Cyber attribution is the attempt to track and lay blame on the perpetrator of a cyber attack or hacking exploit.
Cyber attacks can have serious consequences for businesses in terms of public relations, compliance, reputation and finances. In the wake of an attack, a business may be anxious to assign blame and see the perpetrator brought to justice, thus ensuring that it’s not seen as an easy target. Investors may also demand cyber attribution. However, attribution is difficult and poses its own risks.
Often, companies don't have the expertise or resources to track down cyber criminals and outsource the job to IT security specialists but even for experts, cyber attribution is a challenge. Hackers of note generally don't commit the crimes from their own residences. Attacks are often launched from targets that the hacker has previously compromised. Hackers may also relay an attack through multiple hops to further obfuscate the source. This act alone makes it almost impossible to be sure of cyber attribution, because a hacker may have cleaned up his tracks such that there are more hops beyond the last traceable IP address.
The difficulty of being certain about attribution, coupled with the dangers of misattribution and false accusations, means that the attempt to determine the source of an attack can be as risky for an organization as the attack itself.
See a presentation on the cyber attribution challenge: