Abstract
Network-based attacks and their mitigation are of increasing importance in our ever-connected world. Besides denial of service a major goal of today’s attackers is to gain access to the victim’s data (e.g. for espionage or blackmailing purposes). Hence the detection and prevention of data exfiltration is one of the major challenges of institutions connected to the Internet. The cyber security community provides different standards and best-practices on both high and fine-granular level to handle this problem. In this paper we propose a conclusive process, which links Cyber Threat Intelligence (CTI) and Information Security Management Systems (ISMS) in a dynamic manner to reduce the risk of unwanted data loss through data exfiltration. While both CTI and ISMS are widespread in modern cyber security strategies, most often they are implemented concurrently. Our process, however, is based on the hypothesis that the mitigation of data loss is improved if both CTI and ISMS interact with one another and complement each other conclusively. Our concept makes use of the MITRE ATT&CK framework in order to enable (partial) automatic execution of our process chain and to execute proactive simulations to measure the effectiveness of the implemented countermeasures and to identify any security gaps that may exist.
Supported by organization Bundeswehr University Munich.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Object Management Group (OMG). Business Process Model and Notation (2021). https://www.bpmn.org/. Accessed 27 Apr 2021
Organization for the Advancement of Structured Information Standards (OASIS). OASIS TC Open Repository: Python APIs for STIX 2 (2020). https://github.com/oasis-open/cti-python-stix2. Accessed 10 May 2021
Sabir, B., Ullah, F., Babar, M.A., Gaire, R.: Machine learning for detecting data exfiltration: a review. Comput. Sci. (2020)
Cohen, F.: Bad decision-making OR Making bad decisions (2021). http://all.net/. Accessed 05 May 2021
OASIS Cyber Threat Intelligence Technical Committee: STIX 2 Python API Documentation (2021). https://stix2.readthedocs.io/en/latest/. Accessed 10 May 2021
MITRE Cooperation: MITRE ATT&CK Group Silver Terrier (2021). https://attack.mitre.org/groups/G0083/. Accessed 31 May 2021
MITRE Cooperation: MITRE ATT&CK Scripts (2021). https://github.com/mitre-attack/attack-scripts/tree/master/scripts. Accessed 15 May 2021
MITRE Cooperation: MITRE ATT&CK Software Agent Tesla (2021). https://attack.mitre.org/software/S0331/. Accessed 31 May 2021
MITRE Cooperation: MITRE ATT&CK Technique Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (2021). https://attack.mitre.org/techniques/T1048/003/. Accessed 31 May 2021
Dehghantanha, A., Conti, M., Dargahi, T.: Cyber threat intelligence. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-73951-9
Tychalas, D., Keliris, A., Maniatakos, M.: LED alert: supply chain threats for stealthy data exfiltration in industrial control systems. In: 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design (IOLTS) On-Line Testing and Robust System Design (IOLTS) (2019)
Ghinita, G., Bertino, E.: Towards mechanisms for detection and prevention of data exfiltration by insiders: keynote talk paper. In: ASIACCS 2011: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (2011). https://doi.org/10.1145/1966913.1966916
Kühn, H., Bayer, F.: Prozessmanagement für Experten, Impulse für aktuelle und wiederkehrende Themen. Springer, Heidelberg (2013)
Louvieris, P., Ioannou, G., Powel, G.: A Markov multi-phase transferable belief model: an application for predicting data exfiltration APTs. In: Proceedings of the 16th International Conference on Information Fusion Information Fusion (FUSION) (2013)
Halder, S., Ozdemir, S.: Hands-On Machine Learning for Cybersecurity: Safeguard Your System by Making Your Machines Intelligent Using the Python Ecosystem. 9781788992282. 9781788990967. Packt Publishing, Birmingham (2018)
Anaconda Inc. Anaconda - Data Science technology for human sensemaking (2021). https://www.anaconda.com/. Accessed 01 Apr 2021
International Electronical Commission (IEC) International Standard Organization (ISO): Information Security Management (2013). https://www.iso.org/isoiec-27001-information-security.html. Accessed 30 Apr 2021
International Electronical Commission (IEC) International Standard Organization (ISO): Information technology—Security techniques—Code of practice for information security controls (2013). https://www.iso.org/isoiec-27001-information-security.html. Accessed 30 Apr 2021
International Electronical Commission (IEC) International Standard Organization (ISO): Information technology—Security techniques—Information security management systems—Overview and vocabulary (2018). https://standards.iso.org/ittf/PubliclyAvailableStandards/c073906_ISO_IEC_27000_2018_E.zip. Accessed 30 Apr 2021
Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: Blind-box: deep packet inspection over encrypted traffic. In: SIGCOMM 2015: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication (2015). https://dl.acm.org/doi/10.1145/2785956.2787502
Benton, K., Camp, L.J.: Firewalling scenic routes: preventing data exfiltration via political and geographic routing policies In: SafeConfig 2016: Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense (2016). https://doi.org/10.1145/2994475.2994477
Liu, Y., Corbett, C., Chiang, K., Archibald, R., Mukherjee, B., Ghosal, D.: Detecting sensitive data exfiltration by an insider attack. In: CSIIRW 2008: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead (2008). https://doi.org/10.1145/1413140.1413159
Tatam, M., Shanmugam, B., Azam, S., Kannoorpatti, K.: A review of threat modelling approaches for APT-style attacks. In: Heliyon (2021). https://www.cell.com/heliyon/fulltext/S2405-8440(21)00074-8
Mavroeidis, V., Bromander, S.: Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence (2021). https://www.duo.uio.no/bitstream/handle/10852/58492/CTI_Mavroeidis.pdf?sequence=4. Accessed 02 May 2021
Miloslavskaya, N.: Stream data analytics for network attacks prediction. Procedia Comput. Sci. 169, 57–62 (2020). https://www.sciencedirect.com/science/article/pii/S1877050920302374
MITRE. ATT&CK Version 9.0. The Cyber Threat Intelligence Repository of MITRE ATTCK and CAPED catalogs expressed in STIX 2.0 JSON (2021). https://github.com/mitre/cti. Accessed 10 May 2021
MITRE. MITRE ATT&CK Framework (2021). https://attack.mitre.org/. Accessed 30 Mar 2021
MITRE: MITRE ATT&CK NAVIGATOR (2021). https://mitreattack.github.io/attack-navigator/. Accessed 30 Mar 2021
Allawi, M.A.A., Hadi, A., Awajan, A.: MLDED: multi-layer data exfiltration detection system. In: 2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (2015)
Guri, M., Solewicz, Y., Daidakulov, A., Elovici, Y.: Fansmitter: acoustic data exfiltration from (speakerless) air-gapped computers. Comput. Sci. (2016)
Haber, M.J., Hibbert, B.: Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations. Apress, Berkeley (2018). ISBN 9781484236260
MWR InfoSecurity (Head Office). Detecting and Deterring Data Exfiltration - Guide for Implementers. In: Centre for the Protection of National Infrastructure (2014). https://www.researchgate.net/profile/Mohamed_ Mourad_Lafifi/ post/Any _good_ ICS_Dataset_ contains_exfiltration_data_leakages/attachment/5be5a43fcfe4a7645500ee64/AS%3A691074662141959%401541776447655/download/Detecting-Deterring-Data-Exfiltration-Guide-for-Implementers-.pdf
Maltego Organization: Website Maltego (2021). https://www.maltego.com/. Accessed 20 Apr 2021
Rajba, P., Mazurczyk, W.: Exploiting minification for data hiding purposes. In: ARES 2020: Proceedings of the 15th International Conference on Availability, Reliability and Security (2020). https://doi.org/10.1145/3407023.3409209
Ashley, T., Kwon, R., Sri, N.: Cyber threat dictionary using MITRE ATT&CK matrix and NIST cybersecurity framework mapping. In: 2020 Resilience Week (RWS) Resilience Week (RWS), pp. 106–112 (2020)
Ruef, M.: Monitoring-Detecting Attacks with MITRE ATT&CK. In: scip Labs, Zenodo (2019)
Antonatos, S., Braghin, S.: 4Kdump: exfiltrating files via hexdump and video capture. In: CS2 2019: Proceedings of the Sixth Workshop on Cryptography and Security in Computing Systems (2019). https://dl.acm.org/doi/10.1145/3304080.3304081
Sparx Systems. Website Sparx Systems - Enterprise Architect (2021). https://www.sparxsystems.de/. Accessed 21 Apr 2021
Xu, Y., Yang, Y., He, Y.: A representation of business oriented cyber threat intelligence and the objects assembly. In: IEEE 10th International Conference on Information Science and Technology (ICIST) Information Science and Technology (ICIST) (2020). https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7795373
Yoon, S.: Steganography in the modern attack landscape. In: Carbon Black (2019). https://www.carbonblack.com/blog/steganography-in-the-modern-attack-landscape/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Mundt, M., Baier, H. (2022). Towards Mitigation of Data Exfiltration Techniques Using the MITRE ATT&CK Framework. In: Gladyshev, P., Goel, S., James, J., Markowsky, G., Johnson, D. (eds) Digital Forensics and Cyber Crime. ICDF2C 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 441. Springer, Cham. https://doi.org/10.1007/978-3-031-06365-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-06365-7_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06364-0
Online ISBN: 978-3-031-06365-7
eBook Packages: Computer ScienceComputer Science (R0)