The MITRE ATT&CK Framework is an excellent resource for understanding how bad-guy TTP’s (tactics, techniques and procedures) can be used to get inside your network. The Framework enables an after-action analysis of an attack.
However, some argue that recent cyberattacks were all but inevitable.
So, stepping back from the Framework and understanding the attacker’s point of view can also be instructive. Attackers use the KISS (“Keep it Simple, Stupid”) principle when designing an attack. That is, they probe for the likely weak spot in the system. In most cases, that’s the user. The user can be fooled into giving up a secret password by clicking on a malicious link, or any of a laundry list of cybersecurity mistakes like failing to upgrade software to the latest version.
With this KISS principle, attackers defeat sophisticated cybersecurity technology by going after the human user. No amount of technology, “best practices'', cyber hygiene, training, or hand wringing is going to stop these attacks.
Instead, we must also apply the KISS principle to our cybersecurity thinking and understand the core vulnerabilities. At QWERX we understand these to be the secrets that humans cannot protect, including the static credentials that provide a passport for attackers to access networks.
That’s why we eliminate both the human user from the security chain and the static credentials that can be misused.