APT attacks on industrial control systems: A tale of three incidents

Kumar, Rajesh; Kela, Rohan; Singh, Siddhant; Trujillo-Rasúa, Rolando

doi:10.1016/j.ijcip.2022.100521

Cited by 26 publications

(9 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The infection technique primarily involved DLL injection. Additionally, we refer to existing research on hardware supply chain attacks in nuclear power infrastructures [22], [107] to develop a more explicit attack scenario.…”

Section: Case Studymentioning

confidence: 99%

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

Tan,

Marnerides,

Anagnostopoulos

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

Section: Case Studymentioning

confidence: 99%

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

Tan,

Marnerides,

Anagnostopoulos

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…APT attack vectors that are specific tactics or strategies that attackers use to launch APT attacks (Kumar et al, 2022) include techniques such as spear-phishing, malware distribution, network exploitation, social engineering, backdoors, key loggers, video recording of victim activity, and remote administration tools (Stojanović et al, 2020). Frequently, these vectors are used to form a multiphase attack that enables attackers to gain and keep access to a target network while evading detection.…”

Section: Apt Attack Vectorsmentioning

confidence: 99%

A System Dynamics Approach to Evaluate Advanced Persistent Threat Vectors

Nicho¹,

McDermott

Fakhry

et al. 2023

International Journal of Information Security and Privacy

View full text Add to dashboard Cite

Cyber-attacks targeting high-profile entities are focused, persistent, and employ common vectors with varying levels of sophistication to exploit social-technical vulnerabilities. Advanced persistent threats (APTs) deploy zero-day malware against such targets to gain entry through multiple security layers, exploiting the dynamic interplay of vulnerabilities in the target network. System dynamics (SD) offers an alternative approach to analyze non-linear, complex, and dynamic social-technical systems. This research applied SD to three high-profile APT attacks - Equifax, Carphone, and Zomato - to identify and simulate socio-technical variables leading to breaches. By modeling APTs using SD, managers can evaluate threats, predict attacks, and reduce damage by mitigating specific socio-technical cues. This study provides valuable insights into the dynamics of cyber threats, making it the first to apply SD to APTs.

show abstract

“…In recent years, CPS technologies have been applied in a variety of scenarios such as smart homes, power grids, the Internet of Vehicles, and healthcare. However, such systems, like traditional network information systems, have become the targets of advanced persistent threats (APTs) [2][3][4][5]. According to ENISA [6] and NIST [7] guidelines, a recent trend in the IoT domain concerns the certification of security features of IoT devices [8,9].…”

Section: Introductionmentioning

confidence: 99%

“…For instance, in 2010, the 'Stuxnet' worm attacked Iranian nuclear facilities [2]. In 2015, the Ukrainian power grid was attacked by the 'BlackEnergy' malware [3]. In 2016, the 'Mirai' malware compromised a large number of IoT devices and used them to launch large-scale distributed denial-of-service (DDoS) attacks, disrupting numerous mainstream sites [4].…”

Section: Introductionmentioning

confidence: 99%

ConGraph: Advanced Persistent Threat Detection Method Based on Provenance Graph Combined with Process Context in Cyber-Physical System Environment

Li,

Chen

2024

Electronics

View full text Add to dashboard Cite

With the wide use of Cyber-Physical Systems (CPS) in many applications, targets of advanced persistent threats (APTs) have been extended to the IoT and industrial control systems. Provenance graph analysis based on system audit logs has become a promising way for APT detection and investigation. However, we cannot afford to ignore that existing provenance-based APT detection systems lack the process–context information at system runtime, which seriously limits detection performance. In this paper, we proposed ConGraph, an approach for detecting APT attacks using provenance graphs combined with process context; we presented a module for collecting process context to detect APT attacks. This module collects file access behavior, network access behavior, and interactive relationship features of processes to enrich semantic information of the provenance graph. It was the first time that the provenance graph was combined with multiple process–context information to improve the detection performance of APT attacks. ConGraph extracts process activity features from the provenance graphs and submits the features to a CNN-BiLSTM model to detect underlying APT activities. Compared to some state-of-the-art models, our model raised the average precision rate, recall rate, and F-1 score by 13.12%, 25.61%, and 24.28%, respectively.

show abstract

APT attacks on industrial control systems: A tale of three incidents

Cited by 26 publications

References 15 publications

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

Advanced Persistent Threats based on Supply Chain Vulnerabilities: Challenges, Solutions and Future Directions

A System Dynamics Approach to Evaluate Advanced Persistent Threat Vectors

ConGraph: Advanced Persistent Threat Detection Method Based on Provenance Graph Combined with Process Context in Cyber-Physical System Environment

Contact Info

Product

Resources

About