The security organisation shows a number of ways hackers lead researchers on wild goose chases.
One of the main reasons why hackers and other malicious actors are so hard to locate is not the fact they’re really good at hiding their location – it is because they’re exceptional when it comes to faking things. They fake their locations, their working hours, language, infrastructure, toolkits – even their own groups. Hackers are going extreme lengths to make sure people looking for them are actually in for a wild goose chase. These conclusions were released by security researchers at Kaspersky Lab, which tried to tackle the issue of misleading both victims and security researchers.
“The attribution of targeted attacks is complicated, unreliable and subjective – and threat actors increasingly try to manipulate the indicators researchers rely on, further muddying the waters. We believe that accurate attribution is often almost impossible,” said Brian Bartholomew, Senior Security Researcher at Kaspersky Lab.
“Moreover, threat intelligence has deep and measurable value far beyond the question ‘who did it’. There is a global need to understand the top predators in the malware ecosystem and to provide robust and actionable intelligence to the organisations that want it – that should be our focus.”
Things like timestamps, or language markers, even though they could be a valuable asset for finding hackers, are easily manipulated. Infrastructure and backend connections can be used to find their location, but only if they fail to properly anonymise their internet connections.
And finally, tools. Some use publicly available ones, while others go for their own, custom-built. Those custom-built can be used to backtrack some malicious actors.