16 July 2016

Utility of Attack: Target Selection and Execution...

The threat spectrum for Operational Risk Management (ORM) professionals is wide and they are constantly evaluating opportunities to learn.  Recent data breaches, terrorist attacks and the strategies utilized by adversaries online and on the ground, has surfaced another key lesson learned:
u·til·i·ty n. (pl. -ties) 1 the state of being useful, profitable, or beneficial (in game theory or economics) a measure of that which is sought to be maximized in any situation involving a choice.  The New Oxford American Dictionary
Here are two data breach examples:
  1. On May 30, 2016, Omni Hotels discovered they were the victim of malware attacks on their network affecting specific point of sale systems on-site at some Omni properties. The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date. They have no indication that reservation or Select Guest membership systems were affected.  50,000 records are impacted.
  2. Prior to May 2016, identity thieves stole tax and salary data from big-three credit bureau Equifax Inc., according to a letter that grocery giant Kroger sent to all current and some former employees. The nation’s largest grocery chain by revenue appears to be one of several Equifax customers that were similarly victimized this year. Atlanta-based Equifax’s W-2 Express site makes electronic W-2 forms accessible for download for many companies, including Kroger — which employs more than 431,000 people.  According to a letter Kroger sent to employees dated May 5 2016, thieves were able to access W-2 data merely by entering at Equifax’s portal the employee’s default PIN code, which was nothing more than the last four digits of the employee’s Social Security number and their four-digit birth year.
Here are two terrorist attack examples:

In two major domestic terrorism events in the United States this past year, "Utility" was a major factor and should not be discounted, in analyzing motivations and "modus operandi" of homegrown violent extremists.  In San Bernardino, CA the adversaries were planning a major attack and had already stockpiled explosives and ammunition.  In Dallas (Mesquite), TX the adversary was planning a major attack and had already stockpiled a cache of explosives as well.

In both of these cases, the adversaries had accumulated and trained to use explosives in an attack.  Then they came upon a choice.  A utility.
  1. In San Bernardino, an incident with government co-workers motivated the employee attacker to deviate from the intended plans and to capitalize on the "Utility" of a workplace holiday gathering at the county facilities.
  2. In Dallas, a peaceful protest march that would attract a significant government presence of police officers, motivated the attacker to deviate from future plans and to capitalize on the "Utility" of a public gathering.
Dr. Erroll Southers is correct:
While the impetus for attack is rooted in beliefs, a terrorist’s selection of how and where to attack is based on a consideration of utility. This is the estimate of an attack’s consequences with respect to the intended target’s value as a domestic or international interest and the political impact the attack will have on the intended audience. Utility is a primary consideration for extremists during preparation for an attack, weighing desired results against the investment in activities to plan, rehearse and execute an operation. Always mindful of the aftermath, utility weighs heavily in the decision-making process of target selection, possible attack paths, methodologies and execution.  Southers, Erroll (2014-09-25). Homegrown Violent Extremism (pp. 9-10).
In both cases, the adversaries accelerated their plans.  They abandoned their use of explosives and a future planned event, to act on their emotions and motivations of the moment.  Domestic Terrorism in the United States will continue at a rapid pace without a more serious focus, on Homegrown Violent Extremism.

Whether it be online with the trust of your data systems or offline with the safety and security of your citizens, employees and facilities, beware of the changing opportunities for your adversaries, to launch their attack...
Utility, leveraged by your adversaries, is a consideration that must be continuously evaluated and analyzed in your particular threat environment. 

No comments:

Post a Comment