Strategically-motivated advanced persistent threat: Definition, process, tactics and a disinformation model of counterattack

Advanced persistent threat (APT) is widely acknowledged to be the most sophisticated and potent class of security threat. APT refers to knowledgeable human attackers that are organized, highly sophisticated and motivated to achieve their objectives against a targeted organization(s) over a prolonged period. Strategically-motivated APTs or S-APTs are distinct in that they draw their objectives from the broader strategic agenda of third parties such as criminal syndicates, nation-states, and rival corporations. In this paper we review the use of the term “advanced persistent threat,” and present a formal definition. We then draw on military science, the science of organized conflict, for a theoretical basis to develop a rigorous and holistic model of the stages of an APT operation which we subsequently use to explain how S-APTs execute their strategically motivated operations using tactics, techniques and procedures. Finally, we present a general disinformation model, derived from situation awareness theory, and explain how disinformation can be used to attack the situation awareness and decision making of not only S-APT operators, but also the entities that back them.

[1]  William E Gortney Department of Defense Dictionary of Military and Associated Terms , 2016 .

[2]  Azman Samsudin,et al.  Trusted Security Policies for Tackling Advanced Persistent Threat via Spear Phishing in BYOD Environment , 2015 .

[3]  Oscar Serrano Serrano,et al.  Changing the game: The art of deceiving sophisticated attackers , 2014, 2014 6th International Conference On Cyber Conflict (CyCon 2014).

[4]  Sang-Soo Yeo,et al.  Secure Model against APT in m-Connected SCADA Network , 2014, Int. J. Distributed Sens. Networks.

[5]  Bela Genge,et al.  Non-intrusive Techniques for Vulnerability Assessment of Services in Distributed Systems , 2015 .

[6]  Don Smith Life's certainties: death, taxes and APTs , 2013, Netw. Secur..

[7]  Klaus Julisch Understanding and overcoming cyber security anti-patterns , 2013, Comput. Networks.

[8]  Tim Scully The cyber threat, trophy information and the fortress mentality. , 2011, Journal of business continuity & emergency planning.

[9]  Kate Munro,et al.  Deconstructing Flame: the limitations of traditional defences , 2012 .

[10]  Tracey Caldwell The eagle has landed: part one , 2015 .

[11]  Ross Brewer,et al.  Advanced persistent threats: minimising the damage , 2014, Netw. Secur..

[12]  Gaute Wangen,et al.  The Role of Malware in Reported Cyber Espionage: A Review of the Impact and Mechanism , 2015, Inf..

[13]  Dustin Burke,et al.  Behavioral analysis of botnets for threat intelligence , 2011, Information Systems and e-Business Management.

[14]  Yuval Elovici,et al.  Detection of malicious PDF files and directions for enhancements: A state-of-the art survey , 2015, Comput. Secur..

[15]  José M. Fernandez,et al.  Survey of publicly available reports on advanced persistent threat actors , 2018, Comput. Secur..

[16]  H. Russell Bernard,et al.  Social Research Methods: Qualitative and Quantitative Approaches , 2000 .

[17]  Mark Warren Modern IP theft and the insider threat , 2015 .

[18]  Van Creveld,et al.  COMMAND IN WAR , 1985, Air Officer Commanding.

[19]  Richard J. Enbody,et al.  Targeted Cyberattacks: A Superset of Advanced Persistent Threats , 2013, IEEE Security & Privacy.

[20]  G. Bedny,et al.  Theory of Activity and Situation Awareness , 1999 .

[21]  R. Ross Managing Information Security Risk: Organization, Mission, and Information System View | NIST , 2011 .

[22]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[23]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[24]  Mohammed H. Almeshekah,et al.  Cyber Security Deception , 2016, Cyber Deception.

[25]  Mike Auty Anatomy of an advanced persistent threat , 2015, Netw. Secur..

[26]  Sean B. Maynard,et al.  Teaching information security management: reflections and experiences , 2014, Inf. Manag. Comput. Secur..

[27]  Graeme G. Shanks,et al.  A situation awareness model for information security risk management , 2014, Comput. Secur..

[28]  Georgios Kambourakis,et al.  Intrusion Detection in 802.11 Networks: Empirical Evaluation of Threats and a Public Dataset , 2016, IEEE Communications Surveys & Tutorials.

[29]  Graeme Shanks,et al.  Foundations for an Intelligence-driven Information Security Risk-management System , 2016, J. Inf. Technol. Theory Appl..

[30]  Edgar R. Weippl,et al.  Advanced social engineering attacks , 2015, J. Inf. Secur. Appl..

[31]  Hans D. Schotten,et al.  Demystifying Deception Technology: A Survey , 2018, ArXiv.

[32]  Özlem Uzuner,et al.  Enhancing Cohesion and Coherence of Fake Text to Improve Believability for Deceiving Cyber Attackers , 2018 .

[33]  Rens Scheepers,et al.  Asset Identification in Information Security Risk Assessment: A Business Practice Approach , 2016, Commun. Assoc. Inf. Syst..

[34]  Christoph Meinel,et al.  Advanced persistent threats: Behind the scenes , 2016, 2016 Annual Conference on Information Science and Systems (CISS).

[35]  Mamoun Alazab,et al.  Profiling and classifying the behavior of malicious codes , 2015, J. Syst. Softw..

[36]  Michael Shinn Anatomy of an Advanced Persistent Threat , 2016 .

[37]  Ping Chen,et al.  A Study on Advanced Persistent Threats , 2014, Communications and Multimedia Security.

[38]  A. Leite,et al.  Commentary: Cloud computing - A security problem or solution? , 2011, Inf. Secur. Tech. Rep..

[39]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[40]  Jong Hyuk Park,et al.  MLDS: Multi-Layer Defense System for Preventing Advanced Persistent Threats , 2014, Symmetry.

[41]  Tracey Caldwell The eagle has landed – what happens next? , 2016 .

[42]  Tracey Caldwell Spear-phishing: how to spot and mitigate the menace , 2013 .

[43]  Costin Raiu,et al.  Cyber-threat evolution: the past year , 2012 .

[44]  Kip Smith,et al.  Situation Awareness Is Adaptive, Externally Directed Consciousness , 1995, Hum. Factors.

[45]  Gus W Weiss,et al.  The Farewell Dossier , 1996 .

[46]  Bryn Nelson Computer science: Hacking into the cyberworld. , 2014, Nature.

[47]  Jianfang Li,et al.  The study of APT attack stage model , 2016, 2016 IEEE/ACIS 15th International Conference on Computer and Information Science (ICIS).

[48]  Scott Jasper,et al.  Deterring Malicious Behavior in Cyberspace , 2015 .

[49]  Danny Bradbury Shadows in the cloud: Chinese involvement in advanced persistent threats , 2010, Netw. Secur..

[50]  Muthu Ramachandran,et al.  A resiliency framework for an enterprise cloud , 2016, Int. J. Inf. Manag..

[51]  Rachelle Bosua,et al.  Protecting organizational competitive advantage: A knowledge leakage perspective , 2014, Comput. Secur..

[52]  Florian Skopik,et al.  Combating advanced persistent threats: From network event correlation to incident detection , 2015, Comput. Secur..

[53]  Atif Ahmad,et al.  Incorporating a knowledge perspective into security risk assessments , 2011 .

[54]  Jason Steer The gaping hole in our security defences , 2014 .

[55]  Colin Tankard New rules for combating new threats , 2014 .

[56]  Gary Klein Strategies of Decision Making , 1989 .