Cognitions of a Cybercriminal: Introducing the Cognitive Attack Loop and the 3 Phases of Cybercriminal Behavior

The paper delves into the various ways cybercriminals have evolved in recent years and offers specific guidelines for CISOs and security professionals to help manage risk.

“We believe cybersecurity professionals should be looking at existing kill chain models with a new lens,” said Tom Kellermann, Carbon Black’s Chief Cybersecurity Officer and the paper’s primary author.  “It’s no longer helpful to approach cybersecurity linearly. Cognitions and context are critical and help reveal attackers’ intent. Understanding the root cause of attacks and the way attackers think is paramount to good cybersecurity. With the ‘Cognitive Attack Loop,’ we’re offering defenders an updated model at how attackers think and behave.”

The paper outlines, in detail, the three phases proposed in the Cognitive Attack Loop – Recon & Infiltrate; Maintain & Manipulate; and Execute & Exfiltrate.