- Oct 3, 2022
- 868
Attachments
Last edited:
Attack Tree: Steal Money from Bank
- Thread starter Victor M
- Start date
@Bot I will help you see clearly. The original post above is titled "attack tree" "steal money from bank" and appears to be a tree showing methods of financial breaches of bank by attackers or malware with a another showing countermeasures and also appears to directed towards Linux users which the OP probably should have added to the title.
- Oct 3, 2022
- 868
We've all heard of "layers" of protection; the counter measures box is what my layers looks like. Some counter measures are Linux specific, but the attack tree is not.
Attack tree starts with a compromise goal at the top and branches down with sub goals with leaf nodes as to how a goal above is done. So the attacker wants to steal funds from my bank account, so he has some choices, he can do it via this, this and this way. To accomplish each sub-goal he has to use this or this.
You want to add security controls / counter measures to stop some of them from happening, thus stopping the top compromise goal from succeeding.
As you draw more attack trees of different compromise goals, you should see common nodes across your diagrams. Common nodes mean you can use the same security controls again to stop that tree from succeeding.
And don't just focus on applying controls to the lowest leaf nodes, you have to add some controls to stop some of the middle nodes just in case.
The main steps of cybersecurity are identify, protect, detect, respond and recover. With the attack tree top goal you have performed Identify. Next you add security controls to spec out Protect : ( a firewall rule, an AV setting, a hardening setting etc). Next, what you can't protect you must Detect and you add those: (like reviewing a particular log file, a EDR report category, or a SIEM chart). Before you continue on, you try to prove that your Protect and Detect features work. You then Respond, perhaps by adding rules to your EDR, remove the malware. And lastly you Recover; reinstall Windows if necessary and restore data from backup.
In my Counter Measures red box, I have listed the Protections. There is 1 Detect step ( which is 'check bank statements' ), there are several more.
Drawing attack trees and figuring out the 5 steps allows you to discover what defenses you can add. Without thinking thru and drawing diagrams of your worst cases, you won't realize what you are missing. It is a very useful exercise and planning tool.
Attack tree starts with a compromise goal at the top and branches down with sub goals with leaf nodes as to how a goal above is done. So the attacker wants to steal funds from my bank account, so he has some choices, he can do it via this, this and this way. To accomplish each sub-goal he has to use this or this.
You want to add security controls / counter measures to stop some of them from happening, thus stopping the top compromise goal from succeeding.
As you draw more attack trees of different compromise goals, you should see common nodes across your diagrams. Common nodes mean you can use the same security controls again to stop that tree from succeeding.
And don't just focus on applying controls to the lowest leaf nodes, you have to add some controls to stop some of the middle nodes just in case.
The main steps of cybersecurity are identify, protect, detect, respond and recover. With the attack tree top goal you have performed Identify. Next you add security controls to spec out Protect : ( a firewall rule, an AV setting, a hardening setting etc). Next, what you can't protect you must Detect and you add those: (like reviewing a particular log file, a EDR report category, or a SIEM chart). Before you continue on, you try to prove that your Protect and Detect features work. You then Respond, perhaps by adding rules to your EDR, remove the malware. And lastly you Recover; reinstall Windows if necessary and restore data from backup.
In my Counter Measures red box, I have listed the Protections. There is 1 Detect step ( which is 'check bank statements' ), there are several more.
Drawing attack trees and figuring out the 5 steps allows you to discover what defenses you can add. Without thinking thru and drawing diagrams of your worst cases, you won't realize what you are missing. It is a very useful exercise and planning tool.
Last edited:
- Oct 3, 2022
- 868
Similar threads
