Skip to content

Mistakes by Threat Actors Lead to Disruption, Not Just Better Blocking “Unlock the Secret to Career Success: 5 Tips for Achieving Your Goals!”

Many CISOs and security experts often express the sentiment of wanting to stop threats regardless of the attacker’s identity. However, solely focusing on stopping the attack may not be the most effective approach towards ensuring protection against malicious actors. To truly halt an attack, it is crucial to disrupt the attacker’s infrastructure and financial flow, often through the efforts of U.S. law enforcement, intelligence agencies, and leading data hosting providers.

In order to disrupt the attacker’s infrastructure, context must be provided by the private sector. This can be in the form of IPs, emails, website hosting information, phone numbers, profile names, account names, and more. Additionally, service providers, victims, and the cyber industry must come together to provide data that can help lead to a successful takedown. Attackers make mistakes, and it is important to identify them in order to prevent future attacks.

Examples of mistakes that attackers may make include obfuscation errors such as forgetting to enable private registration or failing to properly encrypt their traffic, as well as infrastructure re-use and ego. Infrastructure re-use occurs when attackers attempt to save money by reusing elements of their infrastructure, and ego is when attackers become too confident in their success and make careless mistakes. It is necessary for threat intelligence and incident response teams to investigate and triage these mistakes in order to provide stakeholders with timely and relevant answers.

In conclusion, it is clear that stopping an attack is more than just deploying security tools and hoping the attacker will go elsewhere. A collaborative effort between service providers, victims, law enforcement, and intelligence agencies is necessary in order to provide the context and data that is needed to disrupt the attacker’s infrastructure and prevent future attacks. Additionally, it is important to investigate and triage any mistakes that the attackers make in order to properly defend against them.

Key Points:

  • To truly stop an attack, it is necessary to disrupt the attacker’s infrastructure and flow of funds.
  • Context must be provided by service providers, victims, and the cyber industry in order to disrupt the attacker’s infrastructure.
  • Attackers make mistakes, such as obfuscation errors, infrastructure re-use, and ego, that can be identified to prevent future attacks.
  • Threat intelligence and incident response teams must investigate and triage mistakes in order to properly defend against them.

Leave a Reply

Your email address will not be published. Required fields are marked *