Dimensions of ‘Socio’ Vulnerabilities of Advanced Persistent Threats

Advanced Persistent Threats (APT) are highly targeted and sophisticated multi-stage attacks, utilizing zero day or near zero-day malware. Directed at internetworked computer users in the workplace, their growth and prevalence can be attributed to both socio (human) and technical (system weaknesses and inadequate cyber defenses) vulnerabilities. While many APT attacks incorporate a blend of socio-technical vulnerabilities, academic research and reported incidents largely depict the user as the prominent contributing factor that can weaken the layers of technical security in an organization. In this paper, our objective is to explore multiple dimensions of socio factors (non-technical vulnerabilities) that contribute to the success of APT attacks in organizations. Expert interviews were conducted with senior managers, working in government and private organizations in the United Arab Emirates (UAE) over a period of four years (2014 to 2017). Contrary to common belief that socio factors derive predominately from user behavior, our study revealed two new dimensions of socio vulnerabilities, namely the role of organizational management, and environmental factors which also contribute to the success of APT attacks. We show that the three dimensions postulated in this study can assist Managers and IT personnel in organizations to implement an appropriate mix of socio-technical countermeasures for APT threats.

[1]  Rick Wash,et al.  Who Provides Phishing Training?: Facts, Stories, and People Like Me , 2018, CHI.

[2]  Václav Přenosil,et al.  Advanced Persistent Threat Attack Detection: An Overview , 2014 .

[3]  Michelle M. Ramim,et al.  Mitigating cyber attacks through the measurement of non-IT professionals' cybersecurity skills , 2019, Inf. Comput. Secur..

[4]  Bhavik Thakar,et al.  Advance Persistent Threat: Botnet , 2016, ICTCS '16.

[5]  Wei Wang,et al.  A Context-Based Detection Framework for Advanced Persistent Threats , 2012, 2012 International Conference on Cyber Security.

[6]  Sangarapillai Lambotharan,et al.  Multi-Stage Attack Detection Using Contextual Information , 2018, MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM).

[7]  Christoph Meinel,et al.  Advanced persistent threats: Behind the scenes , 2016, 2016 Annual Conference on Information Science and Systems (CISS).

[8]  Dijiang Huang,et al.  A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities , 2019, IEEE Communications Surveys & Tutorials.

[9]  I. S. Herschberg,et al.  Computer security: The long road ahead , 1987, Comput. Secur..

[10]  Mariko Fujimoto,et al.  Detecting APT Attacks Against Active Directory Using Machine Leaning , 2018, 2018 IEEE Conference on Application, Information and Network Security (AINS).

[11]  Catherine E. Connelly,et al.  Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model , 2011, J. Manag. Inf. Syst..

[12]  Wei Wang,et al.  Using Large Scale Distributed Computing to Unveil Advanced Persistent Threats , 2012 .

[13]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[14]  M. Adeka,et al.  Resolving the password security purgatory in the contexts of technology, security and human factors , 2013, 2013 International Conference on Computer Applications Technology (ICCAT).

[15]  Jong Hyuk Park,et al.  MLDS: Multi-Layer Defense System for Preventing Advanced Persistent Threats , 2014, Symmetry.

[16]  Bilal Gonen,et al.  A Theoretical Model for Detection of Advanced Persistent Threat in Networks and Systems Using a Finite Angular State Velocity Machine (FAST-VM) , 2014 .

[17]  Jinsong Hu,et al.  A study on security framework against advanced persistent threat , 2017, 2017 7th IEEE International Conference on Electronics Information and Emergency Communication (ICEIEC).

[18]  Konstantinos E. Psannis,et al.  Defending against phishing attacks: taxonomy of methods, current issues and future directions , 2017, Telecommunication Systems.

[19]  Bei-Tseng Chu,et al.  A Natural Language Processing Based Trend Analysis of Advanced Persistent Threat Techniques , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[20]  Cihan Çınar,et al.  A Study on Advanced Persistent Threat , 2018, 2018 3rd International Conference on Computer Science and Engineering (UBMK).

[21]  Dongho Won,et al.  A Practical Study on Advanced Persistent Threats , 2012 .

[22]  N. Leech,et al.  Qualitative Data Analysis: A Compendium of Techniques and a Framework for Selection for School Psychology Research and Beyond. , 2008 .

[23]  Narasimham Challa,et al.  Advanced Persistent Threat defense system using self-destructive mechanism for Cloud Security , 2016, 2016 IEEE International Conference on Engineering and Technology (ICETECH).

[24]  Ping Chen,et al.  A Study on Advanced Persistent Threats , 2014, Communications and Multimedia Security.

[25]  Edgar R. Weippl,et al.  Advanced social engineering attacks , 2015, J. Inf. Secur. Appl..

[26]  Jing Liu,et al.  A Network Gene-Based Framework for Detecting Advanced Persistent Threats , 2014, 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.

[27]  S. Whittaker Qualitative research in transfusion medicine: closing the gap , 2006 .

[28]  Narasimha Shashidhar,et al.  A phishing model and its applications to evaluating phishing attacks , 2011 .