Early last year in “Grizzly Steppe and Carbanak: The Dangers of Miscalculation in Cyberspace,” TruSTAR researchers outlined the overlap of tactics, techniques, and procedures (TTP) between Russian state organizations and criminal organizations like the Carbanak hacking group. They found that Carbanak and attacks attributed to Russian state security agencies were utilizing some the same infrastructure to launch attacks. CrowdStrike’s new 2018 Threat Report expands the aperture beyond Russia to include to North Korea, China, and Iran. There’s evidence hacktivists borrow these TTPs too.
The overlap of TTP raises serious questions for defenders of corporate and government networks, and poses a danger of miscalculation for government in responding to attacks. Overlapping TTP also drives home the need to change our security strategy at the organizational level to a unified security data model that can help organizations better defend themselves and collaborate with other companies, sharing organizations, and even government agencies.
Read more about why Paul Kurtz, CEO & Cofounder of TruSTAR Technology, believes that aggregating threat intel from external data sources is no longer enough and why you must look inside and outside your traditional knowledge base for the best way to defend against attacks, on DarkReading.