Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cybercrime, Cyber Espionage Tactics Converge
Newest First  |  Oldest First  |  Threaded View
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
2/25/2015 | 11:51:22 AM
Re: Good coverage of useful data points as usual, but...
Hi there, Stephen. Thanks so much for sharing your thoughts. I thought Ryan Kazanciyan of Mandiant did a good job in my interview with him providing a measured analysis of the data & the report. I completely agree with your point that we only know what we know about the real attacks and groups out there. Reports like Mandiant's are really helpful in providing a good snapshot of the attacks/groups they are seeing in their breach investigation cases. But as you note, they are one org's perspective. 
Sara Peters
Sara Peters,
User Rank: Author
2/25/2015 | 11:06:50 AM
compounding the problem...
Good stuff, Kelly! Attribution is extra complicated by the fact that these tactics are converging, and compounding the problem is the fact that the nature of the criminals themselves are changing. For the longest time, any time people said "Chinese hackers," the assumption was that they were backed by or working for the government. Now we know that there are financially motivated hacking groups in China that probably have nothing to do with the nation-state.
User Rank: Apprentice
2/25/2015 | 2:51:59 AM
Good coverage of useful data points as usual, but...
I appreciate your coverage of these observations Kelly -- would that other journalists knew this subject area as wel as you do -- yet I worry that the lack of solid data on the true nature and extent of both cyber crime and cyber espionage is even greater than we acknowledge.

Useful as reports based on investigated incidents are, they are just that: the incidents seen by a specific entity, or group of entities in the case of the much anticipated Verizon DBIR. They can tell us some important things, but generalizing from them is fraught with danger, as is the urge to treat them as longitudinal studies.

To be fair to the authors of many of these studies, they include statistical disclaimers. But I think all of us are tempted to say things like "there were X% more of attack type Y this year than last" without including the qualifying factors (like "among cases that happened to be brought to our attention", as opposed to "as experienced by the same sample of organizations that we polled last year"). 

I really appreciated Mandant sharing their encounter "dormant artifacts from a previous compromise". That tells us we didn't have a complete picture before. I doubt we have one now.

Stephen Cobb

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-11-28
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
PUBLISHED: 2021-11-28
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
PUBLISHED: 2021-11-27
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
PUBLISHED: 2021-11-26
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via C...
PUBLISHED: 2021-11-26
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious...