Thanks to the increasing professionalisation of cyber crime, predicting the actions of attackers based on profiling is becoming more challenging for cyber security practitioners. To help address the challenge, WithSecure (formerly known as F-Secure Business) has published a new study that demonstrates an alternative model of predicting how attacks unfold.
In recent years, the cyber crime industry has become increasingly service-oriented*, where different threat actors provide specialised services to one another. Consequentially, it’s become increasingly difficult for security analysts to understand attackers and the threat they pose based strictly on their use of a particular tactic, technique or procedure (TTP).
It’s a trend that WithSecure Intelligence Senior Researcher Neeraj Singh says is likely to get worse.
“You also have to consider that attackers are constantly expanding their toolkits to include new resources to use in attacks. That means they have more avenues to pursue an attack than ever before. These types of changes make traditional profiling techniques, where you understand and predict specific types of attacks by associating them with particular TTPs or toolsets, less effective,” he explained.
A new WithSecure study on common tactics and toolsets observed in data breaches demonstrates an alternative approach to predicting how cyber attacks can unfold.
Using data collected from cyber attacks observed by WithSecure in 2023, researchers were able to correlate tactics/toolsets used together in attacks – correlations that provide a foundation for further analysis.
For example, researchers found that both discovery and collection commonly lead to exfiltration and command and control tactics, indicating adversaries’ reliance on information that’s gathered and stolen from the victim’s machines and sent back to the attackers to perform their next steps in an attack life cycle.
According to Singh, correlations like these can provide a sound basis for making further predictions about different paths taken during attacks.
“Machine learning can build on traditional data analysis techniques to train predictive models that can determine the likelihood of different tactics and toolsets being used on different premises. That’s the kind of preparation that organisations can use to begin reducing the risk of attackers using certain approaches against them,” explained Singh.
The study, Unveiling the Arsenal: Exploring Attacker Toolsets and Tactics, contains information about the most common tactics and toolsets observed in attacks during 2023, walkthroughs for a variety of security incidents investigated by WithSecure, and security advice for organisations. The full study is available at https://www.withsecure.com/en/expertise/research-and-innovation/research/unveiling-the-arsenal-exploring-attacker-toolsets-and-tactics.
Share
WithSecure
WithSecure™, formerly F-Secure Business, is cyber security’s reliable partner. IT service providers, MSSPs and businesses – along with the largest financial institutions, manufacturers, and thousands of the world’s most advanced communications and technology providers – trust us for outcome-based cyber security that protects and enables their operations. Our AI-driven protection secures endpoints and cloud collaboration, and our intelligent detection and response are powered by experts who identify business risks by proactively hunting for threats and confronting live attacks. Our consultants partner with enterprises and tech challengers to build resilience through evidence-based security advice. With more than 30 years of experience in building technology that meets business objectives, we’ve built our portfolio to grow with our partners through flexible commercial models.
WithSecure™ Corporation was founded in 1988, and is listed on NASDAQ OMX Helsinki Ltd.