Decoding the Human Element in APT Attacks: Unveiling Attention Diversion Techniques in Cyber-Physical System Security
Pages 3 - 19
Abstract
The number of complex cyber-attacks, such as Advanced Persistent Threats (APTs), on Critical Infrastructures (CIs) continues to rise. Recently, attackers have targeted lower layers of the Purdue model, specifically the Operational Technology (OT) part, traditionally considered secure and unreachable. APTs are characterized by their stealthy, prolonged presence in systems, often going undetected until significant damage is inflicted. While defensive cyber deception technology, such as honeypots, has been introduced to address sophisticated attacks, there remains a gap in understanding the role of deception techniques from the attacker’s perspective in manipulating defenders and system operators.
Therefore, this paper emphasizes the critical role of deception techniques, particularly attention diversion, in APTs. The paper delves into the multi-layered nature of APTs and explains the role of attention diversion in manipulating human operators and system processes, and why this is important to succeed with an APT. This psychological manipulation aims to create a misleading sense of normalcy, diverting attention from critical vulnerabilities in the system. Such attention diversion techniques can also amplify the challenge of detecting and mitigating APTs, exploiting both human psychology and operational procedures within CPS. To illustrate these aspects, the paper describes how attention diversion techniques was applied in a case study of an APT attack conducted on a digital substation Hardware-in-the-Loop (HIL) testbed and discusses the results.
The main purpose of this paper is to highlight the under-explored area of deceptive strategies, particularly in OT, to motivate further research into this area.
References
[1]
Akbarzadeh, A.: Dependency based risk analysis in cyber-physical systems. Ph. D. Thesis, Norwegian University of Science and Technology (NTNU) (2023)
[2]
Akbarzadeh A, Erdodi L, Houmb SH, Soltvedt TG, and Muggerud HK Attacking IEC 61850 substations by targeting the PTP protocol Electronics 2023 12 12 2596
[3]
Almeshekah, M.H.: Using deception to enhance security: a taxonomy, model, and novel uses. Ph.D. thesis, Purdue University (2015)
[4]
Amoroso, E.: Cyber Attacks: Protecting National Infrastructure. Elsevier, Amsterdam (2012)
[5]
Bennett, M.: Counterdeception Principles and Applications for National Security. Artech (2007)
[6]
Kaspersky Industrial Control Systems Cyber Emergency Response Team CERT: APT attacks on industrial organizations in H1 2021 (2021). https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-APT-attacks-on-industrial-organizations-in-H1-2021-En.pdf
[7]
Chen P, Desmet L, and Huygens C De Decker B and Zúquete A A study on advanced persistent threats Communications and Multimedia Security 2014 Heidelberg Springer 63-72
[8]
Erdődi, L., Kaliyar, P., Houmb, S.H., Akbarzadeh, A., Waltoft-Olsen, A.J.: Attacking power grid substations: an experiment demonstrating how to attack the scada protocol IEC 60870-5-104. In: Proceedings of the 17th International Conference on Availability, Reliability and Security, pp. 1–10 (2022)
[9]
Faveri, C.D.: Modeling deception for cyber security. NOVA University Lisbon (2022). https://run.unl.pt/bitstream/10362/148907/1/Faveri_2022.pdf
[10]
Heckman, K.E., Stech, F.J., Thomas, R.K., Schmoker, B., Tsow, A.W.: Cyber denial, deception and counter deception. In: Advances in Information Security, vol. 64 (2015)
[11]
Hilbert M Toward a synthesis of cognitive biases: how noisy information processing can bias human decision making Psychol. Bull. 2012 138 2 211
[12]
Izycki, E., Vianna, E.W.: Critical infrastructure: a battlefield for cyber warfare? In: ICCWS 2021 16th International Conference on Cyber Warfare and Security, p. 454. Academic Conferences Limited (2021)
[13]
Jørgensen, P.A., Waltoft-Olsen, A., Houmb, S.H., Toppe, A.L., Soltvedt, T.G., Muggerud, H.K.: Building a hardware-in-the-loop (HiL) digital energy station infrastructure for cyber operation resiliency testing. In: Proceedings of the 3rd International Workshop on Engineering and Cybersecurity of Critical Systems, pp. 9–16 (2022)
[14]
Mahon, J.E.: The definition of lying and deception (2008)
[15]
Major, M., Fugate, S., Mauger, J., Ferguson-Walter, K.: Creating cyber deception games. In: 2019 IEEE First International Conference on Cognitive Machine Intelligence (CogMI), pp. 102–111. IEEE (2019)
[16]
Masip, J., Garrido, E., Herrero, C.: Defining deception (2004). https://api.semanticscholar.org/CorpusID:31882891
[17]
Pawlick J, Zhu Q, et al. Game Theory for Cyber Deception 2021 Cham Springer
[18]
Ross, R., Pillitteri, V., Graubart, R., Bodeau, D., McQuaid, R.: Developing cyber-resilient systems: a systems security engineering approach, NIST special publication 800-160. Technical report, National Institute of Standards and Technology (2021). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2r1.pdf
[19]
Schacter, D., Gilbert, D., Wegner, D., Hood, B.M.: Psychology: European Edition. Macmillan International Higher Education (2011)
[20]
Seo S and Kim D SOD2G: a study on a social-engineering organizational defensive deception game framework through optimization of spatiotemporal MTD and decoy conflict Electronics 2021 10 23 3012
[21]
Sharma, A., Gupta, B.B., Singh, A.K., Saraswat, V.: Advanced persistent threats (APT): evolution, anatomy, attribution and countermeasures. J. Ambient Intell. Humaniz. Comput. 1–27 (2023)
[22]
Yadav T and Rao AM Abawajy J, Mukherjea S, Thampi S, and Ruiz-Martínez A Technical aspects of cyber kill chain Security in Computing and Communications 2015 Cham Springer 438-452
Recommendations
Two-stage advanced persistent threat (APT) attack on an IEC 61850 power grid substation
AbstractAdvanced Persistent Threats (APTs) are stealthy, multi-step attacks tailored to a specific target. Often described as ’low and slow’, APTs remain undetected until the consequences of the cyber-attack become evident, usually in the form of damage ...
Comparing cyber physical systems with RFID applications: common attacks and countermeasure challenges
The RFID technology is widely used in industrial control systems (ICS) and cyber physical systems (CPS). However, the design of the current RFID protocol is optimal in performance but with less effort invested into security. As such, RIFD infrastructure ...
Cyber In-security of Industrial Control Systems: A Societal Challenge
SAFECOMP 2015: Proceedings of the 34th International Conference on Computer Safety, Reliability, and Security - Volume 9337Our society and its citizens increasingly depend on the undisturbed functioning of critical infrastructures CI, their products and services. Many of the CI services as well as other organizations use Industrial Control Systems ICS to monitor and control ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 29 June 2024
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 16 Nov 2024
Other Metrics
Citations
View Options
View options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in