Digital forensics: learning from cyberattacks

To dramatically improve their security posture, smart organizations are turning to digital forensics to better understand their attackers and take proactive action against a similar attack happening again.

According to market intelligence firm Mordor Intelligence, the digital forensics market was worth $3.14 billion in 2017 and is forecast to jump to $5.37 billion by 2023, driven by growing cyberattacks, identity fraud and data security breaches.

Cybersecurity is a major concern for organizations today. Many cybercriminals operate in ways that organizations find difficult to anticipate and can adapt quickly to changing environments. “In a twisted way, many cybercriminals are digital pioneers, finding ways to leverage big data and web-scale techniques to stage attacks and steal data,” said Rob McMillan, Research Director at Gartner.

Crucial to better understanding the cybersecurity threat is the ability to gain an accurate record of what happened in an attack and how it unfolded. Digital forensics can also be used in scenario-based testing – identifying attack scenarios that could have a devastating impact on your business and working out the best reaction.

Following the intrusion trail

When an attack interacts with your information system, it leaves an intrusion trail. At Orange Cyberdefense our Cyber Security Incident Response Team (CSIRT) finds, collects, interprets and deconstructs this information to understand the attack. For example, the attack could reveal itself as a window that opens offering the user a download.

Digital forensics can build a picture of where, when and why a malicious actor has entered your system. This provides an understanding of the breach and guidance on how to mitigate the attack happening again. It also uncovers the tools, tactics and processes the attacker is using to gain access.

A starting point for digital forensics is tracking the footprint of the malicious actor. Cybercriminals go through an intense period of preparation before launching an attack. The route to detecting an attack in its infancy is via the preparation patterns that cybercriminals go through and making links between the various relationships involved.

Digital forensics experts also reverse engineer malware. Orange Cyberdefense has developed a proprietary third-generation sandbox that allows us to run and test malicious code in an isolated environment, understanding how it works in the system, and rapidly recognize similar malware.

Once an attack is contained and understood, a remediation plan can be put in place. This advises on protection for the future.

Grow your cyber resilience

No one today is immune from a cyberattack. Your organization’s ability to operate, work and recover from an attack determines its level of resilience.

Cyber resilience is centered around your ability to prepare for and adapt to a continually changing threat vista, while being able to withstand and quickly recover from an attack. This includes identifying events that may happen, assessing their likelihood of happening, what impact they would have on your business and what actions would be needed to mitigate them.

Digital forensics plays a key role in building a picture of an attack to mitigate future risk. It can also assess past data and processes to ensure you have the tools and resources to handle more sophisticated attacks down the line.

In addition, digital forensics will enable you to access the tools, practices and procedures malicious actors are using to get into your systems. This intelligence can be built into a cyber resilience strategy, which provides an overarching view of your infrastructure, processes and security.

Putting together such a resilience strategy can be a complex task, which is why many organizations choose to work with a partner. At Orange Cyberdefense, we work with organizations to define, implement and evaluate existing measures to ensure business continuity in the event of a major crisis, providing impact assessments on sensitive assets and reviewing continuity policies and so forth.

Digital forensics can help to deliver proactive and reactive resiliency. Once you have built an image of your infrastructure and continually monitor and investigate attacks, you will be better able to shield your systems and applications against risk.

The ultimate goal is to keep the malicious actor out for as long as possible, while shoring up defenses. The unfortunate truth is that when a cybercriminal fails to get into their target, they normally return with an even more sophisticated attack – and you need to be ready for it.

The mantra is to be safe now. Don’t wait for a breach to realize that a quicker detection analysis response cycle is far easier than ignoring the problem.

Find out the six steps you need to take to get on top of cyber threats.

Robinson Delaugerre
Robinson Delaugerre

Robinson Delaugerre leads the activities of the Computer Security Incident Response Team at Orange Cyberdefense, whose ambition is to enable its experts in incident response and digital investigation to occupy a leading position in France, and even Europe, by cultivating technical excellence and a quality approach.