Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Big Data and Internet of Things Security and Forensics: Challenges and Opportunities Kapitel lesen Erstes Kapitel lesen

2019 | OriginalPaper | Buchkapitel

Protecting IoT and ICS Platforms Against Advanced Persistent Threat Actors: Analysis of APT1, Silent Chollima and Molerats

verfasst von : Samuel Grooby, Tooska Dargahi, Ali Dehghantanha

Erschienen in: Handbook of Big Data and IoT Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

One of the greatest threats to cyber security is the relatively recent increase in intrusion campaigns conducted by well trained, well-funded and patient adversaries. These groups are known as advanced persistent threats and they are a growing concern for governments and industries around the world. APTs may be backed by terrorist organisations, hacktivists or even nation state actors, conducting covert cyber-warfare against other countries. Due to the advanced capabilities of these groups, a non-targeted, catch-all defence strategy is unlikely to be successful. Instead, potential targets of APTs must be able to research and analyse previous attacks by the groups in order to tailor a cyber defence triage process based on the attacker’s modus operandi. In this paper we attempt to do just that using Diamond Model and kill chain analysis to craft a course of action matrix for three example APT groups.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Internet of Things Camera Identification Algorithm Based on Sensor Pattern Noise Using Color Filter Array and Wavelet Transform
Nächstes Kapitel Analysis of APT Actors Targeting IoT and Big Data Systems: Shell_Crew, NetTraveler, ProjectSauron, CopyKittens, Volatile Cedar and Transparent Tribe as a Case Study
Literatur
1.
H. Haughey, G. Epiphaniou, H. Al-Khateeb, and A. Dehghantanha, Adaptive traffic fingerprinting for darknet threat intelligence, vol. 70. 2018.
2.
S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, and R. Khayami, “Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence,” {IEEE} Trans. Emerg. Top. Comput., p. 1, 2017.
3.
D. Kiwia, A. Dehghantanha, K.-K. R. Choo, and J. Slaughter, “A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence,” J. Comput. Sci., Nov. 2017.
4.
B. E. Binde, R. McRee, and T. J. O’Connor, “Assessing Outbound Traffic to Uncover Advanced Persistent Threat,” 2011.
5.
NIST, “Glossary of Key Information Security Terms,” 2013.
6.
N. Villeneuve, N. Moran, M. Scott, and T. Haq, “OPERATION SAFFRON ROSE,” 2013.
7.
S. E. Goodman, J. C. Kirk, and M. H. Kirk, “Cyberspace as a medium for terrorists,” Technol. Forecast. Soc. Change, vol. 74, no. 2, pp. 193–210, 2007.
8.
A. Earls, “APTs New waves of advanced persistent threats are vastly improved and smarter than ever.,” ebook SC Magazine, 2015.
9.
H. Haddad Pajouh, R. Javidan, R. Khayami, D. Ali, and K.-K. R. Choo, “A Two-layer Dimension Reduction and Two-tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks,” IEEE Trans. Emerg. Top. Comput., pp. 1–1, 2016.
10.
G. M. Insights, “Advanced Persistent Threats (APT) Market Size, Industry Outlook, Regional Analysis (U.S., Canada, Germany, France, UK, Italy, Russia, China, Japan, India, Thailand, Indonesia, Malaysia, Australia, Brazil, Mexico, Saudi Arabia, UAE, South Africa), Applicat,” 2017.
11.
M. Hopkins and A. Dehghantanha, “Exploit Kits: The production line of the Cybercrime economy?,” in 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), 2015, pp. 23–27.
12.
A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, “Robust Malware Detection for Internet Of (Battlefield) Things Devices Using Deep Eigenspace Learning,” IEEE Trans. Sustain. Comput., pp. 1–1, 2018.
13.
R. Brewer, “Advanced persistent threats: Minimising the damage,” Netw. Secur., vol. 2014, no. 4, pp. 5–9, 2014.
14.
I. Friedberg, F. Skopik, G. Settanni, and R. Fiedler, “Combating advanced persistent threats: From network event correlation to incident detection,” Comput. Secur., vol. 48, pp. 35–57, 2015.
15.
H. HaddadPajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting,” Futur. Gener. Comput. Syst., 2018.
16.
J. Chen, C. Su, K.-H. Yeh, and M. Yung, “Special Issue on Advanced Persistent Threat,” Futur. Gener. Comput. Syst., vol. 79, pp. 243–246, 2018.
17.
H. H. Pajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “Intelligent OS X malware threat detection with code inspection,” J. Comput. Virol. Hacking Tech., 2017.
18.
C. Tankard, “Advanced Persistent threats and how to monitor and deter them,” Netw. Secur., vol. 2011, no. 8, pp. 16–19, Aug. 2011.
19.
A. Azmoodeh, A. Dehghantanha, M. Conti, and K.-K. R. Choo, “Detecting crypto-ransomware in IoT networks based on energy consumption footprint,” J. Ambient Intell. Humaniz. Comput., pp. 1–12, Aug. 2017.
20.
A. Greenberg, “The Zero-Day Salesmen.,” Forbes, vol. 189, no. 6, pp. 40–44, 2012.
21.
M. Petraityte, A. Dehghantanha, and G. Epiphaniou, “A Model for Android and iOS Applications Risk Calculation: CVSS Analysis and Enhancement Using Case-Control Studies,” 2018, pp. 219–237.
22.
Mandiant, “APT1: Exposing One of China’s Cyber Espionage Units,” 2014.
23.
F. N. P. Office, “Update on Sony Investigation,” 2017.
24.
B. Parys, “MoleRats: there’s more to the naked eye,” PWC Blogs, 2016.
25.
M. Conti, A. Dehghantanha, K. Franke, and S. Watson, “Internet of Things Security and Forensics: Challenges and Opportunities,” Futur. Gener. Comput. Syst., Jul. 2017.
26.
J. Baldwin, O. M. K. Alhawi, S. Shaughnessy, A. Akinbi, and A. Dehghantanha, “Emerging from the Cloud: A Bibliometric Analysis of Cloud Forensics Studies,” 2018, pp. 311–331.
27.
A. Cook, H. Janicke, R. Smith, and L. Maglaras, “The industrial control system cyber defence triage process,” Comput. Secur., vol. 70, pp. 467–481, Sep. 2017.
28.
M. Marchetti, F. Pierazzi, M. Colajanni, and A. Guido, “Analysis of high volumes of network traffic for Advanced Persistent Threat detection,” Comput. Networks, vol. 109, pp. 127–141, Nov. 2016.
29.
K. A. Ismail, M. M. Singh, N. Mustaffa, P. Keikhosrokiani, and Z. Zulkefli, “Security Strategies for Hindering Watering Hole Cyber Crime Attack,” Procedia Comput. Sci., vol. 124, pp. 656–663, 2017.
30.
S. Caltagirone, A. Pendergast, and C. Betz, “The Diamond Model of Intrusion Analysis,” Threat Connect, vol. 298, no. 0704, pp. 1–61, 2013.
31.
E. M. Hutchins, M. J. Cloppert, and R. M. Amin, “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains.”
32.
U.S. Department of Justice, “U.S. Charges Five Chinese Military Hackers For Cyber Espionage Against U.S. Corporations And A Labor Organization For Commercial Advantage,” 2014.
33.
S. Fagerland, “Systematic cyber attacks against Israeli and Palestinian targets going on for a year,” 2012.
34.
T. Dahms, “Molerats, Here for Spring!,” 2014.
35.
ClearSky, “Operation DustySky,” 2016.
36.
R. Sherstobitoff and I. Liba, “Dissecting Operation Troy: Cyberespionage in South Korea,” 2013.
37.
D. Tarakanov, “The ‘Kimsuky’ Operation: A North Korean APT?,” 2013.
38.
Fast Horizon, “Inside an APT Covert Communications Channel,” 2011.
39.
K. Wilhoit, “The SCADA That Didn’t Cry Wolf,” 2013.
40.
S. Narang, “Backdoor.Barkiofork Targets Aerospace and Defense Industry,” Symantec Official Blog, 2013.
41.
N. M. Nart Villeneuve, Thoufique Haq, “Operation Molerats: Middle East Cyber Attacks Using Poison Ivy,” FireEye, 2013.
42.
RBS, “A Breakdown and Analysis of the December, 2014 Sony Hack,” RiskBasedSecurity, 2014.
43.
J. Bort, “How The Hackers Broke Into Sony And Why It Could Happen To Any Company,” Business Insider UK, 2014.
44.
P. Brown, J. Sciutto, E. Perez, E. Bradner, and J. Acosta, “Investigators think hackers stole Sony passwords,” CNN Poltics, 2014.
45.
S. Gallagher, “Inside the ‘wiper’ malware that brought Sony Pictures to its knees [Update],” ars Technica, 2014.
46.
S. Walker-Roberts, M. Hammoudeh, and A. Dehghantanha, “A Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure,” IEEE Access, pp. 1–1, 2018.
47.
A. Shalaginov, S. Banin, A. Dehghantanha, and K. Franke, Machine learning aided static malware analysis: A survey and tutorial, vol. 70. 2018.
48.
Y.-Y. Teing, A. Dehghantanha, K. Choo, M. T. Abdullah, and Z. Muda, “Greening Cloud-Enabled Big Data Storage Forensics: Syncany as a Case Study,” IEEE Trans. Sustain. Comput., pp. 1–1, 2017.
49.
Y.-Y. Teing, A. Dehghantanha, and K.-K. R. Choo, “CloudMe forensics: A case of big data forensic investigation,” Concurr. Comput., 2017.
50.
N. Milosevic, A. Dehghantanha, and K.-K. R. Choo, “Machine learning aided Android malware classification,” Comput. Electr. Eng., vol. 61, 2017.
51.
O. M. K. Alhawi, J. Baldwin, and A. Dehghantanha, Leveraging machine learning techniques for windows ransomware network traffic detection, vol. 70. 2018.
52.
J. Baldwin and A. Dehghantanha, Leveraging support vector machine for opcode density based detection of crypto-ransomware, vol. 70. 2018.
53.
S. Homayoun, M. Ahmadzadeh, S. Hashemi, A. Dehghantanha, and R. Khayami, “BoTShark: A Deep Learning Approach for Botnet Traffic Detection,” 2018, pp. 137–153.
54.
O. Osanaiye, H. Cai, K.-K. R. Choo, A. Dehghantanha, Z. Xu, and M. Dlodlo, “Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing,” EURASIP J. Wirel. Commun. Netw., vol. 2016, no. 1, p. 130, May 2016.
Metadaten
Titel
Protecting IoT and ICS Platforms Against Advanced Persistent Threat Actors: Analysis of APT1, Silent Chollima and Molerats
verfasst von
Samuel Grooby
Tooska Dargahi
Ali Dehghantanha
Copyright-Jahr
2019
Buch
Handbook of Big Data and IoT Security

Print ISBN: 978-3-030-10542-6

Electronic ISBN: 978-3-030-10543-3

Copyright-Jahr: 2019

DOI
https://doi.org/10.1007/978-3-030-10543-3_10