Advanced Cyber–Threat Intelligence, Detection, and Mitigation Platform for a Trusted Internet of Things Grant Agreement: 786698 D2.5 Threat actors’ attack strategies Work Package 2: Cyber–threat landscape and end–user requirements Document Dissemination Level PU Public X CO Confidential, only for members of the Consortium (including the Commission Services) Document Due Date: 31/12/2018 Document Submission Date: 31/12/2018 Co–funded by the Horizon 2020 Framework Programme of the European Union D2.5 Threat actors’ attack strategies Document Information Deliverable number: D2.5 Deliverable title: Threat actors’ attack strategies Deliverable version: 1.00 Work Package number: WP2 Work Package title: Cyber–threat landscape and end–user requirements Due Date of delivery: 31/12/2018 Actual date of delivery: 31/12/2018 Dissemination level: PU Editor(s): Konstantinos Limniotis (UOP) Contributor(s): Nicholas Kolokotronis, Costas Vassilakis, Nicholas Kalouptsidis, Konstantinos Limniotis, Konstantinos Ntemos, Christos–Minas Mathas, Konstantinos–Panagiotis Grammatikakis (UOP) Dimitris Kavallieros, Giovana Bilali (KEMEA) Stavros Shiaeles, Bogdan Ghita, Julian Ludlow, Salam Ketab, Hussam Mohammed, Abdulrahman Alruban (CSCAN) Reviewer(s): Pavué Clément (SCORECHAIN) Michele Simioli (MATHEMA) Project name: Advanced Cyber–Threat Intelligence, Detection, and Mitigation Platform for a Trusted Internet of Things Project Acronym Cyber–Trust Project starting date: 01/05/2018 Project duration: 36 months Rights: Cyber–Trust Consortium Copyright Cyber–Trust Consortium. All rights reserved. 2 D2.5 Threat actors’ attack strategies Version History Version Date Beneficiary Description 0.10 22/10/2018 UOP Proposed deliverable’s outline 0.15 06/11/2018 UOP Initial text in Section 5 has been written 0.20 11/11/2018 UOP First draft of Section 4 0.25 30/11/2018 UOP First draft of Section 5 0.30 07/12/2018 UOP First draft of Section 3 0.35 09/12/2018 UOP New material added, presentation enhancements, and structural changes 0.40 14/12/2018 UOP First draft of Section 1 0.45 15/12/2018 CSCAN First draft of Section 8 0.50 17/12/2018 KEMEA First draft of Section 7 0.55 18/12/2018 UOP First draft of Section 6 0.60 18/12/2018 UOP First draft of Section 2 0.65 19/12/2018 UOP Final draft of deliverable sent for review 1.00 30/12/2018 UOP Accommodation of review comments and other minor corrections Copyright Cyber–Trust Consortium. All rights reserved. 3 D2.5 Threat actors’ attack strategies Acronyms ACRONYM EXPLANATION ACT Attack Countermeasure Tree ADT Attack Defense Tree AFT Attack Fault Tree AG Attack graph AIV Annual Infrastructure Value ALE Annual Loss Expectancy API Application Programming Interface ARC Annual Response Cost ART Attack response Tree AT Attack tree BAG Bayesian Attack Graph CAG Core Attack Graph CMS Content Management System CoAG Conservative Attack Graph CPE Common Platform Enumeration CSV Comma–Separated Values CUI Character User Interface CVE Common Vulnerabilities and Exposures CVRF Common Vulnerability Reporting Format CVSS Common Vulnerability Scoring System CWE Common Weakness Enumeration DAG Directed Acyclic Graph DDoS Distributed Denial of Service DNS Domain Name Server DT Defense Tree EDG Exploit Dependency Graph eVDB enriched Vulnerability Data Base GCF Greenbone Community Feed GPL General Public License GPO Group Policy Object GPRS General Packet Radio Service GPS Global Positioning System GrSM Graphical Security Model GSF Greenbone Security Feed HARM Hierarchical Attack Representation Model HTTP Hypertext Transfer Protocol HVAC Heating, Ventilation, and Air Conditioning IDPS Intrusion Detection and Prevention System IDS Intrusion Detection System IEC International Electrotechnical Commission iIRS intelligent Intrusion Response System Copyright Cyber–Trust Consortium. All rights reserved. 4 D2.5 Threat actors’ attack strategies IoT Internet of Things IPS Intrusion Prevention System ISO International Standards Organization LGA Logical Attack Graph NASL Nessus Attack Scripting Language NCCIC National Cybersecurity and Communications Integration Center NFC Near Field Communication NGFW Next Generation FireWall NIST National Institute of Standards and Technology NSE Nmap Scripting Engine NVD National Vulnerability Database OS Operating System OSINT Open–Source INTelligence OVAL Open Vulnerability and Assessment Management OWAT Ordered Weighted Averaging Tree PAG Personalized Attack Graph PCAP Packet Capture PT Protection Tree RDF Resource Description Framework RM Risk Mitigation SCAP Security Content Automation Protocol SCT Security Compliance Toolkit SDN Software Defined Network SNMP Simple Network Management Protocol SQL Structured Query Language TCP Transmission Control Protocol TMS Trust Management Service TVA Topological Vulnerability Analysis UDP User Datagram Protocol UI User Interface URI Uniform Resource Identifier URL Uniform Resource Locator VDB Vulnerability Data Base VM Virtual Machine VPN Virtual Private Network XML eXtensible Markup Language Copyright Cyber–Trust Consortium. All rights reserved. 5 D2.5 Threat actors’ attack strategies Table of Contents 1. Introduction ................................................................................................................................. 13 1.1 Purpose of the document ................................................................................................................ 13 1.2 Relations to other activities in the project ....................................................................................... 14 1.3 Structure of the document .............................................................................................................. 14 2. Methodology ................................................................................................................................ 15 3. Information acquisition ................................................................................................................. 18 3.1 Network topology and host connectivity ......................................................................................... 18 3.1.1 List of tools considered ....................................................................................................... 20 3.1.1.1 Nmap .................................................................................................................... 20 3.1.1.2 Angry IP scanner .................................................................................................. 21 3.1.1.3 Unicornscan ......................................................................................................... 22 3.1.1.4 Dipiscan ................................................................................................................ 22 3.1.1.5 Masscan ............................................................................................................... 23 3.1.1.6 Scanrand .............................................................................................................. 23 3.1.1.7 Zmap .................................................................................................................... 23 3.1.1.8 NetCrunch tools ................................................................................................... 24 3.1.1.9 MyNet toolset ...................................................................................................... 24 3.1.1.10 LanTopoLog .......................................................................................................... 25 3.1.1.11 Spiceworks NM .................................................................................................... 25 3.1.1.12 NetworkMiner...................................................................................................... 25 3.1.1.13 PcapViz ................................................................................................................. 26 3.1.1.14 Skydive ................................................................................................................. 26 3.1.1.15 Maltego ................................................................................................................ 27 3.1.1.16 Netglub ................................................................................................................ 27 3.1.1.17 Dnsdumpster.com................................................................................................ 28 3.1.1.18 Spiderfoot ............................................................................................................ 28 3.1.1.19 ReconDog ............................................................................................................. 29 3.1.2 Comparative analysis .......................................................................................................... 29 3.2 Vulnerability scanning ...................................................................................................................... 32 3.2.1 Tools and scanning taxonomies .......................................................................................... 32 3.2.2 Comparison criteria choice ................................................................................................. 33 3.2.3 List of tools considered ....................................................................................................... 35 3.2.3.1 OpenVAS .............................................................................................................. 35 3.2.3.2 Nessus
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages131 Page
-
File Size-