Security Posture by Example

Scenario 22 - Attack on Crypto Exchange

This scenario was created by looking at the bigger picture (from a security posture attribute viewpoint) of the example in section 7.2 of X.1215 STIX Use Cases

When Entertain Mod, a wholly owned subsidiary of Amalgamated, pivots towards E-gaming, the brilliant idea for a first person shooter tournament with a cryptocurrency bounty is met with mixed acclaim. While professional gamers wonder if they have the right stuff to take the purse, serious malware actors know beyond a shadow of a doubt that they can walk away with the prize.

A sophisticated spear phishing attack targets Entertain Mod in the form of an email link that downloads a dynamic link library via an undetected vulnerability tucked away in a word processing script.

A multi-dimensional threat vector presents little in the way of easy solutions, but a raft of posture assessment tactics are subsequently deployed to render the full scope of the project with STIX's flexible framework.

"observed data" and "sightings" object types begin to collate and coordinate knowledge about the origins, intentions, operation spaces, and individual files used in the attack. Exploits and droppers are parsed apart and united again in relational objects.

These are mission-defining moments for Entertain Mod's cybersecurity team and a make-or-break for the e-gaming tournament initiative. As STIX information accumulates and individual vector links and hash values receive finer focus, traffic to and from the infected machines is isolated and the company's crypto wallet remains beyond reach.