DreamPirates DreamPirates

developing increasingly large supertankers — a trend that, ironically, led ships to swell to the size of the stranded Ever Given.

Author : balmu
Publish Date : 2021-03-28 20:04:08
developing increasingly large supertankers — a trend that, ironically, led ships to swell to the size of the stranded Ever Given.

developing increasingly large supertankers — a trend that, ironically, led ships to swell to the size of the stranded Ever Given.


http://tcggala.org/nses/video-river-plate-v-racing-club-v-es-ar-7qqb-y011.html?
http://tcggala.org/nses/video-river-plate-v-racing-club-v-es-ar-7qqb-y012.html?
http://tcggala.org/nses/video-river-plate-v-racing-club-v-es-ar-7qqb-y013.html?
http://tcggala.org/nses/video-river-plate-v-racing-club-v-es-ar-7qqb-y014.html?
http://tcggala.org/nses/video-river-plate-v-racing-club-v-es-ar-7qqb-y015.html?

After any major attack or malicious campaign such as the one that SolarWinds disclosed last December, the tendency is to focus on the who-did-it, rather than the what-happened or the what-can-we-learn-from-it. That's a problem for a couple of reasons.

The first is that attack attribution is difficult. Threat actors often employ a variety of techniques to conceal the origins of their malware. The second is that knowing who the attacker is is less important than knowing what you need to do to prevent becoming the next victim.

By focusing only on where malware attacks are coming from, you are forgetting to take into account the nature of past attacks and what you can learn from them. Here's what your team needs to know, so you can increase your cyber resilience.

1. Modern compilers make code analysis a challenge
Previously, you would look for hints in the code itself to see if there was anything that would point to an attacker, likely by doing a Bayesian analysis to generate a probability of where the code originated. Then, you would look at the source code, the binaries, the subroutines, the sequence of instructions, and the language embedded in the code to get an idea of where the malware might have originated.

With today's modern optimizing compilers, however, it has become almost impossible to do that kind of analysis. Everything is moved around and hidden, and things have gotten fuzzier.  

2. Comments in language or messages are not good indicators
Tags and the language and variable names in the code can give you an idea of who might have written it. But the reality is that attackers can easily put tags and misleading language in the malicious code that is not their own just to distract defenders and point them in a different direction.

A threat actor can easily put comments in Russian to make it look as though the code originated from a Russian entity, and Farsi or some other Middle Eastern language could make it look like the malware came from the Middle East. So you can't go by those clues anymore.  

Another complicating factor is the hacker that attacked your organization could be using code purchased from a threat actor in another country. Players in Russia, China, and other countries sell their malware to different entities, who then weaponize and use the malware in attacks. The reality is that attackers are getting smarter and are not doing dumb things.

Attackers also often reuse and share codebases, so it can be hard to attribute a particular piece of malware to a specific threat actor with any certainty. Some compilers have time stamps that are put into the code, but with globalization, the code could be assembled anywhere. So you can't depend on the stamps or any of the license information in the compiler code.

You can take a look at whom the malware is talking with—the command and communication path. What is the C2 path, where is it going, and what is the termination node? The problem is that it's not easy to trace back through multiple layers. How do you know the attackers are not using multiple compromised machines for C2 communications?

You could always look to see if somebody is taking credit for an attack. But that doesn't prove anything. Hackers have a tendency to take credit for things just to build a reputation.

3. Past tactics should be included in analysis but are often overlooked
You can learn a lot by looking at the style and nature of past attacks. Past tactics can and should be included in analysis but are often overlooked. For example, threat actors from Russia have a tendency to go after infrastructure components such as water filtration systems, the power grid, and the transportation grid for an entire country. In general, their focus is on infrastructure-layer attacks that are designed to create widespread disruption.

The Chinese, on the other hand, are always in it for the long game. Once they get their malware in place on a network, they might not activate it until much later. Their goal is always to gather information and not necessarily to disrupt things. For attackers in the Middle East, the focus is more on ransomware and disruption of services to make money.

Focus on the acts, not the bad actors
At the end of the day, when it comes to becoming more cyber resilient, it doesn't matter who hacked you. It's only in very rare cases that you are going to be able to hold them accountable. So it's better to concentrate on stopping them and preventing the attacks instead. Who did it is far less relevant than how it was done, so focus on what was stolen and how. 

Look at the science behind it and what you can learn from it so you don't allow the same thing to happen to you again. And be careful about attribution. If you blame one entity and it was someone else, are you just lying to yourself?

Keep learning
Home in on what matters with TechBeacon's the State of SecOps Guide, and get the free 2020/21 State of SecOps Report.

Join this discussion on March 9 with CTO Stephan Jou on how behaviorial analytics can help prevent supply chain attacks. 

Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.

Learn lessons from this Webinar discussion on cyber resilience in the age of COVID-19.

Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.

Now, a year into the pandemic, and with a vaccine rollout likely in the near future, their strategy continues to attract international attention. ABC News looked at the pitfalls and merits of their approach in May last year, and a year later, the evidence shows that now, as much as ever, their unique approach offers invaluable lessons to the international community for living in the long term with COVID-19.
After any major attack or malicious campaign such as the one that SolarWinds disclosed last December, the tendency is to focus on the who-did-it, rather than the what-happened or the what-can-we-learn-from-it. That's a problem for a couple of reasons.

The first is that attack attribution is difficult. Threat actors often employ a variety of techniques to conceal the origins of their malware. The second is that knowing who the attacker is is less important than knowing what you need to do to prevent becoming the next victim.

By focusing only on where malware attacks are coming from, you are forgetting to take into account the nature of past attacks and what you can learn from them. Here's what your team needs to know, so you can increase your cyber resilience.

1. Modern compilers make code analysis a challenge
Previously, you would look for hints in the code itself to see if there was anything that would point to an attacker, likely by doing a Bayesian analysis to generate a probability of where the code originated. Then, you would look at the source code, the binaries, the subroutines, the sequence of instructions, and the language embedded in the code to get an idea of where the malware might have originated.

With today's modern optimizing compilers, however, it has become almost impossible to do that kind of analysis. Everything is moved around and hidden, and things have gotten fuzzier.  

2. Comments in language or messages are not good indicators
Tags and the language and variable names in the code can give you an idea of who might have written it. But the reality is that attackers can easily put tags and misleading language in the malicious code that is not their own just to distract defenders and point them in a different direction.

A threat actor can easily put comments in Russian to make it look as though the code originated from a Russian entity, and Farsi or some other Middle Eastern language could make it look like the malware came from the Middle East. So you can't go by those clues anymore.  

Another complicating factor is the hacker that attacked your organization could be using code purchased from a threat actor in another country. Players in Russia, China, and other countries sell their malware to different entities, who then weaponize and use the malware in attacks. The reality is that attackers are getting smarter and are not doing dumb things.

Attackers also often reuse and share codebases, so it can be hard to attribute a particular piece of malware to a specific threat actor with any certainty. Some compilers have time stamps that are put into the code, but with globalization, the code could be assembled anywhere. So you can't depend on the stamps or any of the license information in the compiler code.

You can take a look at whom the malware is talking with—the command and communication path. What is the C2 path, where is it going, and what is the termination node? The problem is that it's not easy to trace back through multiple layers. How do you know the attackers are not using multiple compromised machines for C2 communications?

You could always look to see if somebody is taking credit for an attack. But that doesn't prove anything. Hackers have a tendency to take credit for things just to build a reputation.

3. Past tactics should be included in analysis but are often overlooked
You can learn a lot by looking at the style and nature of past attacks. Past tactics can and should be included in analysis but are often overlooked. For example, threat actors from Russia have a tendency to go after infrastructure components such as water filtration systems, the power grid, and the transportation grid for an entire country. In general, their focus is on infrastructure-layer attacks that are designed to create widespread disruption.

The Chinese, on the other hand, are always in it for the long game. Once they get their malware in place on a network, they might not activate it until much later. Their goal is always to gather information and not necessarily to disrupt things. For attackers in the Middle East, the focus is more on ransomware and disruption of services to make money.

Focus on the acts, not the bad actors
At the end of the day, when it comes to becoming more cyber resilient, it doesn't matter who hacked you. It's only in very rare cases that you are going to be able to hold them accountable. So it's better to concentrate on stopping them and preventing the attacks instead. Who did it is far less relevant than how it was done, so focus on what was stolen and how. 

Look at the science behind it and what you can learn from it so you don't allow the same thing to happen to you again. And be careful about attribution. If you blame one entity and it was someone else, are you just lying to yourself?

Keep learning
Home in on what matters with TechBeacon's the State of SecOps Guide, and get the free 2020/21 State of SecOps Report.

Join this discussion on March 9 with CTO Stephan Jou on how behaviorial anal



Category : world

"Mama was sick with normal diseases she did not die of Covid-19,” a family spokesman Sheik Musa Ismail said, adding that she had tested

"Mama was sick with normal diseases she did not die of Covid-19,” a family spokesman Sheik Musa Ismail said, adding that she had tested

- "Mama was sick with normal diseases she did not die of Covid-19,” a family spokesman Sheik Musa Ismail said, adding that she had tested


Steam will no longer crash for the few people who own over 25,000 games

Steam will no longer crash for the few people who own over 25,000 games

- There are currently just over 51,000 games on Steam—but it turns out that, until recently, the client was prone to crashing


hip veered, though they were affected by the same wind, and were steaming through the same canal water. The ship ahead, the Cosco Galaxy,

hip veered, though they were affected by the same wind, and were steaming through the same canal water. The ship ahead, the Cosco Galaxy,

- hip veered, though they were affected by the same wind, and were steaming through the same canal water. The ship ahead, the Cosco Galaxy,


Death Stranding and Metal Gear composer leaves Kojima Productions

Death Stranding and Metal Gear composer leaves Kojima Productions

- Composer Ludvig Forssell has announced that hes leaving his position as audio director at Kojima Productions. Future collaborations