Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Who Cares Whos Behind A Data Breach?
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 3   >   >>
GonzSTL
GonzSTL,
User Rank: Ninja
2/24/2015 | 8:39:15 AM
Re: Motive
I realize that you are not discrediting attribution, as no serious security professional really would. I do agree with you that the early finger pointing thing can be an awful distraction. Unfortunately, media coverage puts as great an emphasis on this as they do on the breach itself, even to the point of sharing and sometimes leading the headline. As a society, this is what we have been accustomed to seek from the news. Bad news sells, and we want to know who the bad guys are. This is a serious distraction that can divert valuable resources towards the effort to discover who the perpetrators are, which of course detracts from the primary goals of the incident response team, particularly in smaller organizations. It can also lead to flawed incident response if improper assumptions are made based on the known modus operandi of the suspected intruder. A valid argument can be made that an initial attempt to identify the intruder can help analyze what happened in that the team can look for indicators of the attack, but it is better to leave this out of the public until after the investigation has been completed. Correct attribution however, is a small consolation after the fact, but unfortunately does not necessarily lead to successful prosecution of the attacker.
Kerstyn Clover
Kerstyn Clover,
User Rank: Moderator
2/23/2015 | 10:54:47 PM
Re: Motive
You're correct, and my intent wasn't to completely discredit attribution as a piece of maturing your incident response/security program internally. Just to put the emphasis on your "secondary" phrasing, and to perhaps try to push away from rapid finger-pointing in the initial days after an incident. When evidence is there and trustworthy the effort is certainly worth it; however, I've also encountered many cases where effort and resources are best focused on other things first and attribution later if at all.
Kerstyn Clover
Kerstyn Clover,
User Rank: Moderator
2/23/2015 | 10:44:03 PM
Re: Owning the consequences
You're spot on. One of the other things on my mind, but a bit out of my league to speak on is the idea of trying to wrap laws or legislation around these attacks if we do manage to pin down a source. Topic for someone else's blog, perhaps :)
Kerstyn Clover
Kerstyn Clover,
User Rank: Moderator
2/23/2015 | 10:42:08 PM
Re: Rod Sirling was right.
Oh, really? I've been slowly starting to watch the show but must not have come across that one yet. I'll be looking forward to it!
Kerstyn Clover
Kerstyn Clover,
User Rank: Moderator
2/23/2015 | 10:40:51 PM
Re: Motive
It certainly can be. As an internal process, it's important to look for indications of the origin of an attack if they're present and reliable. Especially if a certain actor is launching multiple attacks, correlation of these can start to paint a picture that helps to prepare for future attack attempts. My focus with this was really to discuss how much we tend to over-hype attribution, especially in the early moments after a breach and on the media. Pointing fingers preemptively and vocally isn't helpful, but you're right that it is certainly a piece of the puzzle in lessons-learned and maturing an incident response/defense program over time.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
2/23/2015 | 4:48:40 PM
Re: Motive
I would suspect that if you can identify who is responsble -- and make them accountable (e.g. disincent them frm doing doing it again) -- it would be extremely worth the effort. But that is the exception, not the rule, it would seem.
GangstaNerd
GangstaNerd,
User Rank: Apprentice
2/23/2015 | 1:49:33 PM
Re: Motive
The term "Prevention" never sits well with me because we all know we can only delay or deter attacks not prevent them.
Dr.T
Dr.T,
User Rank: Ninja
2/23/2015 | 12:28:14 PM
Re: Motive
I agree. That is how you build enough knowledge base to adapt to current environment and try to get ready for next set of waves for attacks. Without any experience you are actually in the dark and not knowing what to do even for simple preventive course of actions.
Dr.T
Dr.T,
User Rank: Ninja
2/23/2015 | 12:25:01 PM
Re: Motive
I agree, who need to know where it came from and what they of characteristics it has to be able to respond to similar future attacks.
Dr.T
Dr.T,
User Rank: Ninja
2/23/2015 | 12:22:51 PM
Re: Funny
Aliens most likely have no idea what cyberattack is. They mostly likely develop their services security in mind from group up and enjoying the life without any cyberattacks. :--))
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type=&quot;text&quot;` via a javascript &quot;Show Password&quot; button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn&acirc;&euro;&trade;t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file