В одной из прошлых колонок я рассказал о стадиях целенаправленных атак (kill chain). Первая стадия, стадия «разведки», начинается задолго до того, как атакующий дотронется до первой машины жертвы. От количества и качества данных, собранных на этом этапе, зависит успешность атаки и, самое главное, стоимость ее проведения.
During the previous post, we discussed the meaning of the different types of attacks, which are extremely complex and involve a large number of targeted actions performed by attackers. In this part, I would like to talk about so-called quantitative research of the attacks used to analyze the maturity level of existing protective technologies and security approaches.
What can we do to eliminate the risk of the targeted attacks? Obviously, we need to implement some kind of technical solution, which would combine the best ideas in the field of unknown threats detection. However, before talking about the solution, let’s try to understand the nature and the meaning of the “targeted attack,” as well as key principles of an offensive operation.
Historically “Indicator of Compromise” appears as a result of compromise. That’s why there is still an illusion that the attacker is one step ahead of his victim. However, the asymmetry can be removed. Classical methods of collecting and processing attributes of an attacker, who has already left his tracks somewhere, can be supplemented and enriched with a new source of IoCs – the Proactive Threat Intelligence.