Summary: While America marvels at the festival of trivia and miscellany that was Campaign 2016, we had the breakout year for cybercrime. It gets headlines, mostly about delusional stories which the media credulously accept (e.g., the March 2014 OPM hack was “a decisive instrument of warfare.”). Here is another in a series about this new form of crime and conflict, for those who wish to learn about this force shaping the 21st century.
Advanced persistent threats (APT) give an unauthorized user access to a system, often for an extended period of time, without being detected. This gives hackers access to sensitive data.
By Emilio Iasiello.
From LookingGlass Cyber Solutions, transforming the art of threat intelligence.
19 December 2016. Posted with their gracious permission.
Now that APT reports have been exposed, the “thrill” of discovering and calling out suspected nation state actors engaged in clandestine cyber activity has become almost routine. Excitement over what was once considered a difficult thing to do (detecting “advanced” cyber adversaries) is now expected. And therein lies the problem. The rush to attribute and increase marketing visibility in the wake of such incidents has taken the place of adding value through the exchange of actionable information.
As a result, the cybersecurity community appears to be at an almost breakneck speed in producing APT reports. Certainly, the research that is offered to the public under the auspices of information sharing provides some proficient technical analysis and indicators of compromise that can help organizations detect if similar activity is occurring against their networks. But what is the real benefit of revealing to the world what is known? Does it capitalize on the business marketplace?
One security vendor intimated that there appears to be a direct correlation in the decline of suspected nation state hacking and private company earnings. This was perceived to be the case when a particular company’s decline in stock performance occurred at the same time a certain nation state was hacking less frequently. Then three months later, the same company noted a spike in stock value when another nation state’s alleged hacking efforts surfaced and became prominent in the news. While based on very limited evidence, the bottom line message appears to be clear: many of these reports seem to serve as more of a marketing resource – if not more – than information sharing.
According to a security researcher, one of the driving factors behind the growth in reporting is the inherent marketing value (they provide sound bites and quotes for computer security-related, cable, and even network news, particularly when they name “who” was behind such activities), which translates to sales. (“Do APT reports hurt more than they help?“)