(Image: file photo)
There are two things certain in life -- "death" and "taxes," they say. There's a third, thanks to the security community, and that is "nothing is unhackable."
Look no further than the recent massive cyberattack, which crippled hundreds of thousands of computers in dozens of countries, paralyzing hospitals, car plants, and banks across the world. The WannaCry ransomware attack was by far the most public, international, and widescale cyberattack in just a few months, following in the footsteps of the US internet outage led by an army of thousands of badly-secured internet-connected devices.
In both cases, questions remain who's responsible for these two major attacks. Look a little further back, and many other major hacks and cyberattacks remain vague, or entirely unattributed. Hackers already have a wealth of tools to cover their tracks, and without a body of evidence -- unlike at a crime scene -- it almost impossible at the best of times to know who was behind an attack.
That's what security researchers call the "attribution problem," in that security researchers and forensics aren't always sure who's behind an attack, making it difficult -- if not impossible -- to launch a response, or a retaliatory strike.
And sometimes things can be far from what they first seem.
Case in point: Symantec researchers on Thursday discovered what they thought was a nation-state actor, using highly sophisticated malware and techniques typically employed by a government, but was in fact a low-level cyber-criminal, who was just out to make a few bucks. In other words, what could've easily have been the Russian government turned out to be a fairly amateur individual.
It was a rare win for researchers, when in reality the effort to pin the blame is "rarely conclusive," said Cristiana Kittner, a senior analyst at cybersecurity firm FireEye.
"Even with copious amounts of data, it is incredibly difficult to find that one smoking gun," he said.
That's because rarely is the successful attribution of an attack as clear cut and as simple as this one hapless hacker, who was caught in part by inadvertently leaving an evidence trail -- including his real name -- across the internet. Russian security firm Kaspersky has too noted that the use of open source and readily available tools has in part made detection and attribution "almost impossible."
"Much depends on the attacker's 'opsec' practices if they can be identified based on the used tools and procedures," said Timo Laaksonen, who heads cybersecurity firm F-Secure's Americas business, in an email.
Simply put: if the hacker or attacker is sloppy, it can be easier to pin the blame -- and strike back.
But that all that changed when US spy agency, the National Security Agency, lost control of its hacking tools last year and were posted online for anyone to use.
Unknown hackers -- nation state or lone wolf hackers -- took those tools and infected thousands of computers with one of the agency's backdoor tools -- then, on a quiet, unassuming day in mid-May, used that backdoor channel to deliver the WannaCry ransomware on those infected computers. By the time the attack hit, Microsoft had already patched the bulk of the exploits that were published, but there's a looming threat that more tools could soon leak -- opening a whole new can of worms as to whether or not the agency should disclose its entire arsenal of hacking tools to the vendors, in order to prevent another WannaCry-style situation.
Who was behind one of the most disruptive and lengthy cyberattacks in modern history?
Thought to the be the biggest ransomware attack of its kind, the WannaCry ransomware was only successful thanks to the NSA losing control of its key hacking tools. (Image: file photo)
Some said it was North Korea, who was also officially blamed for the 2014 attack on Sony (even if experts remained divided and skeptical of the seemingly positive attribution), following the studio's release of a controversial movie about the country's young despotic leader, Kim Jong-un.
Security researchers said that the WannaCry code was also used by North Korean hackers, known as the Lazarus Group, and that seemed to be a conclusive link that many blindly accepted.
But a tangential connection isn't proof. Adam Meyers, VP of Intelligence at cybersecurity firm CrowdStrike, which had diligently monitored the attack, said that attribution was still a long way off.
"Analysts have reviewed all of the hard data associated with WannaCry -- they reverse engineered the code, analyzed the linguistics of the ransom notes, reviewed the victimology, and the infrastructure used for command and control -- and none of these things say they are explicitly linked to a specific adversary," he said.
Laaksonen too said that there was nothing to "ever conclusively" pinning the nation state to the attack.
It's no wonder the government isn't rushing to conclusions or taking any chances.
When asked about who was behind the attack, Homeland Security adviser Tom Bossert told reporters: "We don't know," admitting that attribution "can be difficult."
The simple reality is that now anyone with nation state hacking tools can launch their own nation state-type attack with relative ease. Given that the tools were designed to keep one of the world's most elusive spy agency's activities secret, it's no wonder the government hasn't declared any one adversary responsible. Without a firm sense of who was behind what, holding those accountable for hacks and cyberattacks is impossible -- or worse, misguided and misdirected against a group or state with no connection whatsoever.
"Attribution might get to a point that we are careless enough to be misled by it. People are quick to jump on conclusions and sometimes it seems attribution is being used for political or marketing purposes," said Laaksonen
"It's no longer a science, it's seems to be a rush to the finish line," he added.
from Latest Topic for ZDNet in... http://ift.tt/2rIxbyr
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.