Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Attack Tree: Steal Money from Bank
Message
<blockquote data-quote="Victor M" data-source="post: 1097178" data-attributes="member: 96560"><p>We've all heard of "layers" of protection; the counter measures box is what my layers looks like. Some counter measures are Linux specific, but the attack tree is not.</p><p></p><p>Attack tree starts with a compromise goal at the top and branches down with sub goals with leaf nodes as to how a goal above is done. So the attacker wants to steal funds from my bank account, so he has some choices, he can do it via this, this and this way. To accomplish each sub-goal he has to use this or this.</p><p></p><p>You want to add security controls / counter measures to stop some of them from happening, thus stopping the top compromise goal from succeeding.</p><p></p><p>As you draw more attack trees of different compromise goals, you should see common nodes across your diagrams. Common nodes mean you can use the same security controls again to stop that tree from succeeding.</p><p></p><p>And don't just focus on applying controls to the lowest leaf nodes, you have to add some controls to stop some of the middle nodes just in case.</p><p></p><p>The main steps of cybersecurity are identify, protect, detect, respond and recover. With the attack tree top goal you have performed Identify. Next you add security controls to spec out Protect : ( a firewall rule, an AV setting, a hardening setting etc). Next, what you can't protect you must Detect and you add those: (like reviewing a particular log file, a EDR report category, or a SIEM chart). Before you continue on, you try to prove that your Protect and Detect features work. You then Respond, perhaps by adding rules to your EDR, remove the malware. And lastly you Recover; reinstall Windows if necessary and restore data from backup.</p><p></p><p>In my Counter Measures red box, I have listed the Protections. There is 1 Detect step ( which is 'check bank statements' ), there are several more.</p><p></p><p>Drawing attack trees and figuring out the 5 steps allows you to discover what defenses you can add. Without thinking thru and drawing diagrams of your worst cases, you won't realize what you are missing. It is a very useful exercise and planning tool.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1097178, member: 96560"] We've all heard of "layers" of protection; the counter measures box is what my layers looks like. Some counter measures are Linux specific, but the attack tree is not. Attack tree starts with a compromise goal at the top and branches down with sub goals with leaf nodes as to how a goal above is done. So the attacker wants to steal funds from my bank account, so he has some choices, he can do it via this, this and this way. To accomplish each sub-goal he has to use this or this. You want to add security controls / counter measures to stop some of them from happening, thus stopping the top compromise goal from succeeding. As you draw more attack trees of different compromise goals, you should see common nodes across your diagrams. Common nodes mean you can use the same security controls again to stop that tree from succeeding. And don't just focus on applying controls to the lowest leaf nodes, you have to add some controls to stop some of the middle nodes just in case. The main steps of cybersecurity are identify, protect, detect, respond and recover. With the attack tree top goal you have performed Identify. Next you add security controls to spec out Protect : ( a firewall rule, an AV setting, a hardening setting etc). Next, what you can't protect you must Detect and you add those: (like reviewing a particular log file, a EDR report category, or a SIEM chart). Before you continue on, you try to prove that your Protect and Detect features work. You then Respond, perhaps by adding rules to your EDR, remove the malware. And lastly you Recover; reinstall Windows if necessary and restore data from backup. In my Counter Measures red box, I have listed the Protections. There is 1 Detect step ( which is 'check bank statements' ), there are several more. Drawing attack trees and figuring out the 5 steps allows you to discover what defenses you can add. Without thinking thru and drawing diagrams of your worst cases, you won't realize what you are missing. It is a very useful exercise and planning tool. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
