December 22, 2016

Experts unsure if cyber attribution research will yield results

The Georgia Institute of Technology has received a research contract to study cyber attribution, with the intent of providing better proof of involvement by threat groups.

The U.S. Department of Defense sponsored the $17.3 million contract that will fund a project led by Georgia Tech researchers in collaboration with other academic institutions. However, the researchers admit the study of cyber attribution is unlikely to result in individual attribution.

Igor Baikalov, chief scientist at Securonix Inc., a security analytics company based in Los Angeles, said even attribution of a specific group may not be possible.

“We are getting pretty good at recognizing the vehicle: botnet or some random computer used in the attack, or even command-and-control server behind them; we can also recognize familiar tactics, techniques and procedures, or even unseen-before malicious behavior based on anomalies. But what we cannot be sure about is an ultimate driver behind it all,” Baikalov told SearchSecurity via email. “Too many degrees of separation to untangle the chain of command before the attacker disappears, erasing all traces of his actions, or even reshuffling them to point to a completely different direction.”