This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. We have high confidence in these judgments.This advisory was updated to include information on Conti, TrickBot, and BazarLoader, including new IOCs and Yara Rules for detection. We are given very little actual detail about what happened or how the incidents were traced to Russia specifically, while we are treated to numerous statements along the lines of: “We assess with high confidence that Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election” or “We further assess Putin and the Russian Government developed a clear preference for President-elect Trump. election is because the FBI, CIA, and NSA believe that to be the case. The DNC breaches feature prominently in that summary but, more to the point, the primary rationale readers are given for why they should believe that the Russian government meddled in the U.S. Consider the declassified summary of the Intelligence Community’s assessment of “Russian Activities and Intentions in Recent US Elections.” Knowing who conducted a breach investigation is particularly important when it comes to international cyber conflicts because just about everything the government tells us about those conflicts we are expected to take on faith. 5 tweet about the FBI investigation, back when he apparently believed the DNC’s version of events: “So how and why are they so sure about hacking if they never even requested an examination of the computer servers? What is going on?” In fact, the president made this point himself, in a Jan. They can certainly, at times, provide useful assistance to law enforcement investigations-but when they end up essentially doing law enforcement’s job for them, as seems to have been the case with the DNC breach, it becomes exceedingly difficult to know whom to trust and whether to take the results of that investigation at face value. Good security companies can be invaluable when it comes to helping breach victims figure out where they went wrong and how they can better protect their systems in the future. But it’s one thing to trust tech companies to provide email servers and cloud storage and quite another to rely exclusively on them to collect and analyze evidence of a major security incident attributed to a foreign national government.
I’ve even argued that the DNC should have been relying more heavily on private tech firms to provide its email services and security from the outset. Calling in CrowdStrike was a good move on the part of the DNC.
That’s not meant as an insult to CrowdStrike, which is, undoubtedly, a first-rate security firm that does extremely sophisticated and reliable investigative work.
0 kommentar(er)
