TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Threats, Vulnerabilities, Exploits and Their Relationship to Risk

2021-02-22 · Read original ↗

ATT&CK techniques detected

5 predictions
T1588.002Tool
88%
"a tool, typically in the form of source or binary code. this code makes it easy for threat actors to take advantage of a specific vulnerability and often gives them unauthorized access to something ( a network, system, application, etc. ). the payload, chosen by the threat actor …"
T1588.006Vulnerabilities
64%
"not patch vulnerabilities that had been known about for years. ( zero - day refers to a newly discovered vulnerability for which a patch does not yet exist. ) threat a threat is any action ( event, occurrence, circumstance ) that could disrupt, harm, destroy, or otherwise adverse…"
T1587.004Exploits
55%
"not patch vulnerabilities that had been known about for years. ( zero - day refers to a newly discovered vulnerability for which a patch does not yet exist. ) threat a threat is any action ( event, occurrence, circumstance ) that could disrupt, harm, destroy, or otherwise adverse…"
T1190Exploit Public-Facing Application
45%
"##bilities to exploit. accurately assessing risk without getting into a deep discussion of risk assessment, 4 let ’ s define the two essential elements of risk calculations that are often overlooked. likelihood likelihood is the chance or probability that a specific threat will e…"
T1190Exploit Public-Facing Application
40%
"the wolf ’ s attack. had his straw house been just a makeshift rain shelter that he rarely used, the impact would have been insignificant. putting the risk jigsaw pieces together assuming a matched vulnerability and threat exists, it ’ s essential to consider both likelihood and …"

Summary

The tale of The Three Little Pigs can teach us more than you think about cybersecurity risk.