Cyber defence triage for multimedia data intelligence: Hellsing, Desert Falcons and Lotus Blossom APT campaigns as case studies
by Raúl Vera; Amina F. Shehu; Tooska Dargahi; Ali Dehghantanha
International Journal of Multimedia Intelligence and Security (IJMIS), Vol. 3, No. 3, 2019

Abstract: Advanced persistent threats (APTs) refer to sophisticated attacks to businesses and individuals in which adversaries use multiple attack vectors to achieve their objectives. The main challenge regarding APT analysis and defence is that all research body about APTs is fragmented; only a few scientific papers have discussed APT features. In order to defend against APTs, it is necessary to have a complete understanding of their tactics, techniques, and procedures (TTPs). In this paper, we analyse TTPs of three APT groups, namely Hellsing, Desert Falcons and Lotus Blossom, that actively targeted multimedia data storage and multimedia systems. Adopting three attack attribution models (i.e., Lockheed Martin cyber kill-chain, diamond model and course of action matrix) we provide a comprehensive cyber defence triage process (CDTP) against the considered APTs. The CDTP highlights steps undertaken by these APT groups, uncovers factors that have influenced achieving their objectives and suggests possible mitigations against them.

Online publication date: Fri, 31-Jan-2020

The full text of this article is only available to individual subscribers or to users at subscribing institutions.

 
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.

Pay per view:
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.

Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Multimedia Intelligence and Security (IJMIS):
Login with your Inderscience username and password:

    Username:        Password:         

Forgotten your password?


Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.

If you still need assistance, please email subs@inderscience.com