Threat modeling is the proactive process of identifying and planning countermeasures to stop threats and risks from affecting your company. You can also approach threat modeling from the attacker’s point of view. This allows you to gather information about how hackers attack similar companies to yours and plan your countermeasures. It can also be done from an asset view. This involves identifying the assets that are most important to your company and then looking at all possible ways that that asset could be compromised. Then, you will create security controls to stop that from happening. While neither method is more efficient than the other, they all accomplish the same purpose.
Elements for Threat Modeling
Threat Actor A state, group, or individual who has malicious intent is called a threat actor. This usually refers to cybercriminals who are seeking to attack private companies or governments in order for political, financial or military gain. You can categorize threat actors based on their motivations and, to a certain extent, their level of sophistication. These are the most popular types of threat actor:
Because of their planning, coordination and resources, some threat actors can be more dangerous than others.
They are often referred to as advanced persistent threat (APTs) because they are the most organized and capable of carrying out large-scale and lasting cyber attacks. The nation state actors are often the most sophisticated, with vast amounts of resources provided by their governments. They also have relationships with companies in the private sector and can leverage organized crime groups to achieve their goals.
Moderate to low-level hackers, terrorist groups, thrill-seekers, and script kiddies are all considered to be moderately sophisticated. They rely on public exploits, which require very little technical skill and rarely have an effect on their targets.
Insider Threats: These individuals work within a company and are often disgruntled employees seeking revenge. They can be associated with any of these groups and act as insiders, providing information about the company and allowing them to access the company’s network.
Threat Vectors: This is a way for threat actors to gain access to a computer network by exploiting vulnerabilities. Six main points or pathways to a computer system are available:
- Web Applications
- Remote access portals
- Mobile Devices
A computer system can be compromised by social engineering, such as phishing email and text messages, or a programmatic threat vector like a virus or unpatched vulnerability.
Cyber Threat Surround: The cyber threat surface is a list of all possible endpoints that a threat actor might attempt to exploit to hack into your business. This includes all devices connected to the internet, as well as people or processes that could give them access to sensitive information. You need to know at least the basics of your cyber threat to be able to make appropriate plans to protect your company.
Countermeasures: Once your threat actors have been identified, you can begin to plan countermeasures. To ensure defense in depth, countermeasures will require a number of redundant security controls. Defense in depth simply refers to the protection of all resources. This means that even if one control fails, other controls will protect them. Defense in Depth means that an attacker must bypass multiple layers to be successful.
Commonly used threat modeling frameworks
STRIDE is a model that Microsoft created to assist applications in meeting the security directives set forth by the CIA Triad. These include Confidentiality and Integrity, Availability, and Authentication Authorization and Non-Repudiation. STRIDE stands to deceive, tamper, repudiation, information disclosure, denial of service (DoS), as well as elevation of privilege.
Spoofing This is impersonating another person (eg IP address), without their knowledge. This is against the principle of proper authentication.
Tampering: This involves making unauthorized modifications to memory, disks, networks, etc. and is a violation of the principle integrity.
Repudiation Repudiation refers to the act of claiming you didn’t do anything, but in reality you did. Repudiation cannot be used to hold people accountable for their actions. It is important to uphold non-repudiation so that actions can be traced back to the original perpetrator.
Information Disclosure: Information should be only disclosed to authorized users. Incorrect information disclosure refers to information that is made accessible to someone who isn’t authorized.
Denial-of-Service:This attack exhausts resources needed for a business offering services. To prevent users from accessing the google.com website, you could send a lot of data packets. It can compromise a company’s ability to reach customers and employees.
Elevation in Privilege: When a user can increase their access beyond what they are authorized to do. If a website error allows a normal user the ability to become an administrator, it would allow them to perform actions that they are not authorized.
MITRE ATT&CK Framework
MITRE ATT&CK provides a global information base on adversary tactics. This information is used to develop threat models and provides a detailed overview of common hacking techniques. has the complete information, but I’ve included a small excerpt below.
It stands for Process for Attack Simulation and Threat Analysis and focuses on threat modeling as viewed from the hacker’s perspective. It is designed to simulate attacks on applications, analyze them and mitigate the risks. This will allow you to achieve a sufficient level of security by fixing the issues that were found during simulations.
Trike Threat Modeling
This framework is designed to satisfy security audit requirements. It focuses on each asset’s risk. Trike employs a requirements model that assigns a level of risk to each company asset. After creating the requirements model, the team creates data flow charts (DFD) that show how each system manipulates, stores, and moves data. Once you have a good understanding of the system and the risk level, you can identify potential threats to each asset and give it the appropriate risk rating. Finally, you will assign security controls to each asset until each asset’s risk is within the acceptable range as defined in the requirement model.
This model stands for Visual, Agile and Simple Threat modeling. It focuses on the entire lifecycle of software development (SDLC) within an organization. It is built on three pillars.
This method focuses on assessing the risk probability by looking at five factors.
OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation), is a method of threat modeling that helps you to identify and assess the risk to your IT assets. This involves identifying and evaluating the most critical components of your IT infrastructure, and then assessing how these threats could negatively impact Confidentiality and Integrity of your IT systems.