PRO+ Premium Content/Information Security

Toward the end of the Obama administration, the Department of Homeland Security published a comprehensive list of the tools, techniques and indicators of compromise, called Grizzly Steppe, to out the Russians and their attempts to influence the 2016 presidential election. The Joint Analysis Report, issued in conjunction with the FBI, immediately highlighted the political side of attribution. Network administrators could access the findings in the report to protect their assets from malicious cyber activity such as malware. However, technical indicators on endpoints and networks were reportedly of poor quality, according to some cybersecurity teams, and roughly 40% were not specific to Russia. In the shadowy world of cyberespionage, the game of who is to blame can be complicated and fraught with politics and turf battles. Cyber attribution occurs when indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) from the entire cyber kill chain are associated with an advanced persistent threat or APT group. While ...