![]() ![]() First described by David Bianco in 2013, the ‘Pain’ refers to the pain a detective control will inflict on the adversary. The Pyramid of Pain is a conceptual model for classifying the effectiveness of detective controls. For every paragraph, ask yourself ‘Is there anything here I can use to detect the adversary's activity, and where does this fall on the pyramid?’” The Pyramid of Pain for Cloud Indicators This piece is intended to follow closely the advice given by author of the Pyramid of Pain, David Bianco’s “Whenever you receive new intel on an adversary (whether it be APT1/Comment Crew or any other threat actor), review it carefully against the Pyramid of Pain. In this blog I look to outline the intel in the LastPass communiques and enumerate the attacker indicators while framing the discussion around the Pyramid of Pain. Absent from the public discourse has been a discussion of the indicators that can be gleamed from the various LastPass communications. Opinion pieces have been published both addressing the critical remediation steps for customers and doling out deserved criticism of incident communication. Cybersecurity experts have been quick to respond to the details of the LastPass breach in recent months. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |