How to Identify a Cyber Adversary: Standards of Proof

In cybersecurity, attribution refers to identifying an adversary likely responsible for malicious activity.
It is typically derived from collating many types of information, including tactical or finished intelligence, evidence from forensic examinations, and data from technical or human sources.
Attribution and the public disclosure of attribution are not the same thing.
Attribution is the identification of a potential adversary organization, affiliation, and actor.
The decision to disclose that attribution publicly - through indictments, sanctions, embargos, or other foreign policy actions - is a desired outcome and instrument of national power.
Attribution of those activities was years in the making.
Standards of Proof When attributing a cyber incident to a threat actor, there are several standards of proof mechanisms at play.
One element of attribution - and particularly when deciding how to act upon the results of your analysis - is understanding the importance of confidence levels and probability statements.
Intelligence Standards In the intelligence community, Intelligence Community Directive 203 provides a standard process for assigning confidence levels and incorporating probability statements into judgements.
Judicial Standards Another factor is that intelligence assessments do not use the same standard of proof as the rules of evidence in judicial process.
The type of court system determines the level of proof you need to support your case.
The FBI, being both an intelligence agency and a law enforcement agency, may have to use intelligence standards, the judicial system, or both.
If a national security case results in an indictment, the DoJ must convert intelligence judgments to judicial standards of proof.
Technical Standards There are also technical indicators related to attribution.
Indicators must be assessed and constantly evaluated for relevancy as they have a half-life; otherwise, you will spend most of your time hunting down false positives.
Even worse, if they are not implemented properly, indicators can produce false-negative mindsets.
An indicator without context is often useless, as an indicator in one environment may not be found in another.
A good formula is: 1) an investigation produces artifacts, 2) artifacts produce indicators, 3) context is indicators accompanied by reporting, 4) the totality of the indicators can highlight tactics, techniques, and procedures, and 5) multiple TTPs show threat patterning over time.
Why Attribution Is Important Recently, a friend asked me why attribution matters.
A company can better defend itself from future aggression if they know 1) why they were attacked, 2) the likelihood of the attacker returning, 3) the goals of the attacker, and 4) the attacker's TTPs. Knowing who perpetrated an attack can also help remove uncertainty and help you come to terms with why it happened.


This Cyber News was published on www.darkreading.com. Publication date: Tue, 12 Mar 2024 14:05:26 +0000


Cyber News related to How to Identify a Cyber Adversary: Standards of Proof

Making the Law Accessible in Europe and the USA - Earlier this month, the European Union Court of Justice ruled that harmonized standards are a part of EU law, and thus must be accessible to EU citizens and residents free of charge. While it might seem like common sense that the laws that govern us ...
8 months ago Eff.org
How to Identify a Cyber Adversary: Standards of Proof - In cybersecurity, attribution refers to identifying an adversary likely responsible for malicious activity. It is typically derived from collating many types of information, including tactical or finished intelligence, evidence from forensic ...
8 months ago Darkreading.com
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
11 months ago Securityboulevard.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
9 months ago Securityzap.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
9 months ago Cyberdefensemagazine.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
10 months ago Scmagazine.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 month ago Cyberdefensemagazine.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles' - In other games, we had people from Silicon Valley who were leading AI companies or cyber companies. What we found is those who had expertise in cyber operations were more likely to be more nuanced about how they used the cyber capability. On a larger ...
5 months ago Therecord.media
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
7 months ago Cyberdefensemagazine.com
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
11 months ago Techrepublic.com
5 Ways to Counteract Increasing Cyber Insurance Rates - Despite this threat, only 55% of organizations have some form of cyber insurance, and only 19% have coverage for cyber events beyond $600,000. As the cybersecurity landscape continues to evolve, businesses must carefully evaluate their risk exposure ...
9 months ago Cybersecurity-insiders.com
Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
10 months ago Techrepublic.com
Meet Your New Cybersecurity Auditor: Your Insurer - As businesses deal with the fallout of massive ransomware waves, from Lapsus$ to Cl0p/MOVEit, an unlikely new entity is joining the regulatory bodies to raise the bar for cybersecurity: the cyber insurer. Their coverage requirements and ...
11 months ago Darkreading.com
Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
1 year ago Securityweek.com
AI Helps With the Implementation of Simulated Cyber Defense Techniques - We are going to emphasize the importance of using AI to simulate cyber threats to help both humans and machine learning tools prepare for them more effectively. To extend their understanding beyond conventional strategies, many organizations are now ...
10 months ago Feeds.dzone.com
Mississippi Creates New Cyber Unit and Names First Director - The state of Mississippi has recently announced the creation of a new dedicated cyber security unit, as well as the naming of its first director. The Mississippi Cyber Security Unit, headed by Director Kelly Hurst and backed by the Mississippi Office ...
1 year ago Securityweek.com
The Evolution of Cyber Threats: Past, Present, and Future - Cyber threats have evolved significantly over time, posing increasing risks to individuals, organizations, and governments in our interconnected world. Let's explore the past, present, and future of cyber threats to better understand how to protect ...
9 months ago Securityzap.com
Cybersecurity Standards vs Procedures vs Controls vs Policies - Four interrelated terms used in cybersecurity are Policies, Procedures, Standards, Guidelines, and Controls. Policies are at the top, Standards and Guidelines add detail to policies, Controls are the measured outcome of standards in use, and ...
9 months ago Securityboulevard.com
Cybersecurity Tops 2024 Global Business Risks - The newly released Allianz Risk Barometer revealed that Cyber incidents such as ransomware attacks, data breaches, and IT disruptions are the biggest worry for companies globally, as well as in the United States, in 2024. The 13th annual business ...
9 months ago Cybersecurity-insiders.com
Cyber Defense Magazine - The evolving landscape of cyber threats in our increasingly digital world calls for a strategic shift from traditional cybersecurity to a more encompassing and proactive approach: cyber resilience. Understanding the unique risk profile of your ...
9 months ago Cyberdefensemagazine.com
With Attacks on the Upswing, Cyber-Insurance Premiums Poised to Rise Too - An increase in cyber-insurance claims in 2023, driven by a more active threat landscape, will likely mean that last year's price plateau in cyber-insurance premium costs will be short-lived, according to industry experts. While premium costs fell by ...
10 months ago Darkreading.com
The top cyber security news stories of 2023 - 2023 was a busy year for cyber criminals, making it tough to choose the top cyber security news stories of 2023. Cyber security professionals have had their hands full in protecting sensitive information and detecting breaches to ensure the safety of ...
11 months ago Securityboulevard.com
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
9 months ago Cisa.gov
Avoid high cyber insurance costs by improving Active Directory security - Insurance broker and risk advisor Marsh revealed that US cyber insurance premiums rose by an average of 11% in the first quarter of 2023, and Delinea reported that 67% of survey respondents said their cyber insurance costs increased between 50% and ...
8 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)