We came across an interesting article that addresses new strategies in defending against cybercrime attacks, by focusing on identifying the hackers themselves, as opposed to the malware. Companies such as CrowdStrike and Trend Micro look to profile the hackers and unveil their identity, as well as the identity of their infrastructure suppliers. The article states that even if the hackers are identified, it is unlikely that they will be arrested. But, we’ll take shutting down a hacker and his support system nonetheless.
Even if you learn the name and get a photo of the Chinese hacker sitting behind the keyboard and siphoning your valuable intellectual property, it’s unlikely to lead to his arrest. But there are ways to use that information to put the squeeze on the attacker and his sponsors.
After years of focusing mainly on the malware used in data breaches and financially motivated hacks, some security experts have begun to turn the spotlight on the attacker himself, attempting to profile the bad actors stealing your blueprints or customer credit card numbers, or leaking your usernames and passwords on Pastebin. Leading that charge is CrowdStrike, the startup that aims to aggressively profile, target, and, ultimately, help unmask sophisticated cyberattackers.
Trend Micro also has been drilling down on the characteristics of different types of attackers, recently profiling the East Asian cyberespionage attacker versus the Eastern European cybercrime attacker. This shift toward getting to know the enemy behind the malware is a new way to put up better defenses from these inevitable attacks.
Just some choice quotes/content I liked… [email protected]
“… the best way to beat the APT is incident-response and least-privilege user controls.” True least privilege is hard! That’s why no one does it.
“So how can you use intelligence about the bad guy targeting you to better protect your organization?”
- If it’s sponsored by someone, find out the organization and sue them.
- Use deception by planting phoney data…
- Publicize the hacker or group to drive them out of business.
- Learn their kill chain and disrupt it or at least make it much more resource-intensive for them.
- Apply pressure to the resources the attackers depend on (e.g., ISPs, hosting companies, and payment providers).
Do you think identifying the hackers is worth it? Post your comments below. Today’s post pic is from BBB.org.