Threat Actors, Attack Surface and Threat Modelling: Medical Infrastructure as An Example.

When threat actors intend to attack or compromise an organization, the first step taken is to understand the nature of business the organization performs.

 Depending on the level of the intended threat (i.e. if it is a state sponsored attack), the threat actor further digs into uncovering documents of financial reports belonging to the organization over the years. By digging into these financial reports, these threat actors are able to have a clear insight on the financial standing of the organization.

This concept is considered reconnaissance on a higher scale. When such information has been discovered, it is certain that the next phase is to uncover attack surfaces. These attack surfaces could be on the supply chain to circumvent or disrupt the delivery of essential facilities, it could be an attack on organization’s network to disrupt internet access to critical infrastructures, industrial control systems, or IoT devices etc.

So,

WHAT IS ATTACK SURFACE?

Attack Surfaces are entry points either physical or digital, which poses as a security weakness granting malicious intended persons unauthorized access to facilities, buildings, infrastructures; to either cause harm, exfiltrate sensitive data, or view classified documents which they aren’t legalized to do. – FixitGearWare Security

Attack surfaces can be classified into two categories:

  • DIGITAL ATTACK SURFACE.
  • PHYSICAL ATTACK SURFACE.

DIGITAL ATTACK SURFACE:

The digital attack surface entry point has to do with the threat actor, or unauthorized persons gaining access into the organization infrastructure using digital platforms which the organization owns or uses as a means of conducting businesses.

 This form of attack surface can be classified into two categories from Fixitgearware Security Perspective.

WEB-APPLICATION AS AN ENTRY POINT:

The web-application as an attack surface, could be on vulnerabilities which exist in the code, security misconfigurations, information disclosure etc. It could also be considered from a social engineering perspective via a social network web-application, which the organization uses in its business operations.

SERVER AS AN ENTRY POINT:

On the server as an attack surface, this can be uncovered from the server running older versions which have security vulnerabilities unpatched. It could also be based on other ports, and open services running which aren’t properly secured, or ports and services belonging to vulnerable applications installed on the server.

These services when identified, could be exploited by a threat actor or malicious hacker.

PHYSICAL ATTACK SURFACE:

The physical entry points are common physical devices and infrastructure, accessible to the threat actor or malicious hacker. This could be storage rooms, physical server rooms, physical backup drives, desktop computers, Wi-Fi Router, network cable ports, USB drives, mobile phones, printers etc.

THREAT MODELLING A MEDICAL INSTITUTION AS A CASE EXAMPLE BY FIXITGEARWARE SECURITY:

THREAT-MODELLING-SAMPLE.png
Sketch of a Medical Institution Facility. Image-source: Fixitgearware Security

CREATING THE THREAT MODEL: A FEW INFORMATIONS ARE TO BE UNDERSTOOD.

The goal is to identify all possible attack surface which a threat actor could find promising, to exploit the infrastructure.  To have an understanding of the attack surface that could compromise the institution above, we have to identify the following:

  • Acquire a deep knowledge of the infrastructure and its designs.
  • Identify the web application, its design, framework, and code.
  • Able to think like the threat actor and identify possible motivation.
  • Enumerate possible potential vulnerabilities.

In the diagram above, which is an illustration of a typical clinic, we would be extracting a few information which we discovered to be security weakness that could pose as an attack surface for both Digital and Physical.  

The goal of this Threat Modelling is to implement the findings in the Risk Assessment.

N.B: We included the attack surface type by FixitGearWare Security, so you can have an understanding on how to rank your Mitigative steps based on (IMPACT & LIKELIHOOD OF OCCURRENCE).

AN EXAMPLE OF THE THREAT MODELLING MATRIX OF THE MEDICAL INFRASTRUCTURE:

THREAT-MODELLING-SAMPLE-CHART.png
Threat modelling Matrix of the Medical Facility. Image-source: Fixitgearware Security.

Threat modelling matrix, helps in planning the Risk Assessment of your organization, which in turn is presented to the stakeholders.

 

 

Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Here”
5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments