Experts recommend enterprises refocus their time and resources on cyber resilience rather than waste time and resources on in-house investigation of a cyber attack
Sometimes, during the onset of a cyber-threat, companies begin to search for the responsible threat group or the irresponsibility of a particular in-house resource. Identifying and locating cyber criminals is difficult as they use a variety of techniques to hide their malware sources. Even if the threat actors are revealed, and the company is determined to seek justice alone, it would not prevent further threats.
A recent Security Signals report revealed that security teams are spending most of their time and efforts on identifying and responding to the attacker rather than investing in prevention. Over 80 percent of enterprises have been the victims of a firmware attack in the last two years yet only 29 percent of security funds are invested in protection. Some companies believe that by figuring out the source of the problem, they can arrive at better solutions. But with the growth of sophisticated attacks, it might not be possible right now.
There was a time when a Bayesian analysis could help organizations find traces of suspicion in the code that might identify the point of origin. They could also analyze the source code, subroutines, binaries, instruction sets, and the kind of language algorithm rooted into the code for better learning. The technique could wash out the cover-ups and leave the malware exposed.
Unfortunately, the Bayesian analysis is no longer reliable. Today’s modern compilers with their complex nature, make it impossible for the analysis method to uncover information. Moreover, indicators such as variable names, language, and tags that could flesh out information of the source code are no longer dependable.
With advanced technology, threat actors have better methods of masking their code. For instance, they can add comments in various languages like Arabic or Mandarin leaving their victims hunting for a Middle Eastern or Chinese threat hacker. Meanwhile, it is also possible that the code was purchased from another threat group in another country.
Hackers also reuse or share their codebases with other threat actors making it hard to pin down a specific malware to a specific threat group or individual. While a timestamp can be derived from the compiler, it could have been assembled anywhere. Ergo, depending on the license information might also lead to a dead end. Enough said, cyber actors are sophisticated in their working system and avoid making mistakes or leaving clues behind to get traced.
Experts believe the goal should always be to become more resilient, indicating that who attacked is far less important than how they managed to do it and what information has been leaked. To ensure further cyber inactivity could analyze the nature of previous threats, and gather insights as a learning. Experts suggest an assessment of the cyber environment and penetration testing at regular, short intervals.
Given the current threat, resources and operations scenario, neither investing in uncovering the attackers nor revisiting security once a year are viable options anymore.
For more such updates follow us on Google News ITsecuritywire News.