The frequency of cyber-attacks and their varied nature has grown exponentially over the last thirty years. What was once the sole domain of juvenile hackers trying to demonstrate their skills is now shared with organised crime, state sponsored information warriors, cyber activists and others. Being able to identify an attacker is key to defending against that attacker, whether they are within reach of prosecution or not. This paper suggests a new approach to cyber-attack attribution, which combines both technical and analytical features. Technical attribution involves examining artefacts discovered from investigation of the attack for indicators of origin. Analytical attribution involves such things as understanding the victim, the motive and the likely threat actor who would benefit as a result of the attack; then examining the capabilities and modus operandi of the likely threat actor and other surrounding data. By combining these approaches, defenders can then effectively establish attribution. With this attribution, defenders can better plan their cyber security posture and intelligently defend organisations from threats based on defined attack scenarios rather than adopt generic cyber defences.
|Number of pages||18|
|Journal||Journal of the Australian Institute of Professional Intelligence Officers|
|Publication status||Published - 2018|