Cybersecurity

Four Foreign Forces: A CTI Analysis of APTs Targeting the U.S.

Abstract:

This paper analyzes the cyber threat landscape posed by advanced persistent threats (APTs) attributed to China, Iran, North Korea, and Russia. It focuses on active groups and their cyber activities targeting the United States. Utilizing cyber threat intelligence data from authoritative sources such as Cybersecurity and Infrastructure Security Agency (CISA), Office of the Director of National Intelligence (ODNI), Mandiant, and MITRE, this study identifies twelve key APT groups attributed to the four adversarial nations and creates a quick profile for each nation and group. It explores the common techniques and sub-techniques employed by each nation and then across all four nations. Examination of these nations, groups, and techniques then informs a list of six actionable mitigations that will enhance cybersecurity defenses targeting these adversarial groups in an efficient manner: User Training, Restrict Web-Based Content, Privileged Account Management, Network Intrusion Prevention, Execution Prevention, and Antivirus/Antimalware.

Published In

Volume 23, Issue 4

Written By

Bryon Miller

Cybersecurity in the Maritime Industry: A Grounded Theory Exploration in the Hampton Roads Region

Abstract:

This study delves into the escalating cybersecurity concerns in the maritime sector as technology becomes more integrated with daily operations. Focused on the Hampton Roads region, it employs Grounded Theory to decipher the intricate dynamics of cybersecurity. Through interviews with key stakeholders and participant observation, it aims to grasp the challenges, risks, and remedies pertinent to maritime cybersecurity. Additionally, it scrutinizes existing frameworks and regulations to gauge their efficacy. Initial findings reveal resistance from organizations in complying with cybersecurity standards, hinting at pervasive vulnerabilities. The research promises to enrich scholarly dialogue and practical strategies for maritime entities, cybersecurity practitioners, and policymakers. By shedding light on the unique cybersecurity landscape of the Hampton Roads area, the study seeks to foster tailored approaches for bolstering cybersecurity resilience in maritime operations. This endeavor is crucial amid the digitalization wave, underscoring the imperative of safeguarding maritime activities for their safety, security, and sustainability.

Published In

Volume 23, Issue 4

Using Deepfake Techniques as an Obfuscation Information Security Defensive Mechanism

Abstract:

This paper proposes a novel, beneficial application of deepfake technology in the realm of moving target obfuscation information security defence mechanisms. This defensive obfuscation technique aims to utilize generative artificial intelligence systems to synthesize honeypot datasets that mimic certain characteristics of sensitive and highly sought-after datasets by threat actors. By synthesizing and intentionally making available realistic but fake datasets within information systems, this novel technique has the potential to (1) mislead threat actors from acquiring their target data during their data breach attempts, and (2) render any corpus of breached datasets useless.

Published In

Volume 23, Issue 4

Written By

Daniel Shin

Defending Smart Grid Infrastructure—A Scenario-Based Analysis of Cybersecurity and Privacy Rules in China, France, Russia, UK, and USA

Abstract:

The digitization of the electric energy grid enlarges its attack surface and makes the infrastructure increasingly vulnerable to digital warfare. Therefore, national legislation is central to defending critical energy infrastructure against terrorist and nation-state attacks in cyberspace. Still, previous studies have found shortcomings in cybersecurity legislation. To support smaller countries in their policymaking, this study describes a normative ideal in the form of a consolidated security policy framework. The framework consists of 25 policies that are based on cybersecurity and privacy rules of five countries with strong cyber defence capabilities; the framework addresses five cyberattack scenarios with a very high consequence potential. This study shows that the consolidated policies provide a holistic cyber defence framework, covering strategic, tactical, and operational levels, including obligations on both authority and industry levels.

Published In

Volume 23, Issue 3

Enhancing Global Cybersecurity Resilience: Navigating the Subconscious Fallacies within Critical Infrastructure Protection

Abstract:

Amidst the digital revolution, cyber-enabled critical infrastructures are the foundation of societal operations. However, this interconnectivity introduces risks such as cascading failures where disruptions in the power grid affect multiple systems. Global collaboration becomes inescapable in forming holistic approaches that evolve alongside continuous technological advancements to enhance infrastructure resilience. Before these approaches can truly succeed, it is imperative to understand the decision-making processes within these environments and effectively mitigate biases that may alter priorities. This study investigates subconscious biases stemming from perceived solutions, intending to anticipate their potential impact on decision-making prioritization and enhance overall cybersecurity in critical infrastructure resilience.

Published In

Volume 23, Issue 3

Written By

Marion Stephens

Aspectual Human Performance Variability in Social Engineering Attacks

Abstract:

Most of the influence and persuasion techniques used in social engineering have been documented across many domains, including cybersecurity, and have been shown to rely on similar effect mechanisms used in areas such as marketing, scams, and street cons. This paper shows that, while these attacks are explained in terms of the social and psychological effect mechanisms, the aspectual lens provides a more nuanced understanding of human performance variability implicated in social engineering. The aspectual lens provides a comprehensive analytical and ontological framing, and hints at aspectually informed measures for mitigating social engineering attacks and dampening the said human performance variability.

Published In

Volume 23, Issue 1

Written By

Mamello Thinyane

The Cybersecurity Framework’s Most Vulnerable User: Small Business

Abstract:

The broad applicability of the National Institute for Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity, commonly known as the Cybersecurity Framework (CSF), creates a utility gap for small and medium businesses (SMB) to apply and implement the framework effectively within their organizations. The purpose of this research is to explore and interpret the CSF in the context of small and medium businesses with implications of bridging the utility gap for this significant, yet vulnerable, population; specifically, this paper contributes detailed interpretations and actions of the NIST CSF that can be implemented by SMBs to help improve their cybersecurity stance.

Published In

Volume 22, Issue 4

Written By

Nicklous Salzman

Towards Improving APT Mitigation: A Case for Counter-APT Red Teaming

Abstract:

Vulnerabilities leveraged by Advanced Persistent Threats (APTs) that ultimately allow them to gain access to critical data and unveil private information are often far removed from the portions of the security environment where initial access is gained. This paper presents a defensi- ble scholarly decomposition of the red-team process itself and discusses how traditional red-team assessments may not be the most effective solution for emulating APT threats and mitigating their impacts.

Published In

Volume 18, Issue 1

Written By

J.G. Oakley

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

(

2

3

4

8

9

A
AI
APT

a

B

C
C2
C2S
CDX
CIA
CIP
CPS

D
DNS
DoD
DoS

E

e

F

G

H

I
IA
ICS

i

J

K

L

M

N

O

P
PDA

Q

R

S
SOA

T

t

U

V

W

X
XRY

Y

Z

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com