Which hacker group is attacking your corporate network? Don’t guess, check!

[harlan4096]

We have released a new solution that provides businesses with code similarity analysis and gives technical evidence for APT attribution.

About four years ago, cybersecurity became a pawn in geopolitical games of chess. Politicians of all stripes and nationalities wag fingers at and blame each other for hostile cyberespionage operations, while at the same time — seemingly without irony — enlarging their own countries’ offensive cyberweaponstools.

And caught in the crossfire of geopolitical shenanigans are independent cybersecurity companies, which have the ability, and the nerve, to uncover this very dangerous tomfoolery.

But, why? It’s all very simple.

First, “cyber” is and has been a cool/romantic/sci-fi/Hollywood/glamorous term since its inception. It also sells — not just products but press. It’s popular, including with politicians. And it’s a handy distraction, given its coolness and popularity, when distraction is something that’s needed, which is often.

Second, “cyber” is really techy. Most folks don’t understand it. As a result, the media, when covering anything to do with it, and always seeking more clicks on their stories, are able to print all manner of things that aren’t quite true (or are completely false), but few readers notice. So what you get are a lot of stories in the press stating that this or that country’s hacker group is responsible for this or that embarrassing or costly or damaging or outrageous cyberattack. But can any of it be believed?
 

We stick to technical attribution. It’s our duty and what we do as a business.

Generally, it’s hard to know what to believe. Given that, is it actually possible to accurately attribute a cyberattack?

The answer is in two parts:

From a technical standpoint, cyberattacks possess an array of particular characteristics, but impartial system analysis thereof can only go so far in determining how much an attack looks like it’s the work of this or that hacker group.

However, whether the hacker group might belong to Military Intelligence Sub-Unit 233, the National Advanced Defense Research Projects Group, or the Joint Strategic Capabilities and Threat Reduction Taskforce (none of which exists, to save you Googling them) … that is a political issue, and there, the likelihood of factual manipulation approaches 100%. Attribution goes from being technical, evidence-based, and accurate to … well, fortune-telling. So, we leave that to the press. We stay well away.

Meanwhile, curiously, the percentage of political flies dousing themselves in the fact-based ointment of pure cybersecurity grows several-fold with the approach of key political events. Oh, just like the one that’s scheduled to take place in five months’ time!
 

Knowing the identity of one’s attacker makes fighting it much easier: An incident response can be rolled out smoothly and with minimal risk to the business.

So yes, political attribution is something we avoid. We stick to the technical side; in fact, it’s our duty and what we do as a business. And we do it better than anyone, I might modestly add. We keep a close watch on all large hacker groups and their operations (600+ of them), and pay zero attention to what their affiliation might be. A thief is a thief and should be in jail. And now, finally, more than 30 years since I started out in this game, after collecting nonstop so much data about digital wrongdoing, we feel we’re ready to start sharing what we’ve got — in a good way.

Just the other day, we launched an awesome new service for cybersecurity experts. It’s called the Kaspersky Threat Attribution Engine. It analyzes suspicious files and determines from which hacker group a given cyberattack comes. Knowing the identity of one’s attacker makes fighting it much easier: It enables informed countermeasures. Decisions can be made, a plan of action can be drawn up, priorities can be set out, and on the whole an incident response can be rolled out smoothly and with minimal risk to the business.
...

Continue Reading