New “Cognitive Attack Loop” Helps Defenders Better Understand Modern Cybercriminal Cognitions via an Attack Cycle Comprising Three Distinct Phases
Carbon Black , a leader in cloud-native endpoint protection released a ground-breaking white paper that proposes an updated cybersecurity kill chain model to help defenders stay ahead of evolving cyberattacks.
The paper, “Cognitions of a Cybercriminal: Introducing the Cognitive Attack Loop and the 3 Phases of Cybercriminal Behavior,” delves into the various ways cybercriminals have evolved in recent years and offers specific guidelines for CISOs and security professionals to help manage risk.
“We believe cybersecurity professionals should be looking at existing kill chain models with a new lens,” said Tom Kellermann, Carbon Black’s Chief Cybersecurity Officer and the paper’s primary author. “It’s no longer helpful to approach cybersecurity linearly. Cognitions and context are critical and help reveal attackers’ intent. Understanding the root cause of attacks and the way attackers think is paramount to good cybersecurity. With the ‘Cognitive Attack Loop,’ we’re offering defenders an updated model of how attackers think and behave.”
The paper outlines, in detail, the three phases proposed in the Cognitive Attack Loop Recon & Infiltrate; Maintain & Manipulate; and Execute & Exfiltrate.
The Cognitive Attack Loop was borne from insight provided by Carbon Black’s cloud-native endpoint protection platform (EPP), which collects terabytes of data per day from around the globe, as well as insights from the Carbon Black Threat Analysis Unit (TAU).
“The more insight defenders have into cybercriminal behavior, the more effective technology can be in recognizing and stopping suspicious activity,” Kellermann said. “The patterns we see in attack data transcend any individual attack and allow us to provide protection against a broad set of threats without relying on specific pre-discovered indicators of compromise (IOCs). With the Cognitive Attack Loop, we’ve taken the various insights from our cloud-native EPP and our threat research efforts to arrive at a modern cycle that helps uncover cybercriminal behavior and gives defenders a true sense of how modern attackers are operating.”