One of the core problems with cybercriminals and attackers is the lack of a clear target. Cyber attacks are digital in nature and as such, they are not tied to specific geography, organization, and or person – finding the traces to the source is non-deterministic and ambiguous. In a way, it reminds me of real-life terrorism as an effective distributed warfare model which is also difficult to mitigate. The known military doctrines always assumed a clear target and in a way, they are not relevant anymore against terrorism. The terrorists are taking advantage of the concept of distributed entities where attacks can hit anything, anytime and can originate from everywhere on the planet using an unknown form of attack. A very fuzzy target. The ways countries tackle terrorism mostly rely on intelligence gathering while the best intelligence is unfortunately created following a specific attack. Following an attack it is quite easy to find out about the identity of the attackers which leads eventually to a source and motivation – this information leads to more focused intelligence which helps prevent other future attacks. In the cyber arena, the situation is much worse since even after actual attacks are taking place it is almost impossible to trustfully trace the specific sources and attribute them to some organization or person.
It is a clear example of how a strong concept like distributed activity can be used for malicious purposes and I am pretty sure it will play out again and again in favor of attackers in future attack scenarios.