Gaining the Attacker Perspective

Posted by Mark Chapman—President & CEO of PhishLine• 3/17/2014

 

It may seem counter-intuitive to place the motives and methods of attackers on a pedestal, but there is immense value in doing so. Today’s threat landscape demands an ongoing role reversal; which is the ability and desire to emulate the thought process and real-world methodologies of attackers in order to gain visibility and an advantage over the countless “what-if” scenarios that we face.Silhouette-350×350

Silhouette-350x350.jpg

Visualizing what it is that an attacker wants is an important step because it provides us context into the motives portion of an attack. We often think that motives are purely financial or one-dimensional, but nowadays we see attacks that are motivated by a wide range of evolving motives. Let’s position our discussion around just a few motives:

  • Obtain intellectual property or inside information
  • Interrupt production or negatively impact customer interactions
  • Make a “new friend” within an organization with ulterior motives
  • Hijack resources to broadcast a political message or social stance to a large audience
  • Collect technical profile details about an environment for collaboration and exploration for a future attack

The motives of an attacker will have a strong influence on the methods they employ to get what they want. The list of motives we visualize will often include more than a single item; so it comes as no surprise that the list of methods will constantly expand. It is important to note that the most persistent and effective attacks often employ multiple vectors or a mixture of methods to accomplish their goals. Let’s look at a short list of attacker methods, which is by no means all inclusive, but represents a sampling of real-world attacker methods:

  • Craft and register a reasonable domain name and combine it with a filter-friendly phishing e-mail to obtain access or information
  • Utilize a portable media device containing attractive files to accelerate the pace of an attack
  • Employ voice based methods to generate revealing, “off the record” conversations with employees
  • Study the surface of an organization to gleam information about employee groups, promotions, and news items about the company
  • Utilize direct SMS/text based messaging to gain access to employees outside of standard perimeter detection

Strategically simulating “what if” scenarios generated from the attacker perspective provides a premium level of real-world visibility and objective evidence. This visibility can only be obtained through sustained studies of BOTH the motives and methods of attackers. When these scenarios go from concept to application through a sound, safe, and secure method of testing and measuring; we not only gain visibility into our people, process, and technology layers; we gain this visibility from The Attacker Perspective.

Related posts