- “The Sony attack…that was in like 2014. It’s 2016 now. Why is this relevant?”
- “Sony sounded like a one-time revenge attack because of that movie with James Franco and Seth Rogen . If that’s true, why would anyone other than Sony itself bother unraveling it?”
- “My organization has many feeds of threat intel, signatures, and Indicators of Compromise. So we’d be protected against this adversary by now, right?”
- “I don’t even work with malware or incident response, and fixed-width typeface makes me sleepy. What are the take-aways for the Information Security industry as a whole?”
“While no effort can completely halt malicious operations, Novetta believes that these efforts can help cause significant disruption and raise operating costs for adversaries, in addition to profiling groups that have relied on secrecy for much of their success.”This is really important. The coalition is doing the hard work to shine a light on this advanced adversary, slowing down their progress and forcing them to retool, making it harder for them to carry out their next attack. 5. Private industry groups can take action on adversaries We see in the report that malicious actors can be highly organized and can perform coordinated attacks. So why can’t that be true of the defenders as well? The coalition put their resources to bear on this attack in a coordinated way and was successful in revealing many of the details behind the Lazarus Group. Novetta itself feels that the combination of sharing highly technical analysis with both the public and private industry is the best way to interdict these types of actors. What did I miss? Send me a note at pvb (at) novetta (dot) com if you have more ideas about why Operation Blockbuster matters. Also, if you’re at the RSA conference this week, stop by and talk to some friendly folks at the Novetta booth #N4504.