Automatic Risk Evaluation of Cyber-Attack Vectors

Defining attack-vector use cases according to attacker skill level
By Liron Benbenishti, cybersecurity researcher, Radiflow LTD

In this post I will discuss risk evaluation of attack vectors and applying Radiflow’s cyber risk evaluation model, which is now incorporated into Radiflow’s iSID Industrial Threat Detection System.

In general, OT networks have very high availability requirements. This makes asset patching a very complicated task, whether the patching is done for operational or cybersecurity purposes.

Therefore, prioritization of patching tasks is crucial for maintaining a strong and relevant cybersecurity posture. This calls for a risk model that takes into account parameters relevant to the organization.

Radiflow’s risk model includes several characteristics and algorithms. This post will focus on the effects of the cyber-attacker’s capabilities and their potential lateral movement within the ICS network.

In a recent whitepaper, we explored and analyzed the different attacker capabilities, based on published cyber-incidents as well as data acquired during various Radiflow assessments. The whitepaper classified attackers’ capabilities using over ten properties. In this post, I’ll use a three-level categorization of attacker skills…