Subversive Multi-Vector Threats
Introducing….The Subversive Multi-Vector Threat
I had originally intended on submitting this to Wikipedia for inclusion within it and Wikitionary however, it was expressed to me that it would be a violation of their Conflict of Interest (COI) policy to publish it there. As a result, I decided to publish here within the friendly confines of the Cassandra Security blog. In doing so, I hope to bring our industry (perhaps a little differently than I had originally intended) a new term to be used with respect to much of what interests me and others in the research community and much of what I spend my time thinking about in addition to researching. Having said that, I’d like to first point out that my purpose is not to promote myself with the introduction of this new term but rather shed some light on what I feel passionately about and believe warrants exposure in addition to reclassification.
Origins of Subversive Multi-Vector Threats (SMT)
As an information security researcher, practitioner, thinker, and so forth, I deduced after much time spent researching and examining them, many of the terms we use in the security industry are neither clear nor comprehensive enough to resonate with larger audiences. This became especially evident to me when I considered the interests of my fellow researchers and peers as we struggle to address the dynamic nature of the threat landscape. As a result, I set out to consider what I believed to be true or common among many of these next generation or advanced threats and came to a wonderfully rich conclusion which you will soon see published as a co-branded work with my friend and colleague John Pirc. I began theorizing that the need to create a new term (one that addresses the true, diverse nature of these threats while avoiding the pigeon hole effect seen and experienced with less appropriate and accommodating terms), due to a lack of a more appropriate alternative was required. Adding to my feeling dissatisfaction with the terminology and the limits it placed on both researchers and analysts, was the matter of contextual relevance. Some terms have more limited application as we have all seen, and due to this and other reasons (this is not to say that they are invalid which should be noted but rather that something else, something new is required to fill the gap I saw), the need to reclassify and create new categories was clear to me.
Definition of Subversive Multi-Vector Threats (SMT)
Subversive Multi-Vector Threats (SMT) are highly sophisticated, well crafted, executed attacks designed to use and exploit as many possible threat vectors as necessary to accomplish the missions milestones. What makes them different than other threats is the willingness to utilize people, process and technology weaknesses in order to meet their ends. Some might argue that this is not unique however I believe the context in which these threats are seen and will continue to be seen unequivocally constitutes something new, unique and different. These threats are designed to, in a dynamic fashion, place a greater or lessor amount of effort and emphasis in one area versus another over time as dictated by the mission’s goals and the leadership behind them. Subversive Multi-Vector Threats (SMTs) are complex unions of human intelligence, information security, communications intelligence / signals intelligence (COMINT)/ (SIGINT), and open sources intelligence (OPSINT) and differ greatly in this sense from other threat classes such as the Advanced Persistent Threat (APT), as a result.
Subversive Multi-Factor Threats (SMT) and Advanced Persistent Threats (APT)
Subversive Multi-Vector Threats (SMTs) differ dramatically from other well-known threat types in a number of ways as described above. The greatest differences noted between the types of threats I describe as being Subversive Multi-Vector Threats lies in the targets of interest and approaches to exploitation taken by each with respect to their targets. Whether they be targets of opportunity or directed, predesignated targets, exploitation mechanisms will vary in the world of the Subversive Multi-Vector Threats whereas in the world of the Advanced Persistent Threats (APT), though the avenues for exploitation may change their overall relevance is entrenched in the realm of the technical. As such, APTs are forced to focus and rely upon technological vulnerabilities present within a system or enterprise in order meet its goals. Not so with the Subversive Multi-Vector Threat. As I mentioned earlier, these threats are not bound to technology alone as an avenue of exploitation but rather often assess both people and process weakness equally in order to identify the path of least resistance while capitalizing upon the weakness of others.
Additionally, APTs are typically identified within the context of environments that cater in part or in their entirety to the public sector. These organizations include DoD, DIB and Intelligence Agencies (though we and others feel that this will change over time). With respect to SMTs, I believe based on research and experience they are more criminally motivated and as a result cast a wider net than do the traditional threats associated with APTs however, this is not to say that one could not easily bleed into another. I believe that SMTs are more sophisticated largely due to their being able to easily identify and exploit weaknesses which have little to nothing to do with technology. SMT’s have the ability to compromise and as a result, take advantage of the weaknesses of character (in addition to their ignorance), demonstrated by people while exploring processes (policies and procedures as well), for deficiencies. I have always traditionally referred to this as the ability of experienced, motivated aggressors to “…knock one of the three legs out from under the three-legged stool upon which all organizations sit.” These legs are: people, process, and technology. To knock one down, any one, creates instability and weakness which can see the organization fall squarely on its bottom. This is paramount in identifying and defining Subversive Multi-Vector Threats (SMTs).
As a result, I argue that Subversive Multi-Factor Threats (SMTs) only further serve to underscore the need for the implementation of soundly constructed, risk-based security programs and frameworks, which address in exhaustive detail the areas, which require in gross detail the areas requiring the greatest levels of diligence and care possible.
Identifying and Addressing Subversive Multi-Vector Threats (SMT)
I believe that Subversive Multi-Vector Threats (SMTs), can only be truly addressed after an organization has assessed itself and identified its vulnerabilities and deficiencies as part of a thorough risk assessment. My assertion is that in doing so an organization can quickly identify areas where vulnerabilities and deficiencies exist which leave them exposed to potential exploitation of people, process and technology in order to gain. Demonstrating unrelenting diligence as part of an ongoing risk management initiative is or should be non-negotiable. Are their technologies which can aid in addressing these threats: yes to a degree. Recall that these threats, Subversive Multi-Vector Threats (SMTs), are not always going to involve technological exploitation. As a result, this could mean that a person who is fully credentialed, fully authorized to be where he or she is, could effectively compromise a system or environment in order to meet the goals of his or her leaders. This is of course quite bad however not impossible to address if you are up to the challenge and willing to invest in what is required to mitigate the threats.
