If you track cyber security you have no doubt heard of the recently published report by Cylance titled Operation Cleaver. It has been extensively referenced in the press (including here and here) and has generated significant dialog among practitioners, pundits and policy wonks including on Twitter with the hashtag #OpCleaver. The report was so good and so well documented it resulted in the FBI taking the action of publishing special alerts warning infrastructure providers of possible Iranian cyber attacks. This was a very important report.
Here is a gist of the report from Cylance:
The report makes the point that in many ways attribution offers little real benefit to the day-to-day cyber defender. Cylance writes that this level of attribution can aid law enforcement. We agree with the latter point, of course, this can be of use to law enforcement. But would like that there is another school of thought regarding intelligence informing cyber defense. We believe this report can serve enterprises as yet another strategic intelligence input, which can be useful in helping organizations plan their defenses.
Overall, our assessment is that although the report is short, it is to the point, and very insightful. Our recommendations:
https://ctovision.com/2014/12/took-away-operation-cleaver-opcleaver-report/
Here is a gist of the report from Cylance:
- A new global cyber power has emerged; one that has already compromised some of the world’s most critical infrastructure. The Operation Cleaver report sheds light on the efforts of a coordinated and determined group working to undermine the security of at least 50 companies across 15 industries in 16 countries. Our report unveils the tactics, techniques and procedures used in what is still an ongoing campaign.
- Operation Cleaver has, over the past several years, conducted a significant global surveillance and infiltration campaign. To date it has successfully evaded detection by existing security technologies. The group successfully leveraged both publicly available and customized tools to attack and compromise targets around the globe, including military, oil and gas, energy and utilities, transportation, hospitals, telecommunications, technology, education, aerospace, defense contractors, chemical, companies, and governments.
- Since at least 2012, Iranian actors have directly attacked, established persistence in, and extracted highly sensitive materials from the networks of government agencies and major critical infrastructure companies in the following countries: Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates, and the United States.
The report makes the point that in many ways attribution offers little real benefit to the day-to-day cyber defender. Cylance writes that this level of attribution can aid law enforcement. We agree with the latter point, of course, this can be of use to law enforcement. But would like that there is another school of thought regarding intelligence informing cyber defense. We believe this report can serve enterprises as yet another strategic intelligence input, which can be useful in helping organizations plan their defenses.
Overall, our assessment is that although the report is short, it is to the point, and very insightful. Our recommendations:
- We most strongly recommend you read it in its entirety. It will give you a much better feel for the quality of work by the team at Cylance and help you understand the nature of this threat better.
- Please consider sharing the Cylance report. Cylance has documented a very important evolution of the cyber threat, one we believe all citizens, not just defenders, need to better understand. I believe we are all doing civilization a favor when we spread the word on good works like this, and hope you will consider sharing the Cylance Operation Cleaver report widely.
https://ctovision.com/2014/12/took-away-operation-cleaver-opcleaver-report/
Comments
Post a Comment