An investigation on cyber espionage ecosystem
Author Identifier
Mohiuddin Ahmed: https://orcid.org/0000-0002-4559-4768
Matthew Gaber: https://orcid.org/0000-0003-1684-1392
Document Type
Journal Article
Publication Title
Journal of Cyber Security Technology
Publisher
Taylor & Francis
School
School of Science
RAS ID
76398
Abstract
Traditional cyber security countermeasures are focused on addressing the threats to critical infrastructure using penetration testing exercises. The classical cyber wargaming, i.e. Red team vs Blue team exercises, cannot portray complex and large-scale attacks such as cyber espionage. In addition, most cyber espionage tools are focused on mobile devices where spyware is predominantly used. The increasing complexity of attacks makes it challenging to defend networks and systems and subsequently obstructs forensic analysis and reverse engineering efforts to determine precisely what happened and apply attribution. State-based cyber threat actors use a complex set of tactics, techniques and procedures that are not detected by current defences. Hence, in this paper, the key adversaries and their tactics, techniques, and procedures are investigated with a particular focus on command and control infrastructure and data exfiltration, which are the essential components of cyber espionage. Further, a significant constraint in data exfiltration research is the limited availability of suitable datasets. The existing literature does not cover these topics adequately to extract the insights required to develop robust countermeasures for cyber espionage. Hence, this paper will benefit researchers and industry practitioners to enhance cyber resiliency and fight cyber espionage-related criminal activities.
DOI
10.1080/23742917.2024.2399389
Access Rights
subscription content
Comments
Ahmed, M., & Gaber, M. (2024). An investigation on cyber espionage ecosystem. Journal of Cyber Security Technology. Advance online publication. https://doi.org/10.1080/23742917.2024.2399389