QOTD: It’s Not About the Who … It’s About the How

Attribution DiceFor the past few years there has been a big focus on attributing attacks. The government has always been in the game (but obviously keeping it close to the vest) and recently vendors have been getting into the action for marketing, PR, and threat intel sales purposes (thanks to Mandiant for starting that one). This trend has led to a lot of other organizations trying to attribute attacks against them as well. If I have one word of advice for most out there, it would be “STOP.”

For almost all but the very elite, trying to figure out the “who” is a waste of time. Even if you do pull together some semblance of the attacker, there is not much most can do besides maybe reporting it to the authorities. And depending on the level of the adversary, you may never hear anything back due to sensitivity or classification concerns.

The resources exhausted on trying to figure out the “who” are much better spent on understanding the “how” of each attack. Cross-referencing this understanding with other researched attacks surfaces trends that begin to solidify adversary TTPs organizations can use to do the one thing they should be focusing on — detecting and preventing future attacks.

Many in the threat intel community have been saying this exact same thing for a while but for the purposes of this article I am going to use @krypt3ia’s famous reference in his discussion of the Ashley Madison compromise. Enjoy!

“It’s not about the who… It’s about the how. Learn from the how and attempt to prevent it in the future” – @krypt3ia

#####

Today’s post pic is from Twitter.com. See ya!

5 comments for “QOTD: It’s Not About the Who … It’s About the How

  1. February 15, 2016 at 10:07 pm

    QOTD: It’s Not About the Who … It’s About the How https://t.co/DjKG6tLwOY https://t.co/9Yr4HyhJmR

  2. February 16, 2016 at 1:02 am

    BLOGGED: QOTD: It’s Not About the Who … It’s About the How https://t.co/CUOpYIXKjF

  3. February 16, 2016 at 7:30 am

    QOTD: It’s Not About the Who … It’s About the How https://t.co/DMYm6UzkMb #iSecNews

  4. February 16, 2016 at 9:57 am

    Channeling my inner @krypt3ia. -> QOTD: It’s Not About the Who … It’s About the How https://t.co/t1CnrtabXH https://t.co/lIT6HdIIBS

  5. February 16, 2016 at 2:14 pm

    More than just a quote though -> QOTD: It’s Not About the Who … It’s About the How https://t.co/t1CnrtabXH https://t.co/lIT6HdIIBS

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.