The global and independent platform for the SAP community.
The opinion of the SAP community, IT Security Column, MAG 17-05

Overwhelming circumstantial evidence is nevertheless not proof

When it comes to IT attacks, the first question on outsiders' minds is who is to blame. People want to assign an attack to a perpetrator, at least in their minds.
Raimund Genes, Trend Micro
May 4, 2017
Content:
Security
avatar
This text has been automatically translated from German to English.

In many cases, however, this supposedly simple question cannot be answered so easily. Especially not if one bases oneself exclusively on the objective facts and leaves out the subjective formation of opinion through the local/temporal perception of the victim or through the press.

What happens when there is too much subjectivity is easily illustrated by the recent example of EyePyramid - an "information stealer" that has stolen around 87 GB of data in recent weeks. This includes that of private companies, but also government offices and other public organizations.

EyePyramid targeted more than 100 mail domains with more than 18,000 mail accounts. The victims, some of them high-ranking, came from Italy and other European countries, but also from the USA and Japan.

With this overwhelming evidence, the conclusion was clear to many: this is a state-driven or sponsored attack!

This conclusion was then gratefully taken up by the media and the general public. Unfortunately, there was only one problem - it was not true!

As it turned out in retrospect, the people behind EyePyramid are a brother and sister with purely monetary interests. It is not a state-sponsored organization that is going to fight the next cyber war.

This incident clearly shows what happens when facts are interpreted only in the context of one's own "convenient" context or are oversimplified. Serious security researchers limit themselves to technically verifiable information when it comes to "attribution," i.e., assigning attacks to actors.

Of course, there are also "clues" that point in a certain direction or whose combination is reinforced. But the metaphorical "smoking gun" in the attacker's hand is rarely found.

To stay with EyePyramid: Factually, (also) government-related organizations were compromised. These are objective facts. The simplification that a state actor must therefore be behind this is subjective and overly simplistic.

Unfortunately, the factual reporting is far less spectacular than the (incorrect) simplification...

Even though the unjustified simplification of facts annoys me as a technically interested person, the topic could be over at this point. If there were not quite other side effects:

When reporting turns every mosquito into a bull and every cybercriminal action into a cyberwar by state actors, this also has an impact on the security perception or the security behavior of all of us.

When everywhere there is only talk of cyber war and state actors, resignation sets in for many companies and private individuals:

"How am I as a person/company already supposed to be able to protect myself against a state?"

Alternatively:

"Why would a state target me already?"

The "success" of such market-shouting communication is that many do not even perceive the real danger - namely ordinary cybercriminals - and accordingly do not take appropriate protective measures.

To put it bluntly: Yes, there are state actors out there who operate with big budgets. But for normal companies and private individuals, these actors are negligible from a risk assessment perspective! The "normal", monetarily driven cybercriminal poses the far greater risk!

Therefore, my request at this point: Do not let yourself be unsettled by sensational reports on cyberattacks by state actors! Conduct a risk assessment of your business processes, verify which actors pose a real risk there, and set up your security strategy accordingly.

Last but not least, I have a request to the press, bloggers, etc.: Some things cannot be simplified any further! This also applies to circumstantial evidence in IT attacks. Even if the omission/simplification of circumstantial evidence may lead wonderfully to "evidence" that can then be placed as a big sensation.

https://e3magpmp.greatsolution.dev/partners/trend-micro-deutschland-gmbh/

Raimund Genes died unexpectedly at his home on Friday, March 24, as a result of a heart attack.

Trend Micro's longtime Chief Technology Officer turned 54. He built up the Japanese IT security provider in Germany and Europe and gave it an important voice in public.

Starting in 2014, Genes enriched E-3 Magazine with his timely and astute commentary as part of the monthly IT Security column. Here, too, he provided valuable educational work for the SAP community.

We publish his last comment on this page posthumously. Our sympathy goes to his family and friends.

Download as PDF only for members. Please create an account Here

avatar
Raimund Genes, Trend Micro

Raimund Genes was CTO at Trend Micro.


All articles of the author

Write a comment

Aleph Alpha and the Innovation Park Artificial Intelligence (Ipai) Conduct Cutting-edge AI Research

Precisely Extends AWS Solution with Support for IBM

SAP Man in Davos

Work on SAP Basis is crucial for successful S/4 conversion. This gives the so-called Competence Center strategic importance among SAP's existing customers. Regardless of the operating model of an S/4 Hana, topics such as automation, monitoring, security, application lifecycle management, and data management are the basis for the operative S/4 operation. For the second time already, E3 Magazine is hosting a summit in Salzburg for the SAP community to get comprehensive information on all aspects of S/4 Hana groundwork. With an exhibition, expert presentations, and plenty to talk about, we again expect numerous existing customers, partners, and experts in Salzburg. E3 Magazine invites you to Salzburg for learning and exchange of ideas on June 5 and 6, 2024.

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Tickets

Early Bird Ticket - Available until 29.03.2024
EUR 440 excl. VAT
Regular ticket
EUR 590 excl. VAT

Secure your Early Bird ticket now!

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.