What can we do to eliminate the risk of the targeted attacks? Obviously, we need to implement some kind of technical solution, which would combine the best ideas in the field of unknown threats detection. However, before talking about the solution, let’s try to understand the nature and the meaning of the “targeted attack,” as well as key principles of an offensive operation.
Как бороться с целенаправленными атаками? Очевидно, что нужно какое-то технологическое решение, в котором были бы объединены лучшие идеи по обнаружению неизвестных угроз. Но прежде чем говорить о нем, стоит определиться с тем, что считать целевой атакой, и разобрать, как они работают.
Historically “Indicator of Compromise” appears as a result of compromise. That’s why there is still an illusion that the attacker is one step ahead of his victim. However, the asymmetry can be removed. Classical methods of collecting and processing attributes of an attacker, who has already left his tracks somewhere, can be supplemented and enriched with a new source of IoCs – the Proactive Threat Intelligence.
The latest results of security assessments that have been performed for various medical organizations and vulnerability research of most popular medical web-applications will be presented at