| |
Information Operations, Immunity Style
by possibly noteworthy at 7:00 am EST, Mar 4, 2008 |
A follow-up on Getting Owned Across the Air Gap, in which hired IO guns engage in a long-term attack against a high-value target. To be considered in view of the $30 billion "cyber security" program: Overall conclusions: * Botnets and trojans will be extremely difficult to find and analyze in the near future.
* Nascent market shift to automated incident response as part of vulnerability analysis faces ongoing challenges as attackers build one-time custom-use trojans
Thoughts? |
| |
RE: Information Operations, Immunity Style
by Decius at 11:39 am EST, Mar 4, 2008 |
possibly noteworthy wrote:
A follow-up on Getting Owned Across the Air Gap, in which hired IO guns engage in a long-term attack against a high-value target. To be considered in view of the $30 billion "cyber security" program: Overall conclusions: * Botnets and trojans will be extremely difficult to find and analyze in the near future.
* Nascent market shift to automated incident response as part of vulnerability analysis faces ongoing challenges as attackers build one-time custom-use trojans
Thoughts?
Different attacks have different levels of sophistication. It is not the case that there are only two adversary classes: script kiddies and super ninjas. There are many state sponsored attacks that do not employ "one-time custom-use" exploits and malware. Obviously, the latter cannot be detected by looking for things you've previously seen. That does not mean that looking for things you've previously seen has no value. In fact, if you decide that you aren't going to bother looking for things that you've previously seen based on the assumption that your real adversary is only going to employ "one time use" attacks of the sort imagined in this presentation, preversely you attacker need not worry about only using attacks once, as you won't notice if they are reused. |
|
|
|
