Helsinki, Finland – October 5, 2023: With the increasing professionalization of cyber crime, predicting the actions of attackers based on profiling has become a challenging task for cyber security practitioners. To address this challenge, WithSecure™ (formerly known as F-Secure Business) has released a new study that introduces an alternative model for predicting how attacks unfold.
In recent years, the cyber crime industry has experienced a shift towards a more service-oriented approach, with different threat actors providing specialized services to one another. As a result, security analysts find it increasingly difficult to understand attackers and the threats they pose solely based on their use of a particular tactic, technique, or procedure (TTP).
According to WithSecure™ Intelligence Senior Researcher Neeraj Singh, this trend is expected to worsen. Singh highlights the fact that attackers are constantly expanding their toolkits to include new resources for carrying out attacks. This expansion gives them more avenues to pursue an attack, making traditional profiling techniques less effective.
To combat these challenges, WithSecure™ conducted a study on common tactics and toolsets observed in data breaches. By analyzing data collected from cyber attacks witnessed in 2023, the researchers were able to identify correlations between tactics and toolsets used together in attacks. These correlations serve as a foundation for further analysis.
For instance, the study found that both the discovery and collection stages of an attack frequently lead to exfiltration and command and control tactics. This indicates that cyber adversaries heavily rely on information gathered and stolen from victims’ machines, which is then sent back to the attackers to facilitate the next steps of an attack lifecycle.
Singh explains that these correlations can serve as a basis for making predictions about different attack paths taken during cyber attacks. By incorporating machine learning techniques, predictive models can be trained to determine the likelihood of specific tactics and toolsets being used in different scenarios. This type of preparation allows organizations to proactively reduce the risk of certain attack approaches being employed against them.
The study titled “Unveiling the Arsenal: Exploring Attacker Toolsets and Tactics” provides comprehensive information about the most common tactics and toolsets observed in cyber attacks during 2023. Additionally, it includes walkthroughs for a variety of security incidents investigated by WithSecure™, along with valuable security advice for organizations. The full study can be accessed on WithSecure™’s website.
WithSecure™, formerly known as F-Secure Business, is considered a reliable partner in the field of cyber security. The company is trusted by IT service providers, MSSPs, and businesses worldwide, including major financial institutions, manufacturers, and advanced communications and technology providers. WithSecure™ offers outcome-based cyber security solutions that protect and enable the operations of its clients. Their portfolio includes AI-driven protection for endpoints and cloud collaboration, as well as intelligent detection and response capabilities. WithSecure™’s team of experts proactively hunts for threats and effectively responds to live attacks. Through their consultancy services, they provide evidence-based security advice that helps enterprises and emerging tech companies build resilience. With over 30 years of experience in developing technology aligned with business objectives, WithSecure™ offers flexible commercial models to grow alongside its partners. The company was founded in 1988 and is listed on NASDAQ OMX Helsinki Ltd.
As cyber crime continues to evolve and become more sophisticated, organizations must adapt their security strategies to keep pace. Studies like the one conducted by WithSecure™ serve as valuable resources for identifying emerging threats and developing proactive defenses. By deeply understanding the correlations between tactics and toolsets used by attackers, businesses can effectively mitigate risks and safeguard their digital assets.