Protecting Against State-Sponsored Cyber Hostilities
July 28, 2023
By Daniel Garrie, Rhea Siers and Sean Walsh
State-sponsored cyber hostilities are becoming more common and sophisticated as the world becomes increasingly connected and digital.
Accurately attributing these hostile activities is crucial to identifying the responsible parties and responding appropriately.
However, attributing cyber hostilities to specific state actors is fraught with difficulties and issues. Further, it presents significant challenges to cybersecurity professionals and governments, and the international community.
These particular attacks serve as a stark reminder of the urgent need to unravel the complexities surrounding state-sponsored cyber hostilities and develop effective strategies for preparation and defense.
Accordingly, this article explores the various problems that make attribution particularly complex in the context of state-sponsored cyber hostilities. Additionally, it provides several steps that in-house counsel and company stakeholders can take to protect themselves against them.
We need to distinguish between digital computing device-identifying attributes and the analog-identifying attributes of the people controlling the attacking computing device. Many victims of cyberattacks choose not to pursue the source of the attacks once the attacking malware has been
uncovered and corrected. Why take the time and cost to pursue the source of these attacks?
Hopefully, the victim has robust logging in place to track traffic from and to the internet as well as tracking internal traffic. State-sponsored or rogue privateers, despite their efforts to disguise themselves, all have their own unique tradecraft and tools, including their means of disguise.
By the victim exploiting this information from metadata logging, you will now have an immediate lead as to what malware you need to find in your network, and you will understand the source’s real immediate and long-term objectives.
In the event you need to bring legal action for damage caused to or theft of trade secrets from your network, you will need to establish the identity of the attacker. A working relationship with local, federal and international law enforcement will provide you with missing evidentiary links, and better enable you to map and establish at least a digital computing device identification.
To read the full article, go to Law360