7Vulnerability Chaining
Vulnerability chaining is defined as the usage of multiple vulnerabilities to create critical cyberattacks in the FIRST CVSS User Guide (www.first.org/cvss/v3.0/user-guide). The use of multiple vulnerabilities in combination is a common tactic used by hackers and red teamers to compromise systems. Vulnerability chaining, however, isn't typically defined in Vulnerability Management Programs (VMPs), or used as a technique for prioritization and remediation.
This chapter will explore the use of vulnerability chains within a cybersecurity program, specifically in the remediation aspect of VMPs. Examples of chained vulnerabilities will be provided, including possible remediation paths for each situation. Each organization will have its own unique vulnerability considerations, but each scenario will provide a path forward to implementing chained vulnerabilities into their cybersecurity programs.
Vulnerability Chaining Attacks
Vulnerability chaining attacks have only recently become part of the mainstream conversation of vulnerability management, but they have been leveraged by advanced persistent threat (APT) groups for many years. Some documentation links vulnerability chaining directly to APT-type attacks, including a 2020 article by the Cybersecurity and Infrastructure Security Agency (CISA) on how APT groups leverage vulnerability chains against critical infrastructure and election organizations (read the article at www.cisa.gov/news-events/cybersecurity-advisories/aa20-283a ...
Get Effective Vulnerability Management now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
