This is an 11 page white paper that goes through the current challenges faced by researchers to attribute cyber attacks.
It goes through the current techniques such as,
- Timestamps
- Strings, debug and metadata
- Malware families, code reuse
- Threat infrastructure used
It also present some of the most advance APT’s and their potential origin and techniques believed to have been used by them to thwart the attribution process by researches.
The most revealing conclusion is that cyber attribution is a difficult process that cannot ever legitimate a counter attack.
https://securelist.com/files/2016/10/Bartholomew-GuerreroSaade-VB2016.pdf
One Comment Add yours