The assumption that a cyberattacker will potentially exploit all present vulnerabilities drives most modern cyber risk management practices and the corresponding security investments. We propose a new attacker model, based on dynamic optimization, where we demonstrate that large, initial, fixed costs of exploit development induce attackers to delay implementation and deployment of exploits of vulnerabilities. The theoretical model predicts that mass attackers will preferably (i) exploit only one vulnerability per software version, (ii) largely include only vulnerabilities requiring low attack complexity, and (iii) be slow at trying to weaponize new vulnerabilities. These predictions are empirically validated on a large data set of observed massed attacks launched against a large collection of information systems. Findings in this article allow cyber risk managers to better concentrate their efforts for vulnerability management, and set a new theoretical and empirical basis for further research defining attacker (offensive) processes.
The Work-Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures / Allodi, L.; Massacci, F.; Williams, J.. - In: RISK ANALYSIS. - ISSN 0272-4332. - early view:(2021), pp. 1-20. [10.1111/risa.13732]
The Work-Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures
Massacci F.;Williams J.
2021-01-01
Abstract
The assumption that a cyberattacker will potentially exploit all present vulnerabilities drives most modern cyber risk management practices and the corresponding security investments. We propose a new attacker model, based on dynamic optimization, where we demonstrate that large, initial, fixed costs of exploit development induce attackers to delay implementation and deployment of exploits of vulnerabilities. The theoretical model predicts that mass attackers will preferably (i) exploit only one vulnerability per software version, (ii) largely include only vulnerabilities requiring low attack complexity, and (iii) be slow at trying to weaponize new vulnerabilities. These predictions are empirically validated on a large data set of observed massed attacks launched against a large collection of information systems. Findings in this article allow cyber risk managers to better concentrate their efforts for vulnerability management, and set a new theoretical and empirical basis for further research defining attacker (offensive) processes.| File | Dimensione | Formato | |
|---|---|---|---|
|
Risk Analysis - 2021 - Allodi - The Work‐Averse Cyberattacker Model Theory and Evidence from Two Million Attack Signatures.pdf
accesso aperto
Descrizione: Articolo Principale
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Creative commons
Dimensione
696.41 kB
Formato
Adobe PDF
|
696.41 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
