But now organisations are seeking ways to deploy attribution more effectively. There is a widespread recognition that only a select few commercial Threat Intelligence vendors have the capacity to research meaningful attribution, and that larger-scale and national organisations with mature defensive practices stand to benefit the most from attribution threat intelligence. For these organisations, attribution is a vital tool for prioritising cyber defences and understanding where the potential gaps are. Used correctly, attribution enables organisations to contain and respond to cyber incidents more effectively.
Identifying a specific threat actor perpetrating the cyber incident enables an organisation to understand the tactics and attack methods and to search for corresponding traces in their networks. If a threat actor is known for exploiting specific vulnerabilities, a target organisation can check and patch those vulnerabilities before exploitation. Attributing a pattern of advanced persistent threats (APTs) enables organisations to prioritise necessary measures to protect against the threat.
Kaspersky's Global Research and Analysis Team (GReAT) uncovers APTs, cyberespionage campaigns, major malware, ransomware, and underground cybercriminal trends, tracking ongoing activity of 200+ threat actors and sophisticated malicious operations targeting commercial and government organisations in 85 countries. Kaspersky analyses millions of suspicious files and activities, and our combination of sophisticated machine processing and unrivalled human expertise enables us to predict and prevent complex threats and cybercrime of the future.
