April 24, 2014
Darien Kindlund, with the cyber security firm FireEye, posted a blog note on Tuesday with the title above. He writes, “with the release this week of Verizon’s Data Breach Investigations Report (DBIR), “it is clear that the cyber security landscape is once again experiencing a drastic change in the type of [cyber] attacks that are threatening organizations’ intellectual property, financial, and customer data.”
Mr. Kindlund writes, “in response to this change, this year’s report [DBIR], added a critical new tactic for addressing the advanced threat [cyber] landscape organizations’ are operating in today — examining incident patterns. As attackers have already shifted their strategies, the cyber defense industry is too — now, moving away from a model built on identifying and remediating single attacks towards one where threat actors and their behaviors are identified and blocked globally.”
As examples of this changing threat landscape and the new tactics needed, FireEye contributed forensic data from three advanced [cyber] attack campaigns in 2013:
— Operation Deputy Dog: A [cyber] targeting campaign targeting organizations in Japan that began in August 2013 and, upon behavioral analysis by FireEye systems.
— Operation Ephemeral Hydra: Acting from attack certain infrastructures shared with the DeputyDog campaign, as well as code shared with the Remote Access Tool used in the Bit9 compromise, this campaign took advantage of an Internet Explorer zero-day to compromise visitors of a website focused on U.S. and international security.
— The Sunshop Campaign: Targeting a range of victims through the sites of the Korean military and strategy think tanks and a science technology journal, FireEye was able to link the campaign to a group responsible for attacking the Nobel Peace Prize Committee’s website in 2010.
“In all three of these advanced attacks, behavioral analysis conducted by FireEye’s researchers — using data from the FireEye Dynamic Threat Intelligence cloud, allowed the company to provide Verizon the context behind the attacks and the patterns that identify the perpetrators. Ultimately, FireEye was able to tie two of the attacks together and attribute one to a similar attack from three years prior. This involved creating a new paradigm in the [cyber] security practice, where real-time information sharing of malicious network behaviors between organizations is commonplace,” wrote Mr. Kindlund.
“What we saw from these attacks and countless others,” he concluded, “is that, given the pace and stealth at which threat actors move today, organizations will need to rely less on traditional signatures and defenses, and more on intelligence. Including this new intelligence information in this year’s DBIR — is a great step towards recognizing this new paradigm and will certainly accelerate the fight against advanced attackers.” V/R RCP
No comments:
Post a Comment