14 DAY TRIAL // A new report released on Wednesday by FireEye, “Digital Bread Crumbs: Seven Clues To Identifying Who’s Behind Advanced Cyber Attacks,” aims at helping IT security professionals identify the origin of an advanced cyberattack, which can help organizations defend themselves against future attacks.
According to FireEye, all cyberattacks have digital paper trail comprised by certain patterns, behaviors, and techniques. By analyzing the malware metadata, the attack behavior, and even the keyboard layout, experts can determine in which country or region the attacks are located.
This is crucial when developing a defense plan against cyberattacks.
“In today’s cyber threat landscape, identifying your enemy is a crucial piece of any defense plan. When it comes to advanced cyber attacks, finding out who your attackers are, how they work, and what they are after is critical to protecting your data and intellectual property,” noted Ashar Aziz, CTO and founder of FireEye.
“Attackers give themselves away inside their malware code, phishing emails, command-and-control servers, and even basic behaviors,” Aziz added.
“Just as the science of fingerprints, DNA, and fiber analysis have become invaluable in criminal forensics, connecting the dots of a cyberattack can help identify even sophisticated threat actors — if researchers know what to look for.”
In addition to showing how the origin of a cyberattack can be identified, the report also reveals a previously unreported attack tactic used by the notorious Chinese hacker group called the “Comment Crew.”
FireEye has been able to identify the attack technique by analyzing a metadata of the malware used by the Comment Crew, whose operations were brought to light earlier this year by Mandiant.
The complete “Digital Bread Crumbs: Seven Clues To Identifying Who’s Behind Advanced Cyber Attacks” report is available here.