Automatically Attributing Mobile Threat Actors by Vectorized ATT&amp;CK Matrix and Paired Indicator

Kim, Kyoungmin; Shin, Youngsup; Lee, Jemin Justin; Lee, Kyung-Ho

doi:10.3390/s21196522

Cited by 23 publications

(30 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Next, we will present the findings and analysis of the research questions. Watering hole [3,28,79,84,88,99,101,102] Malware [1,3,88,89,[102][103][104][105] Application repackaging [106] Attacks on an Internet-facing server [3,83,89,101] Removable device [3,89,107] Drive-by download [96] Spoofing attack [7,82,108] SQL injection Execution [3,5,82,84,[86][87][88]90,94,97,101,[109][110][111][112][113][114] Zero day, known vulnerability [79,101,115] Remote code execution/Code injection ...…”

Section: Analysis and Findings Of Research Questionsmentioning

confidence: 99%

“…Credential access [28] Pass hash [79,82,83,117,118] Man-in-the-middle [119] Password cracking [120] Eavesdropping [78,[80][81][82]85,87,97,105,107,111,[121][122][123] Social engineering Discovery [124] Probe [100,125] Lateral/Internal spear-phishing emails Lateral movement [108] Data leakage Collection Cloud data leakage [126] Removable device C&C and Exfiltration Tunneling over protocol [3,76,79,81,92,97,111,115,[124][125][126][127][128][129][130] DOS Impact [4,82,131] Botnet [108] Software update Data fabrication In this section, the findings and analysis of Research Question 1 related to APT features are presented. APT is a hard-to-detect cyber threat group or campaign that may use familiar attacks (such as spear phishing, watering hole, appl...…”

Section: Analysis and Findings Of Research Questionsmentioning

confidence: 99%

“…Malware-Malicious software such as spyware, Trojans, and bots are used to carry out unauthorized operations on a targeted system in order to steal information or disrupt the system [87,116,121,144,[172][173][174]; 5.…”

Section: Initial Accessmentioning

confidence: 99%

“…Zero-day exploit-This attack takes advantage of an undiscovered software vulnerability for which no updates or fixes are available [3,5,82,84,[86][87][88]90,94,97,101,[109][110][111][112][113][114]; 2.…”

Section: Executionmentioning

confidence: 99%

See 3 more Smart Citations

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Jabar

Singh

2022

Sensors

View full text Add to dashboard Cite

During the last several years, the Internet of Things (IoT), fog computing, computer security, and cyber-attacks have all grown rapidly on a large scale. Examples of IoT include mobile devices such as tablets and smartphones. Attacks can take place that impact the confidentiality, integrity, and availability (CIA) of the information. One attack that occurs is Advanced Persistent Threat (APT). Attackers can manipulate a device’s behavior, applications, and services. Such manipulations lead to signification of a deviation from a known behavioral baseline for smartphones. In this study, the authors present a Systematic Literature Review (SLR) to provide a survey of the existing literature on APT defense mechanisms, find research gaps, and recommend future directions. The scope of this SLR covers a detailed analysis of most cybersecurity defense mechanisms and cutting-edge solutions. In this research, 112 papers published from 2011 until 2022 were analyzed. This review has explored different approaches used in cybersecurity and their effectiveness in defending against APT attacks. In a conclusion, we recommended a Situational Awareness (SA) model known as Observe–Orient–Decide–Act (OODA) to provide a comprehensive solution to monitor the device’s behavior for APT mitigation.

show abstract

Section: Analysis and Findings Of Research Questionsmentioning

confidence: 99%

Section: Analysis and Findings Of Research Questionsmentioning

confidence: 99%

Section: Initial Accessmentioning

confidence: 99%

Section: Executionmentioning

confidence: 99%

See 2 more Smart Citations

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Jabar

Singh

2022

Sensors

View full text Add to dashboard Cite

show abstract

“…Through the Pyramid of Pain, the level of difficulty in handling cyber threats is indicated by establishing different levels of Indicators of Compromise (IoC) to show the various levels of technical difficulty and understand attackers' behavior. A methodology that classifies and attributes the attack surface of mobile malware with known threat actors through automated TTP and IoC analysis is described in [33]. The TTP analysis relies on two methods: mathematical modeling of the ATT&CK matrix and IoC pairing to avoid false flags.…”

Section: Current Efforts On Attack Modeling and Attack Graphsmentioning

confidence: 99%

An Attack Simulation and Evidence Chains Generation Model for Critical Information Infrastructures

Kalogeraki

Panayiotopoulos

2022

Electronics

View full text Add to dashboard Cite

Recently, the rapid growth of technology and the increased teleworking due to the COVID-19 outbreak have motivated cyber attackers to advance their skills and develop new sophisticated methods, e.g., Advanced Persistent Threat (APT) attacks, to leverage their cybercriminal capabilities. They compromise interconnected Critical Information Infrastructures (CIIs) (e.g., Supervisory Control and Data Acquisition (SCADA) systems) by exploiting a series of vulnerabilities and launching multiple attacks. In this context, industry players need to increase their knowledge on the security of the CIs they operate and further explore the technical aspects of cyber-attacks, e.g., attack’s course, vulnerabilities exploitability, attacker’s behavior, and location. Several research papers address vulnerability chain discovery techniques. Nevertheless, most of them do not focus on developing attack graphs based on incident analysis. This paper proposes an attack simulation and evidence chains generation model which computes all possible attack paths associated with specific, confirmed security events. The model considers various attack patterns through simulation experiments to estimate how an attacker has moved inside an organization to perform an intrusion. It analyzes artifacts, e.g., Indicators of Compomise (IoCs), and any other incident-related information from various sources, e.g., log files, which are evidence of cyber-attacks on a system or network.

show abstract

Mapping the Security Events to the MITRE ATT &CK Attack Patterns to Forecast Attack Propagation (Extended Abstract)

Kryukov

Zima

Doynikova

et al. 2022

Attacks and Defenses for the Internet-of-Things

View full text Add to dashboard Cite

Automatically Attributing Mobile Threat Actors by Vectorized ATT&CK Matrix and Paired Indicator

Cited by 23 publications

References 10 publications

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

An Attack Simulation and Evidence Chains Generation Model for Critical Information Infrastructures

Mapping the Security Events to the MITRE ATT &CK Attack Patterns to Forecast Attack Propagation (Extended Abstract)

Contact Info

Product

Resources

About