Most new articles on high profile cyberattacks call these attacks sophisticated, but are they really? At the RSA 2015 conference a few days ago, researchers Ira Winkler and Araceli Treu Gomes, wrote ‘the Irari rules for declaring a cyberattack sophisticated’. The summary article can be found here, and the conference slide pack here. The main message is just because the cyber attackers managed a large successful attack (such as the Sony breach), does not make it sophisticated. Sophisticated means it defeated security defences and was undetected until perhaps too late. We don’t call a burglar sophisticated if they managed to steal everything valuable out of a building if the doors where left unlocked, the codes for the vault were written on a post-it above it and the security alarms were easily turned off. Therefore, just because a piece of malware was able to wipe out all computers, exfiltrate a huge amount of data, commit fraud and cause all sorts of damage does not mean it did anything clever – it may mean that the victim just had poor security controls.

Read full article