Cyber attribution: Vigilance or distraction?

Cyber attribution is a process by which security analysts collect evidence, build timelines and attempt to piece together evidence in the wake of a cyberattack to identify the responsible organization/individuals. Cyber threat attribution stems from th… Continue reading Cyber attribution: Vigilance or distraction?

North Korea targets US, South Korean hospitals with ransomware to fund further cyber operations

US and South Korean agencies have issued a joint cybersecurity advisory describing the tactics, techniques and procedures used by North Korean hackers to deploy “state-sponsored” ransomware on hospitals and other organizations that can be c… Continue reading North Korea targets US, South Korean hospitals with ransomware to fund further cyber operations

Will cyber saber-rattling drive us to destruction?

As cyberattacks have grown increasingly destructive, nations are entertaining the idea of responding to them with conventional military forces. It is difficult to determine how serious countries are when they threaten “kinetic” responses to digital att… Continue reading Will cyber saber-rattling drive us to destruction?

Review: Group-IB Threat Intelligence & Attribution (TI&A)

Organizations and enterprises that care about business continuity should have an established security program that needs to be reviewed on a regular basis. One of the hardest parts of creating a security strategy is deciding how to allocate resources &… Continue reading Review: Group-IB Threat Intelligence & Attribution (TI&A)

State-backed hacking, cyber deterrence, and the need for international norms

As time passes, state-backed hacking is becoming an increasingly bigger problem, with the attackers stealing money, information, credit card data, intellectual property, state secrets, and probing critical infrastructure. While Chinese, Russian, North … Continue reading State-backed hacking, cyber deterrence, and the need for international norms

Connecting the dots to North Korea as a threat adversary

Reports of malware campaigns invariably focus on two critical conclusions: attribution and who was the intended target of the attack. It is challenging to draw swift conclusions on the former, due to the use of false flags designed to divert attention … Continue reading Connecting the dots to North Korea as a threat adversary

The great attribution debate: Why we should focus on HOW not WHO

Organisations often don’t understand what they need to be protecting themselves from when it comes to costly cyber-attacks. The threat landscape is becoming ever-more evolved and it’s now rare for a day to go by without a new form of attack… Continue reading The great attribution debate: Why we should focus on HOW not WHO

Can an international cyber convention ever succeed?

The Cold War is a distant memory for most, but today we see a new struggle for dominance on the global stage – with cyber weapons being the latest focal point. The advance of sophisticated social engineering means that small but skilled groups of cyber attackers now have the potential to do more damage to a country’s infrastructure than a physical military strike. Earlier this year, Brad Smith, President and Chief Legal Officer at Microsoft, … More Continue reading Can an international cyber convention ever succeed?

Could an independent NGO solve the problem of cyber attack attribution?

Cyber attack attribution is a necessary prerequisite for holding actors accountable for malicious cyber activity, but is notoriously difficult to achieve. Perhaps it’s time to create an independent, global organization that will investigate and publicly attribute major cyber attacks? The idea has been put forward by Paul Nicholas, director of Microsoft’s Global Security Strategy, at the NATO Cycon cybersecurity conference held in Tallinn last week. How would this organization work? According to the US nonprofit … More Continue reading Could an independent NGO solve the problem of cyber attack attribution?

Not all threat intelligence is created equal

In this podcast recorded at RSA Conference 2017, John Czupak, CEO at ThreatQuotient, and Jonathan Couch, Senior VP of Strategy at ThreatQuotient, talk about what’s important to know about the difference between threat intel versus threat intelligence platforms, how threat intelligence changed over the past few years, and much more. Here’s a transcript of the podcast for your convenience. Let’s get into this conversation. Couch, most people have heard of threat intelligence, but can you … More Continue reading Not all threat intelligence is created equal