Difference between revisions of "Attack"
(→MITRE ATT&CK) |
(→MITRE ATT&CK) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
==Models== | ==Models== | ||
| − | Threat | + | [[Threat Model]]s some in a variety of forms. This page considers the use of an [[Attack]] model to expose threats. While this [[Attack]] model can be helpful in accessing vulnerabilities that are currently known, it is backward looking and does not address vulnerabilities that are not currently known to be under [[Attack]]. |
| + | |||
| + | * [https://www.cisa.gov/resources-tools/resources/risk-and-vulnerability-assessments Risk and Vulnerability Assessments] CISA 2024-09-13 and [https://www.cisa.gov/news-events/alerts/2024/09/13/cisa-releases-analysis-fy23-risk-and-vulnerability-assessments updated press release]. | ||
| + | |||
| + | Threat Models are assessed according models like the ISO 29115 standard (ISO/IEC JTC 1/SC 27 2013), which describes standardized attack vectors for an IT system: | ||
* Online/offline guessing (repeatedly trying out the credentials or keys) | * Online/offline guessing (repeatedly trying out the credentials or keys) | ||
* Credential duplication (copy of credentials and their keys) | * Credential duplication (copy of credentials and their keys) | ||
| Line 17: | Line 21: | ||
* Man-in-the-middle attack (MitM; active attacker positions himself between the communication partners and pretends to be the respective counter-party) | * Man-in-the-middle attack (MitM; active attacker positions himself between the communication partners and pretends to be the respective counter-party) | ||
* Credential theft | * Credential theft | ||
| − | * Spoofing and masquerading (which seems to become easier for attacks based on [[Artificial Intelligence]] bots) | + | * [[Spoofing]] and masquerading (which seems to become easier for attacks based on [[Artificial Intelligence]] bots) |
==MITRE ATT&CK== | ==MITRE ATT&CK== | ||
| − | + | Users in more than 190 countries access [https://click.e.mitre.org/?qs=38bb944c8d8e6c662c0cf9c4b5e8e4f81e4201f09e741314f769d3e559042e43c673503556dc52659670eaa164174489323d2dbd4d3a32ab MITRE ATT&CK®] — a global knowledge base of cyber adversary behavior. This free online data-sharing platform—considered “foundational” to the worldwide cybersecurity community—enables any size organization to identify attackers by their tactics and techniques and outmaneuver cyber intruders. Keeping up with the bad guys: ATT&CK’s newest update (version 17) goes live on April 22. It will include content related to the ESXi hypervisor, broad improvements to defenses, and updates to techniques, groups, and software across the framework. | |
* [https://www.darkreading.com/vulnerabilities-threats/dprk-exploits-mitre-sub-techniques-phantom-dll-hijacking-tcc-abuse DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse] 2024-04-11 | * [https://www.darkreading.com/vulnerabilities-threats/dprk-exploits-mitre-sub-techniques-phantom-dll-hijacking-tcc-abuse DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse] 2024-04-11 | ||
Latest revision as of 15:08, 27 March 2025
Full Title or Meme
A program that attempts to exploit a Vulnerability in individual devices or programs typically thought a network connection.
Note that the wiki page Attacks details some of the attacks that are know to have been exploited.
Context
It is not an accident that attacks are known as viruses or worms. The digital systems exposed on the internet are susceptible to Attack just as Carbon-based Life Forms are susceptible to a wide variety of organism of a wide variety of morphologies. Like our own organic defenses, computer systems look for markers to see if an attack is under way. Lime disease offers an example of a pathogen that wraps itself in a set of markers that the immune system accepts as a valid part of the organizer. [1] Perhaps its time to put the immunology department as a joint effort of medicine and computer science.
Models
Threat Models some in a variety of forms. This page considers the use of an Attack model to expose threats. While this Attack model can be helpful in accessing vulnerabilities that are currently known, it is backward looking and does not address vulnerabilities that are not currently known to be under Attack.
- Risk and Vulnerability Assessments CISA 2024-09-13 and updated press release.
Threat Models are assessed according models like the ISO 29115 standard (ISO/IEC JTC 1/SC 27 2013), which describes standardized attack vectors for an IT system:
- Online/offline guessing (repeatedly trying out the credentials or keys)
- Credential duplication (copy of credentials and their keys)
- Phishing (interception of credentials via fake websites/emails and social manipulation)
- Eavesdropping/snooping
- Replay attack (reuse of recorded messages)
- Session hijacking
- Man-in-the-middle attack (MitM; active attacker positions himself between the communication partners and pretends to be the respective counter-party)
- Credential theft
- Spoofing and masquerading (which seems to become easier for attacks based on Artificial Intelligence bots)
MITRE ATT&CK
Users in more than 190 countries access MITRE ATT&CK® — a global knowledge base of cyber adversary behavior. This free online data-sharing platform—considered “foundational” to the worldwide cybersecurity community—enables any size organization to identify attackers by their tactics and techniques and outmaneuver cyber intruders. Keeping up with the bad guys: ATT&CK’s newest update (version 17) goes live on April 22. It will include content related to the ESXi hypervisor, broad improvements to defenses, and updates to techniques, groups, and software across the framework.
References
- ↑ Allison Guy, Tackling long-haul Diseases MIT News (2024-03) p. 29 ff.
