It turns out the US-CERT maintains a list of UDP based amplification attacks and their potential amplification factor (i.e. DNS vs. NTP). It also includes the latest Memcache attacks that have been making the rounds — spoiler: memcache has the greatest potential for abuse.
There’s a lot of different campaign and actor names and it’s tough to keep them all straight — just see here.
The Council on Foreign Relations released a new tool, the Cyber Operations Tracker. The tool is a database of the publicly known state-sponsored cyber incidents that have occurred since 2005. The database contains almost two hundred entries of state-sponsored cyber incidents or threat actors for which data is publicly available. Want to know who is spying on whom? Looking for the number of times North Korea has been publicly denounced for its cyber operations? Heard of Equation Group but would like to know more about it? The tracker can help answer all of these questions.
I should also mention Google and Arbor Networks partnered up a while ago to create the Digital Attack Map however its focus is on DDOS attacks.
Interesting article in CFR about a DDOS attack that President Trump authorized United States Cyber Command to conduct against North Korea’s Reconnaissance General Bureau (RGB). In all likelihood, the DDOS attack against North Korea’s intelligence agency, coupled with a leak of its occurrence and a post-hoc claim of responsibility by the U.S. government, represented an attempt by the Trump administration to send a costly signal of resolve to Pyongyang……This may account for why a member of the Trump administration chose to leak information about a DDOS attack, rather than a more costly attack that would require the United States to maintain persistent access North Korean networks……..If a state is seeking to send a signal via cyber means, how can it ensure the signal is received by the adversary and properly attributed? It could couple a cyber signal with other instruments of power, especially private diplomatic channels or public statements. This may account for the Trump administration’s “leak”—it is possible that it was intentional to ensure that North Korea was able to attribute the DDOS attack, after the fact, to the United States.
….given the covert nature of state cyber operations, there are almost certainly things the public doesn’t know, necessitating reasoned hypothesizing about this case. That said, the available evidence suggests that this was a poor attempt at cyber signaling. Even beyond the inherent difficulties associated with signaling in cyberspace, the difference between the President’s tweets and DDOS could only muddy the waters. This example only confirms that cyber is not an ideal signaling tool, and this particular signal may have done more harm than good.