After every major data breach, the security community engages in a game of whodunit and attempts to figure out what entity or nation state carried out the attack. The North Koreans were behind the Sony breach, while China carried out the attack on the Office of Personnel Management (OPM). Meanwhile, hackers linked to the Iranian government hacked a small dam in New York as well as the networks of AT&T, Bank of America and the New York Stock Exchange, among other major U.S. businesses. And now Russia is being singled out for supporting hackers who infiltrated the Democratic National Committee’s computers and disclosed sensitive files and emails.To read this article in full or to leave a comment, please click here
Enterprises are fighting a cyber war against very sophisticated and highly organized adversaries. Yet companies still approach cybersecurity with a strictly defensive mindset. They operate under the belief that having the best defense will keep them safe from advanced adversaries. But attackers know how to break any defense, guaranteeing they’ll eventually infiltrate a company.Organizations need to approach security by thinking about how they can stop offense. How is this different from having a strong defense? When you’re stopping offense, you don’t stand on the sidelines waiting for an attacker to breach your network, hoping that the security measures you have in place will be enough to stop them.To read this article in full or to leave a comment, please click here
Enterprises are fighting a cyber war against very sophisticated and highly organized adversaries. Yet companies still approach cybersecurity with a strictly defensive mindset. They operate under the belief that having the best defense will keep them safe from advanced adversaries. But attackers know how to break any defense, guaranteeing they’ll eventually infiltrate a company.Organizations need to approach security by thinking about how they can stop offense. How is this different from having a strong defense? When you’re stopping offense, you don’t stand on the sidelines waiting for an attacker to breach your network, hoping that the security measures you have in place will be enough to stop them.To read this article in full or to leave a comment, please click here
During my conversations with security executives, a topic that consistently comes up is what, exactly, constitutes a modern hacking operation. Security professionals understand they’re no longer facing script kiddies who lack a comprehensive plan. However, they’re also not fully aware of how detail-oriented adversaries are when developing an attack campaign.Today’s hacking operations are well-organized and developed by well-funded teams of highly trained adversaries who have diverse experiences and backgrounds. In fact, attack planning is handled like a business operation and includes hiring plans, budgets and timelines.To help security professionals better understand the attacks they’re facing, I thought I’d share some of my observations on the work that goes into planning a hack.To read this article in full or to leave a comment, please click here
The advanced threats companies face require security teams have different characteristics than the backgrounds analysts typically have. However, most businesses hire security practitioners who have similar professional backgrounds and capabilities. Analysts usually have IT backgrounds, are taught to quickly resolve threats and work in an environment that doesn’t embrace speaking out when there’s a security incident.The adversaries, meanwhile, have a more evolved perspective on how to carry out hacking campaigns. Attack operations often include people who have a range of experiences. For example, to hack a bank, attackers will hire hacking experts as well as someone with deep knowledge about the financial services industry. Hacking teams often employ experts who have various technical capabilities to help them approach attacks in different ways and switch gears if one tactic isn’t working. Hackers realize that a more diverse team—and the mindset it brings—increases the likelihood of the attack’s success.To read this article in full or to leave a comment, please click here
The advanced threats companies face require security teams have different characteristics than the backgrounds analysts typically have. However, most businesses hire security practitioners who have similar professional backgrounds and capabilities. Analysts usually have IT backgrounds, are taught to quickly resolve threats and work in an environment that doesn’t embrace speaking out when there’s a security incident.The adversaries, meanwhile, have a more evolved perspective on how to carry out hacking campaigns. Attack operations often include people who have a range of experiences. For example, to hack a bank, attackers will hire hacking experts as well as someone with deep knowledge about the financial services industry. Hacking teams often employ experts who have various technical capabilities to help them approach attacks in different ways and switch gears if one tactic isn’t working. Hackers realize that a more diverse team—and the mindset it brings—increases the likelihood of the attack’s success.To read this article in full or to leave a comment, please click here
Having a military background, I tend to look at all security issues with the perspective of someone who’s served in the armed forces. That means using a thorough investigation process that doesn’t treat any action as accidental or an attack as a stand-alone incident and looking for links between seemingly unconnected events.This method is used by law enforcement agencies to investigate acts of terrorism, which, sadly, are happening more frequently. While terror attacks that have occurred in the physical world are making headlines, the virtual world is also under attack by sophisticated hackers. However, not much is said about the similarities between investigating both types of attacks or what security researchers can learn from their law enforcement counterparts. I’ve had this thought for awhile and, fearing that I’d be seen as insensitive to recent events, debated whether to write this blog. After much thought, I decided that the stakes are too high to remain silent and continue treating each breach as a one-off event without greater security implications.To read this article in full or to leave a comment, please click here
Lior Div