Pivot Attack Classification for Cyber Threat Intelligence

Abstract: The initial access achieved by cyber adversaries conducting a systematic attack against a targeted network is unlikely to be an asset of interest. Therefore, it is necessary to use lateral movement techniques to expand access to different devices within the network to accomplish the strategic attack’s objectives. The pivot attack technique is widely used in this context; the attacker creates an indirect communication tunnel with the target and uses traffic forwarding methods to send and receive commands. Recog… Show more

“…Despite the rising frequency of attacks involving pivoting, the research on detecting such events it is still scarce or limited in its applicability [22]. Earlier works [3,27] conceptualized pivoting attacks without proposing a detection method.…”

“…Earlier works [3,27] conceptualized pivoting attacks without proposing a detection method. Since pivoting and lateral movement is often a part of APT attacks as carefully studied by Gonzales et al [13] according to the MITRE ATT&CK framework, it was mostly studied in terms of detecting and preventing APT [9,22]. The earliest works focused on alert correlation, not processing raw data.…”

“…Lateral movement has become a major research topic in network security [22]. Adversaries are always finding new ways of breaching systems and avoiding detection, often by moving laterally in the target network.…”

“…Creating a backdoor to such a device allows the adversary to use it as a pivot and connect to other targets in the network from within. The term pivoting [2,22] refers to such a scenario and can also be referred to as island hopping [23], stepping stone attack [33] or command propagation in the literature. Pivoting is no longer an advanced attack technique reserved for Advanced Persistent Threats (APT) and other advanced adversaries [9,22] but is more and more often seen adopted by novel malware [8,26].…”

“…Although pivoting or lateral movement detection, in general, has gained much attention in recent years [22], the state-of-the-art in the field is limited by several factors. First, the existing pivoting detection methods (e.g., [5,7,18]) are mostly host-based, meaning they can only detect the pivoting on (or with access to the data from) the machine that acts as a pivot.…”

Unraveling Network-Based Pivoting Maneuvers: Empirical Insights and Challenges

“…Despite the rising frequency of attacks involving pivoting, the research on detecting such events it is still scarce or limited in its applicability [22]. Earlier works [3,27] conceptualized pivoting attacks without proposing a detection method.…”

“…Earlier works [3,27] conceptualized pivoting attacks without proposing a detection method. Since pivoting and lateral movement is often a part of APT attacks as carefully studied by Gonzales et al [13] according to the MITRE ATT&CK framework, it was mostly studied in terms of detecting and preventing APT [9,22]. The earliest works focused on alert correlation, not processing raw data.…”

“…Lateral movement has become a major research topic in network security [22]. Adversaries are always finding new ways of breaching systems and avoiding detection, often by moving laterally in the target network.…”

“…Creating a backdoor to such a device allows the adversary to use it as a pivot and connect to other targets in the network from within. The term pivoting [2,22] refers to such a scenario and can also be referred to as island hopping [23], stepping stone attack [33] or command propagation in the literature. Pivoting is no longer an advanced attack technique reserved for Advanced Persistent Threats (APT) and other advanced adversaries [9,22] but is more and more often seen adopted by novel malware [8,26].…”

“…Although pivoting or lateral movement detection, in general, has gained much attention in recent years [22], the state-of-the-art in the field is limited by several factors. First, the existing pivoting detection methods (e.g., [5,7,18]) are mostly host-based, meaning they can only detect the pivoting on (or with access to the data from) the machine that acts as a pivot.…”

Unraveling Network-Based Pivoting Maneuvers: Empirical Insights and Challenges

Cyber-Attack Detection Using Machine Learning Technique

Agriculture 4.0 and beyond: Evaluating cyber threat intelligence sources and techniques in smart farming ecosystems