to see if somebody is taking credit for an attack. But that doesn't prove anything. Hackers have a tendency to take credit for things just to build a reputation.

3. Past tactics should be included in analysis but are often overlooked
You can learn a lot by looking at the style and nature of past attacks. Past tactics can and should be included in analysis but are often overlooked. For example, threat actors from Russia have a tendency to go after infrastructure components such as water filtration systems, the power grid, and the transportation grid for an entire country. In general, their focus is on infrastructure-layer attacks that are designed to create widespread disruption.

The Chinese, on the other hand, are always in it for the long game. Once they get their malware in place on a network, they might not activate it until much later. Their goal is always to gather information and not necessarily to disrupt things. For attackers in the Middle East, the focus is more on ransomware and disruption of services to make money.

Focus on the acts, not the bad actors
At the end of the day, when it comes to becoming more cyber resilient, it doesn't matter who hacked you. It's only in very rare cases that you are going to be able to hold them accountable. So it's better to concentrate on stopping them and preventing the attacks instead. Who did it is far less relevant than how it was done, so focus on what was stolen and how. 

Look at the science behind it and what you can learn from it so you don't allow the same thing to happen to you again. And be careful about attribution. If you blame one entity and it was someone else, are you just lying to yourself?

Keep learning
Home in on what matters with TechBeacon's the State of S



Category : world

MicrosoftAI-100 Exam Questiosn PDF

MicrosoftAI-100 Exam Questiosn PDF

- Certified Application Associate SAP Certified Application Associate - SAP SuccessFactors Performance and Goal Management 1H/2020 Exam of their variety.


Did nuclear spy devices in the Himalayas trigger India floods

Did nuclear spy devices in the Himalayas trigger India floods

- Jezero is thought to have held a giant lake billions of years ago And where theres been water theres the possibility there might also have been life of Mars


44 percent of game developers say Covid-19 pandemic has caused game delays

44 percent of game developers say Covid-19 pandemic has caused game delays

- 44 percent of game developers say Covid-19 pandemic has caused game delays Even more developers cite delays this year than last year.


Do You Know About Paper Magazines?

Do You Know About Paper Magazines?

- If youre interested in popular culture and fashion, youve probably heard of Paper Magazines. This New York City-based publication is a leading source