Threat Activity Attribution - Differentiating the Who from the How
Offered By: YouTube
Course Description
Overview
Explore the complexities of threat activity attribution in cybersecurity through this BSidesCharm 2018 conference talk. Delve into traditional attribution methods, examining their benefits and drawbacks while highlighting common infosec failures and media misrepresentations. Learn about the Diamond Model for intrusion analysis and its application in differentiating between operational behaviors and attacker identities. Analyze real-world examples such as ALLANITE, COVELLITE, and LAZARUS to understand the nuances of attribution. Gain insights into making defense more manageable and developing a process-oriented approach to threat attribution that distinguishes the "who" from the "how" in cyber attacks.
Syllabus
Introduction
Traditional Attribution
Benefits
Drawbacks
Infosec Failures
Media Examples
What Attribution Should Do
Results of Attribution
Goals of Attribution
Operations vs. Identity
Attribution Limitation
Introducing the Diamond Model
Infrastructure - Atomic
Infrastructure - Behavioral
Capabilities - Behavioral
ALLANITE aka PALMETTO FUSION
Distinctions
ALLANITE Phishing
Targeting Differences
Diamond Model Evaluation
Implications
COVELLITE Publicity
COVELLITE Document
COVELLITE and LAZARUS
The Problem with LAZARUS
The Defender Problem
Make Defense Manageable
Process
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network