eBook - ePub
Cyber-Security Threats, Actors, and Dynamic Mitigation
Nicholas Kolokotronis, Stavros Shiaeles, Nicholas Kolokotronis, Stavros Shiaeles
This is a test
Share book
- 374 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Cyber-Security Threats, Actors, and Dynamic Mitigation
Nicholas Kolokotronis, Stavros Shiaeles, Nicholas Kolokotronis, Stavros Shiaeles
Book details
Book preview
Table of contents
Citations
About This Book
Cyber-Security Threats, Actors, and Dynamic Mitigation provides both a technical and state-of-the-art perspective as well as a systematic overview of the recent advances in different facets of cyber-security. It covers the methodologies for modeling attack strategies used by threat actors targeting devices, systems, and networks such as smart homes, critical infrastructures, and industrial IoT.
With a comprehensive review of the threat landscape, the book explores both common and sophisticated threats to systems and networks. Tools and methodologies are presented for precise modeling of attack strategies, which can be used both proactively in risk management and reactively in intrusion prevention and response systems. Several contemporary techniques are offered ranging from reconnaissance and penetration testing to malware detection, analysis, and mitigation. Advanced machine learning-based approaches are also included in the area of anomaly-based detection, that are capable of detecting attacks relying on zero-day vulnerabilities and exploits.
Academics, researchers, and professionals in cyber-security who want an in-depth look at the contemporary aspects of the field will find this book of interest. Those wanting a unique reference for various cyber-security threats and how they are detected, analyzed, and mitigated will reach for this book often.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Cyber-Security Threats, Actors, and Dynamic Mitigation an online PDF/ePUB?
Yes, you can access Cyber-Security Threats, Actors, and Dynamic Mitigation by Nicholas Kolokotronis, Stavros Shiaeles, Nicholas Kolokotronis, Stavros Shiaeles in PDF and/or ePUB format, as well as other popular books in Ciencia de la computación & Ciberseguridad. We have over one million books available in our catalogue for you to explore.
Information
1
Profiles of Cyber-Attackers and Attacks
CONTENTS
- 1.1 Introduction
- 1.2 Taxonomy of Attackers
- 1.3 Cyber-Threats Overview
- 1.3.1 Threat Characteristics
- 1.3.2 Threat Taxonomies
- 1.3.3 Threat Methodologies
- 1.3.4 Threat Frameworks
- 1.3.5 Threat Models
- 1.3.5.1 Attacker Centric
- 1.3.5.2 System Centric
- 1.3.5.3 Asset Centric
- 1.4 The Cyber-Kill Chain
- 1.4.1 Variants and Extensions
- 1.4.2 Kill Chain for Various Cyber-Threats
- 1.5 Attackers Modeling And Threats/Metrics
- 1.6 Resources And Vulnerability Markets
- 1.6.1 Regulated Markets’ Value
- 1.6.2 Unregulated Markets’ Value
- 1.7 Conclusion
- References
1.1 INTRODUCTION
The manifestation of a cyber-attack is the successful execution of interconnected “steps,” reconnaissance, weaponization, delivery, exploitation, installation, command and control, and finally the action upon the objective; this is called cyber-attack kill chain. Based on the target (e.g. companies, governmental agencies, individuals, etc.) and the objective(s) of the attacker, the difficulty of successfully penetrating (without being identified) varies greatly. Behind the attacks are individuals or groups targeting infrastructures, computer networks and systems along with their Internet of Things (IoT) counterparts (e.g. mobile phones, IP cameras, smart houses, etc.)—cyber-attackers. They often have malicious intent that varies based on the type and motivation of the attacker.
Three categories of attackers can be identified based on their location and knowledge regarding the target organization [1]:
- Internal to the organization: They are also known as insiders, and they have high level of knowledge about the target's network, systems, security, policies, and procedures. According to the 15th annual Computer Security Institute (CSI) Computer Crime and Security Survey Reports [2], there are two threat vectors contributing to insider threats, namely organization's employees having (1) malicious intents (e.g. to disclose and/or sell non-public information); (2) non-malicious intents (e.g. they have made some unintentional mistake). The majority of the losses are due to the latter threat vector.
- External to the organization: Compared to the insider threats, such attackers have to spend a great amount of time before the attack gathering information on the target, due to their limited prior knowledge.
- Mixed groups: They are comprised of both internal and external attackers.
Cyber-attackers are also distinguished based on their skills, motives, and potential targets. Seven different types will be presented in Section 1.2. Based on the targets and skills, cyber-attackers need different “weapons” like zero-day vulnerabilities, exploits and exploit kits, and botnets for distributed denial-of-service (DDoS) attacks while at the same time they need funding. Most of the times the funding is coming from stolen credit cards and bitcoin wallets—often obtained through phishing emails, scams, ransomware, and from renting their skills “crime-as-a-service.”
Successfully profiling cyber-attackers can greatly enhance the preparedness of an organization, technically and educationally, and can assist in the mitigation and minimization of the impact of the attack. The profiling of cyber-attackers can also minimize the time, effort, and resources needed to identify them. Furthermore, it allows the development of more accurate and tailored threat models.
This chapter is structured as follows: in Section 1.2, the taxonomy of attackers is presented followed by an overview of cyber-threats; their characteristics and possible taxonomies are presented in Section 1.3. The cyber-kill chain and the related literature are presented in Section 1.4, while Section 1.5 presents the correlation between the different types of cyber-attackers and the execution of specific attacks, the complexity of the attack, and the attack vector. Section 1.6 provides information regarding the cyber-vulnerability markets, the interconnection between the markets and each type of attacker followed by the respective literature review. Finally, Section 1.7 concludes this chapter.
1.2 TAXONOMY OF ATTACKERS
This section presents a taxonomy of cybercrime actors, providing information on their motives, scope, targets, and level of expertise. In general, the cybercrime actors are broken down into seven categories:
Virus and hacking tools coders: Individuals or teams of expert programmers, elite-hacking tool coders with excellent computer skills. The main focus of these actors is to develop and distribute malicious software (i.e. computer viruses, worms, rootkits, exploits, etc.) and hacking toolkits possibly to have a financial gain. The main buyers are non-expert individuals who want to become hackers (e.g. script kiddies [SK]) [3]. They can launch and orchestrate complex attacks.
Black hat hackers: Hackers (regardless whether they are black, white, or gray hat) are using almost the same tools and techniques, but with different motives and goals. In particular, black hat hackers are hackers with excellent computer skills (elite) that perpetrate illegal activities—other actors of this taxonomy are also characterized as black hats in the literature (e.g. hacktivists). Their primary motive is to earn money (e.g. hacking as a service), fame, and in cert...