Abstract

Recently, the rapid growth of technology and the increased teleworking due to the COVID-19 outbreak have motivated cyber attackers to advance their skills and develop new sophisticated methods, e.g., Advanced Persistent Threat (APT) attacks, to leverage their cybercriminal capabilities. They compromise interconnected Critical Information Infrastructures (CIIs) (e.g., Supervisory Control and Data Acquisition (SCADA) systems) by exploiting a series of vulnerabilities and launching multiple attacks. In this context, industry players need to increase their knowledge on the security of the CIs they operate and further explore the technical aspects of cyber-attacks, e.g., attack’s course, vulnerabilities exploitability, attacker’s behavior, and location. Several research papers address vulnerability chain discovery techniques. Nevertheless, most of them do not focus on developing attack graphs based on incident analysis. This paper proposes an attack simulation and evidence chains generation model which computes all possible attack paths associated with specific, confirmed security events. The model considers various attack patterns through simulation experiments to estimate how an attacker has moved inside an organization to perform an intrusion. It analyzes artifacts, e.g., Indicators of Compomise (IoCs), and any other incident-related information from various sources, e.g., log files, which are evidence of cyber-attacks on a system or network.

Highlights

  • In recent years, the development of digital communication technology and the increased teleworking all over the world due to the global spread of the coronavirus disease (COVID‐19 pandemic) [1] have raised the chances of cyber‐attacks in the global community affecting a great variety of industries, such as healthcare, transportation, and energy

  • This paper proposes an attack simulation and evidence chains generation model which computes all possible attack paths associated with specific, confirmed security events

  • The proposed model developed an algorithm which can be utilized by Critical Information Infrastructures (CIIs) operators to assess vulnerabilities and develop evidence chains of an attack considering information gained from artifacts analysis, e.g., Indicators of Compromise (IoCs), and from other various sources

Read more

Summary

Introduction

The development of digital communication technology and the increased teleworking all over the world due to the global spread of the coronavirus disease (COVID‐19 pandemic) [1] have raised the chances of cyber‐attacks in the global community affecting a great variety of industries, such as healthcare, transportation, and energy. Adversaries are evolving their skills exponentially and despite the continuous effort for security technological progress, it still appears difficult to address the emerging cyber threats and/or respond to ongoing security events in cyber‐dependent infrastructures. Significant examples of cyber‐attacks with great impact are the WannaCry ransomware attacks of 2017, where a quarter million machines were compromised in more than 150 countries globally affecting several entities, including NHS, Spain’s Telefonica, the US company FedEx [3], and the Colonial Pipeline ransomware attack of 2021 [4]

Methods
Results
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.