In this episode of the podcast, sponsored by Trusted Computing Group we dig deep on this week’s ransomware attack on the Kaseya IT management software with Adam Meyers of CrowdStrike and Frank Breedijk of the Dutch Institute of Vulnerability Disclosure. Also: Tom Laffey, a product security strategist at Aruba, a Hewlett Packard Enterprise firm, and co-chair of the Network Equipment working group at TCG about how that group is adapting its technology to make it easier for new generations of connected devices to attest to their integrity.
Attribution in information security attack is a difficult thing. Being able to put a particular person behind a keyboard is often the problem. However, in recent years, security companies have been doing a better job of identifying groups of individuals with similar attack methods and preferences. For example CrowdStrike has identified over seven thousand discrete groups of state-sponsored groups, criminals, and hacktivists solely by their methods of operation, their patterns of attack. A report this week from Symantec looks at one particular group they call Morpho, which they believe is not state-sponsored but nonetheless responsible for intellectual property theft for monetary gain. Symantec notes that one key difference between attacks coming from competitors and state-sponsored attackers is that competitors are likely in a better position to request the theft of specific information of economic value. They make faster use of this information than a state-sponsored group. Morpho hs a preference […]