Financially cripple you,” he said. “That is the implication of what a guilty verdict would mean here, is it would send a message to everyone that

financially cripple you,” he said. “That is the implication of what a guilty verdict would mean here, is it would send a message to everyone that

http://tcggala.org/nses/video-boca-v-inde-en-viv-ar11.html?
http://tcggala.org/nses/video-boca-v-inde-en-viv-ar12.html?
http://tcggala.org/nses/video-boca-v-inde-en-viv-ar13.html?
http://tcggala.org/nses/video-boca-v-inde-en-viv-ar14.html?
http://tcggala.org/nses/video-boca-v-inde-en-viv-ar15.html?

After any major attack or malicious campaign such as the one that SolarWinds disclosed last December, the tendency is to focus on the who-did-it, rather than the what-happened or the what-can-we-learn-from-it. That's a problem for a couple of reasons.

The first is that attack attribution is difficult. Threat actors often employ a variety of techniques to conceal the origins of their malware. The second is that knowing who the attacker is is less important than knowing what you need to do to prevent becoming the next victim.

By focusing only on where malware attacks are coming from, you are forgetting to take into account the nature of past attacks and what you can learn from them. Here's what your team needs to know, so you can increase your cyber resilience.

1. Modern compilers make code analysis a challenge
Previously, you would look for hints in the code itself to see if there was anything that would point to an attacker, likely by doing a Bayesian analysis to generate a probability of where the code originated. Then, you would look at the source code, the binaries, the subroutines, the sequence of instructions, and the language embedded in the code to get an idea of where the malware might have originated.

With today's modern optimizing compilers, however, it has become almost impossible to do that kind of analysis. Everything is moved around and hidden, and things have gotten fuzzier.  

2. Comments in language or messages are not good indicators
Tags and the language and variable names in the code can give you an idea of who might have written it. But the reality is that attackers can easily put tags and misleading language in the malicious code that is not their own just to distract defenders and point them in a different direction.

A threat actor can easily put comments in Russian to make it look as though the code originated from a Russian entity, and Farsi or some other Middle Eastern language could make it look like the malware came from the Middle East. So you can't go by those clues anymore.  

Another complicating factor is the hacker that attacked your organization could be using code purchased from a threat actor in another country. Players in Russia, China, and other countries sell their malware to different entities, who then weaponize and use the malware in attacks. The reality is that attackers are getting smarter and are not doing dumb things.

Attackers also often reuse and share codebases, so it can be hard to attribute a particular piece of malware to a specific threat actor with any certainty. Some compilers have time stamps that are put into the code, but with globalization, the code could be assembled anywhere. So you can't depend on the stamps or any of the license information in the compiler code.

You can take a look at whom the malware is talking with—the command and communication path. What is the C2 path, where is it going, and what is the termination node? The problem is that it's not easy to trace back through multiple layers. How do you know the attackers are not using multiple compromised machines for C2 communications?

You could always look to see if somebody is taking credit for an attack. But that doesn't prove anything. Hackers have a tendency to take credit for things just to build a reputation.

3. Past tactics should be included in analysis but are often overlooked
You can learn a lot by looking at the style and nature of past attacks. Past tactics can and should be included in analysis but are often overlooked. For example, threat actors from Russia have a tendency to go after infrastructure components such as water filtration systems, the power grid, and the transportation grid for an entire country. In general, their focus is on infrastructure-layer attacks that are designed to create widespread disruption.

The Chinese, on the other hand, are always in it for the long game. Once they get their malware in place on a network, they might not activate it until much later. Their goal is always to gather information and not necessarily to disrupt things. For attackers in the Middle East, the focus is more on ransomware and disruption of services to make money.

Focus on the acts, not the bad actors
At the end of the day, when it comes to becoming more cyber resilient, it doesn't matter who hacked you. It's only in very rare cases that you are going to be able to hold them accountable. So it's better to concentrate on stopping them and preventing the attacks instead. Who did it is far less relevant than how it was done, so focus on what was stolen and how. 

Look at the science behind it and what you can learn from it so you don't allow the same thing to happen to you again. And be careful about attribution. If you blame one entity and it was someone else, are you just lying to yourself?

Keep learning
Home in on what matters with TechBeacon's the State of SecOps Guide, and get the free 2020/21 State of SecOps Report.

Join this discussion on March 9 with CTO Stephan Jou on how behaviorial analytics can help prevent supply chain attacks. 

Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.

Learn lessons from this Webinar discussion on cyber resilience in the age of COVID-19.

Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.

Now, a year into the pandemic, and with a vaccine rollout likely in the near future, their strategy continues to attract international attention. ABC News looked at the pitfalls and merits of their approach in May last year, and a year later, the evidence shows that now, as much as ever, their unique approach offers invaluable lessons to the international community for living in the long term with COVID-19.
After any major attack or malicious campaign such as the one that SolarWinds disclosed last December, the tendency is to focus on the who-did-it, rather than the what-happened or the what-can-we-learn-from-it. That's a problem for a couple of reasons.
Can I take painkillers before or after a COVID-19 vaccine?

Don’t take them before a shot to try to prevent symptoms, but if your doctor agrees, it’s OK to use them afterward if needed.

The concern about painkillers is that they might curb the very immune system response that a vaccine aims to spur. Vaccines work by tricking the body into thinking it has a virus and mounting a defense against it. That may cause temporary arm soreness, fever, muscle aches or other symptoms of inflammation — signs the vaccine is doing its job.

Some research suggests that certain painkillers including ibuprofen (Advil, Motrin and other brands) might diminish the immune system's response. A study on mice suggests these drugs might lower production of antibodies, which block the virus from infecting cells.

Other research has found that painkillers might dampen the response to some childhood vaccines, so many pediatricians recommend that parents avoid giving children the medicines before a shot and only if needed afterward, said Dr. William Schaffner, an infectious disease expert at Vanderbilt University.

The U.S. Centers for Disease Control and Prevention recently updated its guidance to recommend against painkillers before a COVID-19 shot. It says they can be taken afterward for symptoms if you have no other medical conditions precluding their use, but to talk to your doctor.

If you’re already taking one of those medications for a health condition, you should not stop before you get the vaccine — at least not without asking your doctor, said Jonathan Watanabe, a pharmacist at the University of California, Irvine.

If you’re looking to relieve symptoms after your shot, he added, acetaminophen (Tylenol) is better because it works in a different way than some other painkillers.

“If you have a reaction afterwards and need something, take some acetaminophen,” Schaffner agreed. He added that the immune response generated by the vaccines is strong enough that any dampening effect by painkillers is likely slight and won’t undermine the shots.

The CDC offers other tips, such as holding a cool, wet washcloth over the area of the shot and exercising that arm. For fever, drink lots of fluids and dress lightly. Call your doctor if redness or tenderness in the arm increases after a day or if side effects don’t go away after a few days, the CDC says
After any major attack or malicious campaign such as the one that SolarWinds disclosed last December, the tendency is to focus on the who-did-it, rather than the what-happened or the what-can-we-learn-from-it. That's a problem for a couple of reasons.

The first is that attack attribution is difficult. Threat actors often employ a variety of techniques to conceal the origins of their malware. The second is that knowing who the attacker is is less important than knowing what you need to do to prevent becoming the next victim.

By focusing only on where malware attacks are coming from, you are forgetting to take into account the nature of past attacks and what you can learn from them. Here's what your team needs to know, so you can increase your cyber resilience.

1. Modern compilers make code analysis a challenge
Previously, you would look for hints in the code itself to see if there was anything that would point to an attacker, likely by doing a Bayesian analysis to generate a probability of where the code originated. Then, you would look at the source code, the binaries, the subroutines, the sequence of instructions, and the language embedded in the code to get an idea of where the malware might have originated.

With today's modern optimizing compilers, however, it has become almost impossible to do that kind of analysis. Everything is moved around and hidden, and things have gotten fuzzier.  

2. Comments in language or messages are not good indicators
Tags and the language and variable names in the code can give you an idea of who might have written it. But the reality is that attackers can easily put tags and misleading language in the malicious code that is not their own just to distract defenders and point them in a different direction.

A threat actor can easily put comments in Russian to make it look as though the code originated from a Russian entity, and Farsi or some other Middle Eastern language could make it look like the malware came from the Middle East. So you can't go by those clues anymore.  

Another complicating factor is the hacker that attacked your organization could be using code purchased from a threat actor in another country. Players in Russia, China, and other countries sell their malware to different entities, who then weaponize and use the malware in attacks. The reality is that attackers are getting smarter and are not doing dumb things.

Attackers also often reuse and share codebases, so it can be hard to attribute a particular piece of malware to a specific threat actor with any certainty. S