Carbon Black releases New Cyber Kill Chain Framework for Modern Attacks

Date: 1-Aug-2019
Location: Singapore

Cybersecurity today is like a poker game. Attackers are now making decisions and changing their strategy during play. Just like at a poker table, security teams need to understand the “tells” of your attacker, and play the players — by using data to make the best decision for each hand.

So how do you defend your chips and walk away victorious?

Carbon Black today released a ground-breaking white paper that proposes a new approach to help defenders stay ahead of evolving cyberattacks – by analyzing the attacker’s behavior and identifying their intent. The paper, “Cognitions of a Cybercriminal: Introducing the Cognitive Attack Loop and the 3 Phases of Cybercriminal Behavior,” delves into the various ways cybercriminals have evolved in recent years and offers specific guidelines for CISOs and security professionals to help manage risk.

“Cyber attackers have begun to fight back when detected, and traditional security approaches are too often too “loud.” Instead of switching the lights on and calling the attacker out immediately, security teams should first lay low and watch the attacker, as their behaviour patterns will reveal their intent,” said Tom Kellermann, Chief Cybersecurity Officer at Carbon Black.

In the paper, Tom suggests that there are three key phases in cybercriminal behavior:
  • Recon & Infiltrate, the initial phase of cybercriminal behavior where the attacker is preparing their operation
  • Maintain & Manipulate, when the attackers are already “in your house” and you need to get them out
  • Execute & Infiltrate, the final phase where the attacker is executing on their end goals
Tom added, “To be effective at cybersecurity, we need to get inside the minds of cybercriminals and understand the motivations driving their behaviors. Attackers have “tells,” much like poker players. These “tells” often appear in the data. Defenders can exploit these tells and gain the advantage by understanding the data.”