Wave Your False Flags! Deception Tactics Muddying Attribution - CTI Summit 2017

Подробнее о видео

Register for the 2018 Cyber Threat Intelligence Summit:

Wave Your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks
So, you’re a threat intel shop? You want to have the beat on that ‘sophisticated’ group attacking your clients? Good luck with that. The days of lifting a couple of relevant IOCs, googling around, and writing a fancy report with solid attribution are long gone. Today’s APT actors are well aware of compilation timestamps and command-and-control infrastructure reuse and some of them value nothing more than to lead researchers astray. Investigators have had an increasingly difficult time finding reliable and agreed upon metrics for attributing attacks. Recent debates over the accuracy and usefulness of attribution keep touching upon the possibility that attackers may be manipulating indicators. Rather than continue to discuss the ‘theoretical’ possibility of false flags, we will present never before revealed, real-world examples of these operations. APT groups have in fact been following published research and are using the information they glean to throw researchers off their trail. The final aim is to discuss the relevancy of attribution in the commercial and government sectors and to insist on curbing the appeal of ‘sexy attribution claims’ in the threat intelligence space in favor of actionable intelligence.

Brian Bartholomew (@Mao_Ware), Senior Security Researcher, Kaspersky Lab – GreAT

Brian has 15 years of experience in cyber espionage operations, reverse engineering, penetration testing, and incident response. Before joining GReAT, he worked at iSIGHT Partners, the US Department of State, and also spent 3 years in the United Arab Emirates.

Juan Andrés Guerrero-Saade (@juanandres_gs), Senior Security Researcher, Kaspersky Lab – GreAT

Juan Andrés joined GReAT in 2014 to focus on targeted attacks. Before joining Kaspersky, he worked as Senior Cybersecurity and National Security Advisor to the President of Ecuador. Juan Andrés comes from a background of specialized research in Philosophical Logic. His last publication was titled The Ethics and Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage.