Biblio

Advanced Persistent Threat (APT) is a professional stealthy threat actor who uses continuous and sophisticated attack techniques which have not been well mitigated by existing defense strategies. This paper proposes an APT-style cyber-attack tested for distributed energy resources (DER) in cyber-physical environments. The proposed security testbed consists of: 1) a real-time DER simulator; 2) a real-time cyber system using real network systems and a server; and 3) penetration testing tools generating APT-style attacks as cyber events. Moreover, this paper provides a cyber kill chain model for a DER system based on a latest MITRE’s cyber kill chain model to model possible attack stages. Several real cyber-attacks are created and their impacts in a DER system are provided to validate the feasibility of the proposed security testbed for DER systems.

This article describes attacks methods, vectors and technics used by threat actors during pandemic situations in the world. Identifies common targets of threat actors and cyber-attack tactics. The article analyzes cybersecurity challenges and specifies possible solutions and improvements in cybersecurity. Defines cybersecurity controls, which should be taken against analyzed attack vectors.

Emerging trends that are shaping the future of the automotive industry include electrification, autonomous driving, sharing, and connectivity, and these trends keep changing annually. Thus, the automotive industry is shifting from mechanical devices to electronic control devices, and is not moving to Internet of Things devices connected to 5G networks. Owing to the convergence of automobile-information and communication technology (ICT), the safety and convenience features of automobiles have improved significantly. However, cyberattacks that occur in the existing ICT environment and can occur in the upcoming 5G network are being replicated in the automobile environment. In a hyper-connected society where 5G networks are commercially available, automotive security is extremely important, as vehicles become the center of vehicle to everything (V2X) communication connected to everything around them. Designing, developing, and deploying information security techniques for vehicles require a systematic security-risk-assessment and management process throughout the vehicle's lifecycle. To do this, a security risk analysis (SRA) must be performed, which requires an analysis of cyber threats on automotive vehicles. In this study, we introduce a cyber kill chain-based cyberattack analysis method to create a formal vulnerability-analysis system. We can also analyze car-hacking studies that were conducted on real cars to identify the characteristics of the attack stages of existing car-hacking techniques and propose the minimum but essential measures for defense. Finally, we propose an automotive common-vulnerabilities-and-exposure system to manage and share evolving vehicle-related cyberattacks, threats, and vulnerabilities.

Manufacturing limitations, configuration and maintenance flaws associated with the Internet of Things (IoT) devices have resulted in an ever-expanding attack surface. Attackers exploit IoT devices to steal private information, take part in botnets, perform Denial of Service (DoS) attacks and use their resources for the mining of cryptocurrency. In this paper, we experimentally evaluate a hypothesis that attacks on IoT devices follow the generalised Cyber Kill Chain (CKC) model. We used a medium-interaction honeypot to capture and analyse more than 30,000 attacks targeting IoT devices. We classified the steps taken by the attackers using the CKC model and extended CKC to an IoT Kill Chain (IoTKC) model. The IoTKC provides details about IoT-specific attack characteristics and attackers' activities in the exploitation of IoT devices.

Multiple techniques for modeling cybersecurity attacks and defense have been developed. The use of tree- structures as well as techniques proposed by several firms (such as Lockheed Martin's Cyber Kill Chain, Microsoft's STRIDE and the MITRE ATT&CK frameworks) have all been demonstrated. These approaches model actions that can be taken to attack or stopped to secure infrastructure and other resources, at different levels of detail.This paper builds on prior work on using the Blackboard Architecture for cyberwarfare and proposes a generalized solution for modeling framework/paradigm-based attacks that go beyond the deployment of a single exploit against a single identified target. The Blackboard Architecture Cyber Command Entity attack Route (BACCER) identification system combines rules and facts that implement attack type determination and attack decision making logic with actions that implement reconnaissance techniques and attack and defense actions. BACCER's efficacy to model examples of tree-structures and other models is demonstrated herein.

In the context of Advanced Persistent Threat (APT) attacks, this paper introduces a model, called Nuke, which tries to provide a more operational reading of the attackers' lifecycle in a compromised network. It allows to consider the notions of regression; and repetitiveness of final objectives achievement. By confronting this model with examples of recent attacks (Equifax data breach and TV5Monde sabotage), we emphasize the importance of the attack chronology in the Cyber Threat Intelligence (CTI) reports, as well as the Tactics, Techniques and Procedures (TTP) used by the attacker during his progression.

To avoid being discovered by the defenders of a target, APT attackers are using encrypted communication to hide communication features, using code obfuscation and file-less technology to avoid malicious code being easily reversed and leaking out its internal working mechanism, and using misleading content to conceal their identities. And it is clearly ineffective to detect APT attacks by relying on one single technology. All of these tough situation make information security and privacy protection face increasingly serious threats. In this paper, through a deep study of Cyber Kill Chain behaviors, combining with intelligence analysis technology, we transform APT detecting problem to be a measurable mathematical problem through weighted Bayesian classification with correction factor so as to detect APTs and perceive threats. In the solution, we adopted intelligence acquisition technology from massive data, and TFIDF algorithm for calculate attack behavior's weight. Also we designed a correction factor to improve the Markov Weighted Bayesian Model with multiple behaviors being detected by modifying the value of the probability of APT attack.

Over a decade, intelligent and persistent forms of cyber threats have been damaging to the organizations' cyber assets and missions. In this paper, we analyze current cyber kill chain models that explain the adversarial behavior to perform advanced persistent threat (APT) attacks, and propose a cyber kill chain model that can be used in view of cyber situation awareness. Based on the proposed cyber kill chain model, we propose a threat taxonomy that classifies attack tactics and techniques for each attack phase using CAPEC, ATT&CK that classify the attack tactics, techniques, and procedures (TTPs) proposed by MITRE. We also implement a cyber common operational picture (CyCOP) to recognize the situation of cyberspace. The threat situation can be represented on the CyCOP by applying cyber kill chain based threat taxonomy.

It has been discovered that quite a few organizations have become the victims of APT, which is a deliberate and malicious espionage threat to military, political, infrastructure targets for the purpose of stealing the core data or thwarting the normal operation of the organizations. Thus, working out a solution for detecting and predicting APT is a major goal for scientific research. But APT has a characteristic feature of good concealment which prevent we capturing it just in time by existing solutions. In this paper, through a deep study of Cyber Kill Chain, we proposed a solution to detect and predict APTs with hierarchical Knowledge reasoning on the basis of cyber-security-monitoring, intelligence-gathering, etc. The solution seeks for connections between real-time alarms and the intelligence from Hacker Profile, Cyber Resources Profile, Social Engineering Database, Cyber Attack Tool Fingerprint Database, Vulnerability Database, Malicious Code Genome Map, etc. According to our experiments, it is effective and has high accuracy.