Tim Pappa (Walmart)

The evolution of vulnerability markets and disclosure norms has increasingly conditioned vulnerability and vulnerability patching disclosures to audiences. A limited collection of studies in the past two decades has attempted to empirically examine the frequency and the nature of attacks or threat activity related to the type of vulnerability disclosure, generally finding that the frequency of attacks appeared to decrease after disclosure. This presentation proposes extraordinary disclosures of software removal to disrupt collection baselines, suggesting that disclosure of unnamed but topical enterprise software such as enterprise deception software could create a singular, unique period of collection to compare to baseline cyber threat activity. This disruptive collection event could provide cyber threat intelligence teams and SOCs greater visibility into the periodicity and behaviors of known and unknown threat actors targeting them. The extraordinary disclosure of the removal of enterprise software could suggest there are present vulnerabilities on networks, which could prompt increased cyber threat actor attention and focused threat activity, because there is uncertainty about the removal of the software and the replacement of software, depending on the perceived function and capability of that software. This presentation is exploratory, recognizing that there is perhaps anecdotal but generally limited understanding of how cyber threat actors would respond if an organization disclosed the removal of enterprise software to audiences. This presentation proposes an integrated conceptual interpretation of the foundational theoretical frameworks that explain why and how people respond behaviorally to risk and reward and anticipated regret, applied in a context of influencing threat actors with extraordinary disclosures of removal of enterprise software.

View More Papers

An Experimental Study on Attacking Homogeneous Averaging Processes via...

Olsan Ozbay (Dept. ECE, University of Maryland), Yuntao Liu (ISR, University of Maryland), Ankur Srivastava (Dept. ECE, ISR, University of Maryland)

Read More

Enhance Stealthiness and Transferability of Adversarial Attacks with Class...

Hui Xia (Ocean University of China), Rui Zhang (Ocean University of China), Zi Kang (Ocean University of China), Shuliang Jiang (Ocean University of China), Shuo Xu (Ocean University of China)

Read More

The Advantages of Distributed TCAM Firewalls in Automotive Real-Time...

Evan Allen (Virginia Tech), Zeb Bowden (Virginia Tech Transportation Institute), J. Scot Ransbottom (Virginia Tech)

Read More

Exploiting Diagnostic Protocol Vulnerabilities on Embedded Networks in Commercial...

Carson Green, Rik Chatterjee, Jeremy Daily (Colorado State University)

Read More