Identifying And Discouraging Determined Attackers

  /     /     /  
Publicated : 22/11/2024   Category : security


Identifying And Discouraging Determined Attackers


Enterprises are finding ways to identify targeted attackers and give them fits. Heres how



[The following is excerpted from Identifying and Discouraging Determined Attackers, a new report posted this week on Dark Readings
Advanced Threats Tech Center
.]
George S. Patton said, Nobody ever defended anything successfully -- there is only attack and attack and attack some more. So, is it possible to strike back at your attackers? And more importantly, is it the sensible thing to do?
Strike back, active defense and hack back are terms being used to describe an active response to continuous attacks and breaches. The nature of these responses -- and whether they should incorporate an offensive component -- is a gray area. These measures can range from reconfiguring defenses ahead of a predicted attack to sending threatening emails, filing lawsuits, operating cyber espionage campaigns and launching cyber attacks of your own.
No matter what the response, you have to first determine where attacks are originating from, who is behind them and what they are looking to achieve. However, the nature of cybercrime makes 100% accurate attribution virtually impossible. Knowing exactly who or what to deter is very difficult in cyberspace, as attackers use proxy servers and compromised computers to disguise the origins of their attacks.
Does fighting back make good business sense? Any form of threat deterrence should be evaluated just like any other business activity: You must weigh the costs involved against the damage and losses the organization is incurring from the attacks. Many organizations wont have the in-house skills needed to carry out this kind of intelligence, so outside experts will often need to be hired.
What are the longer-term benefits and risks? While disrupting an adversarys operations may give a temporary sense of satisfaction, theres no evidence as yet that it provides long-term protection for Internet-connected systems.
Indeed, accurately evaluating the possible benefits of threat deterrence is hampered by the lack of hard evidence that using aggressive tactics actually does stop hackers. Those who have implemented strike-back capabilities are unlikely to share their experiences, particularly if they are using potentially illegal methods. Also, the effectiveness of a particular approach will depend very much on the type of adversary faced, and any strike back may provoke further, more destructive attacks. Situations where retaliation and force are used have a tendency to escalate hostilities.
Sending emails warning of prosecution is unlikely to be effective, while sending malicious attachments is fraught with legal problems. There have been reports of physical violence being used, with one company claiming that its representatives visited perpetrators with baseball bats. This form of deterrence, even if it does occur, isnt really practical if the perpetrators are based, say, a 12-hour flight away. And an enterprise isnt really in a position to send heavies to visit the local Chinese Embassy.
A denial-of-service attack could occupy an attackers human and physical resources, putting it on the defensive. Most organizations are short on IT resources already, though, even without taking on this kind of questionable activity. Strike back doesnt scale, either, as it would be exhausting to respond to each and every attack, while concentrating solely on one suspected adversary will leave network defenses undermanned to deal with attacks from elsewhere. Taking out a command and control server would hamper an attackers ability to deliver and manage attacks, but C&C servers are usually compromised machines belonging to legitimate users and businesses.
Some enterprises believe that hacking back is an option as long as nobody finds out. The Commission on the Theft of American Intellectual Property even believes that if the damage from malicious hacking continues at current levels, the government should consider allowing American companies to counterattack. A survey of 181 delegates at Black Hat 2012 found that more than a third had already engaged in some form of retaliation against hackers. Concerns about cyber vigilantism havent deterred financiers from investing in active defense firms, either; is a hacker really going to sue for unauthorized access?
Although cybercriminals can effectively hide behind the very laws they flout, legislation allowing companies to effectively build private cyber armies is unlikely. This means there is a real risk that certain types of counterattack cross the line between defending oneself and being a vigilante. Computer hacking is broadly defined as intentionally accessing a computer without authorization or exceeding authorized access, and laws covering computer crimes have been enacted in countries around the world.
Lack of attribution could easily lead to the equivalent of collateral damage -- an attack could take down important systems and cause more chaos and damage than any hacker.
To find out more about your options for active defense -- and what can be done legally to discourage determined attackers --
download the free report
.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Identifying And Discouraging Determined Attackers