دانلود کتاب Cognitions of a Cybercriminal: Introducing the Cognitive Attack Loop and the 3 Phases of Cybercriminal Behavior

We have a fundamental saying at Carbon Black: “Cybersecurity is all about the data.”
I love this saying. In understanding the data, we can better understand behaviors. And, in better understanding behaviors, we can better understand attackers.
Much like a detective in the physical world pieces together information to solve a robbery, Carbon Black instantly pieces together all of the relevant endpoint data to better understand how criminals behave.
When it comes to cybercriminal behaviors, the Lockheed Martin Cyber Kill Chain® has been the de facto standard for years. I believe we should be looking at this model with a new lens. Attackers have evolved dramatically in recent years by using fileless attacks, lateral movement, counter incident response and island hopping in attacks. Consequently, we must be measuring success in how well we can disrupt these behaviors.
To that end, I am proposing what we’re calling the “Cognitive Attack Loop” —a three-step cycle that continues to repeat and evolve. Attackers are dynamic and constantly evolving. It’s no longer helpful to approach cybersecurity linearly. As this paper will discuss, cognitions and context help reveal intent. Understanding the root cause of attacks and the way attackers think is paramount to this.
To be effective at cybersecurity, we need to get inside the minds of cybercriminals and understand the motivations driving their behaviors. Attackers have “tells,” much like poker players. These “tells” often appear in the data. Defenders can exploit these tells and gain the advantage by understanding the data.
Thank you for reading this paper and for joining me here as we delve into the cognitions that govern cybercriminal behaviors.
And, if you’re interested in hearing more, check out the recent webinar we did on the topic, or visit Carbon Black’s Howler Hub!