gdbassett
commented
5 years ago Gabe to reach out to contacts & academia to build potential proposal. likely to add to VCDB not verisc.
Closed gdbassett closed 4 years ago
gdbassett
commented
5 years ago Gabe to reach out to contacts & academia to build potential proposal. likely to add to VCDB not verisc.
gdbassett
commented
5 years ago Things likely not to make the cut and need their own issue:
• Internal Capabilities, (skills developed internally that can be used to accomplish actions or accomplish other investments) o Exploit development o Vulnerability Discovery o Penetration o Exfiltration o Reverse engineering o Social engineering o Living off the land o Other o Unknown
Leaving for further consideration as it’s not really strategic nor clear based on what the attackers did. • Non-Distribution services o Crypting (obfuscate malicious files)
Could consider making ‘investments’ a list of objects with both the varieties listed above and an option of ‘vertically integrated’ or ‘purchased’
gdbassett
commented
5 years ago Add in commit a39fa80.
In https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-van_wegberg.pdf Figure 2 (and by reference https://cseweb.ucsd.edu/~savage/papers/WEIS15.pdf and others), a value chain is established: Development->Distribution->Take-over->cash-out (this could also be compared to the lockheed martin Cyber Kill Chain (tm). The current DBIR 4A's only capture the 'take-over' step of the value chain. Capturing other portions of the value chain necessary to enable the attack (bulletproof hosting, credentials, email, etc) may allow better analysis of how to take action against breaches.
This would likely take the form of a 'value-chain' type feature with the categories and enumerations listed in van wegberg (plus any others we have evidence of).