For years security experts have wrestled with the importance of hacker attribution, namely because it is difficult to achieve. But Avivah Litan, a featured speaker at Information Security Media Group's Fraud and Breach Prevention Summit in New York on Aug. 8, says attribution is taking on new importance, as traditional methods of determining attack risk and detection linked to indicators of compromise are no longer effective.
"Hacker attribution means that you identify the actual hackers that are conducting the attacks, instead of just their tools - and any other indicator that they have of compromise," says Litan, a financial fraud and cybersecurity expert at consultancy Gartner, during this interview with ISMG. "And the reason why that's important is because they launch multiple attacks with different techniques. If you know who the criminal is, either digitally or even personally - but mainly digitally - then you can create a digital footprint of that hacker himself or the gang itself, and you can preempt the attack, no matter what technique the hacker decides to use."
That's important because tracking malware, for instance, is becoming increasingly less effective, because malware is widely sold in underground forums, is mass produced and modified and is no longer easily linked to a single hacker or cybercrime ring. The emergence of crimeware-as-a-service has helped to fuel this transition.
"If you start taking down all the tools and techniques, they'll just keep coming up with new tools and techniques," Litan says. "If you can stop 5,000 out of 100,000 criminals, you're much better off than stopping none of them. And that's why private industry has to cooperate. Because private industry has all the data. They're the ones getting attacked; and if law enforcement has that information [about the attacker], they can build a better case and do richer forensic activity that will lead them to the actual people who committed the crime."
During this interview [audio link below picture above], Litan also discusses:
- The two types of hacker attribution;
- How indicators of compromise and attribution are both related and different;
- How to make attribution useful to potential victims and targets.
To learn more about how to register for the New York Fraud and Breach Prevention Summit, visit the event registration page.
Litan is a vice president and distinguished analyst at Gartner Research. Her areas of expertise include endpoint security, security analytics for cybersecurity and fraud, user and entity behavioral analytics, insider threats, fraud detection, and prevention and identity proofing.