- Source: Cyber attribution
In the area of computer security, cyber attribution is an attribution of cybercrime, i.e., finding who perpetrated a cyberattack. Uncovering a perpetrator may give insights into various security issues, such as infiltration methods, communication channels, etc., and may help in enacting specific countermeasures. Cyber attribution is a costly endeavor requiring considerable resources and expertise in cyber forensic analysis.
Nissim Ben Saadon argues that the task of cyber attribution makes sense for major organizations: government agencies and major businesses in sensitive domains, such as healthcare and state infrastructures. However most small and medium businesses (SMB) gain little in "postmortem" identification of perpetrators. In BEn Saadon's opinion, it is unlikely that a particular SMB was specifically targeted; rather the incident was a crime of opportunity, exploiting a detected vulnerability, and with limited resources it is wiser to spend it on identifying the vulnerability in question and eliminating it.
For governments and other major players dealing with cybercrime would require not only technical solutions, but legal and political ones as well, and for the latter ones cyber attribution is crucial.: xvii
Attributing a cyberattack is difficult, and of limited interest to companies that are targeted by cyberattacks. In contrast, secret services often have a compelling interest in finding out whether a state is behind the attack. A further challenge in attribution of cyberattacks is the possibility of a false flag attack, where the actual perpetrator makes it appear that someone else caused the attack. Every stage of the attack may leave artifacts, such as entries in log files, that can be used to help determine the attacker's goals and identity. In the aftermath of an attack, investigators often begin by saving as many artifacts as they can find, and then try to determine the attacker.
See also
Cyber forensics
References
Skopik, Florian; Pahi, Timea (2020). "Under false flag: using technical artifacts for cyber attack attribution". Cybersecurity. 3 (1): 8. doi:10.1186/s42400-020-00048-4. ISSN 2523-3246.
Further reading
Eric Nunes, Paulo Shakarian, Gerardo I. Simari, Artificial Intelligence Tools for Cyber Attribution, 2018, ISBN 3319737872