Attack tree, or threat tree, is a visualization model that encompasses multiple attacks that may or may not be related to one another, but all support a given attack motive. It is based upon a repository of attacks, derived from actual vulnerabilities and attack libraries. The attack tree represents a multitude of branches and nodes (or leaves) that describe associated vulnerabilities, attack vectors, and targets (assets).
Attack tree is a valuable aid to any cybersecurity framework that depicts probable threat scenarios along with their associated attacks. It is developed during a threat modeling process called PASTA (Process for Attack Simulation and Threat Analysis).
In the age of rapidly developing cyber landscape, evolving threat trends, and unstable geopolitics, the importance of threat modeling is unquestionable. VerSprite’s CEO Tony UcedaVelez pioneered PASTA risk-centric threat modeling methodology, which centers around offensive approach to security. This methodology integrates business impact, inherent application risk, trust boundaries among application components, correlated threats, and attack patterns that exploit identified weaknesses from the threat modeling exercises. The attack tree is used to visually represent the logistical manner in which single and layered attacks can be conducted against targets or assets.
Apart from dissecting attack patterns and mapping them to assets and vulnerabilities, attack trees offer a conceptual understanding as to where countermeasures should exist and where they should be applied within the context of the threat. Such attack models are best developed at the inception of the application development process. However, they can be built at any stage and applied to applications, as well as organizations in whole.
To demonstrate the use of an attack tree, we developed a sample for healthcare industry. Healthcare is one of the prime targets for threat actors due to its expending attack surfaces, vast amount of sensitive data, and the complexity around securing it. Healthcare faces a plethora of attacks that not only can result in the loss of sensitive data, but also put human safety at risk.
The following attack tree sample depicts one of the healthcare assets that can be targeted, a Bluetooth enabled peacemaker, and leads us through the vectors of possible exploitation. It arms the security operations center personal by clearly depicting vulnerabilities and allowing for timely remediation.