Article: Cyber defence triage for multimedia data intelligence: Hellsing, Desert Falcons and Lotus Blossom APT campaigns as case studies Journal: International Journal of Multimedia Intelligence and Security (IJMIS) 2019 Vol.3 No.3 pp.221 - 243 Abstract: Advanced persistent threats (APTs) refer to sophisticated attacks to businesses and individuals in which adversaries use multiple attack vectors to achieve their objectives. The main challenge regarding APT analysis and defence is that all research body about APTs is fragmented; only a few scientific papers have discussed APT features. In order to defend against APTs, it is necessary to have a complete understanding of their tactics, techniques, and procedures (TTPs). In this paper, we analyse TTPs of three APT groups, namely Hellsing, Desert Falcons and Lotus Blossom, that actively targeted multimedia data storage and multimedia systems. Adopting three attack attribution models (i.e., Lockheed Martin cyber kill-chain, diamond model and course of action matrix) we provide a comprehensive cyber defence triage process (CDTP) against the considered APTs. The CDTP highlights steps undertaken by these APT groups, uncovers factors that have influenced achieving their objectives and suggests possible mitigations against them. Inderscience Publishers - linking academia, business and industry through research

Title: Cyber defence triage for multimedia data intelligence: Hellsing, Desert Falcons and Lotus Blossom APT campaigns as case studies

Authors: Raúl Vera; Amina F. Shehu; Tooska Dargahi; Ali Dehghantanha

Addresses: School of Computing Science and Engineering, University of Salford, Manchester, UK ' School of Computing Science and Engineering, University of Salford, Manchester, UK ' School of Computing Science and Engineering, University of Salford, Manchester, UK ' Department of Computer Science, University of Sheffield, UK; Security of Advanced Systems Lab, School of Computer Science, University of Guelph, Ontario, Canada

Abstract: Advanced persistent threats (APTs) refer to sophisticated attacks to businesses and individuals in which adversaries use multiple attack vectors to achieve their objectives. The main challenge regarding APT analysis and defence is that all research body about APTs is fragmented; only a few scientific papers have discussed APT features. In order to defend against APTs, it is necessary to have a complete understanding of their tactics, techniques, and procedures (TTPs). In this paper, we analyse TTPs of three APT groups, namely Hellsing, Desert Falcons and Lotus Blossom, that actively targeted multimedia data storage and multimedia systems. Adopting three attack attribution models (i.e., Lockheed Martin cyber kill-chain, diamond model and course of action matrix) we provide a comprehensive cyber defence triage process (CDTP) against the considered APTs. The CDTP highlights steps undertaken by these APT groups, uncovers factors that have influenced achieving their objectives and suggests possible mitigations against them.

Keywords: multimedia intelligence; security; advanced persistent threats; APT; cyber kill chain; diamond model; intrusion analysis; cyber defence triage; indicators of compromise; IoC.

DOI: 10.1504/IJMIS.2019.104786

International Journal of Multimedia Intelligence and Security, 2019 Vol.3 No.3, pp.221 - 243

Received: 19 Jul 2018
Accepted: 07 Nov 2018
Published online: 31 Jan 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Cyber defence triage for multimedia data intelligence: Hellsing, Desert Falcons and Lotus Blossom APT campaigns as case studies

Keep up-to-date