Related papers: Analysing the cultural dimensions of cybercriminal groups -- A case study on the Conti ransomware group

Analysing the cultural dimensions of cybercriminal groups -- A case study on the Conti ransomware group

URL: http://arxiv.org/abs/2411.02548v1
Date: Mon, 04 Nov 2024 19:31:15 GMT
Title: Analysing the cultural dimensions of cybercriminal groups -- A case study on the Conti ransomware group
Authors: Konstantinos Mersinas, Aimee Liu, Niki Panteli,
Abstract summary: We propose an additional component for profiling threat actor groups through analysing cultural aspects of human behaviours and interactions. We conduct thematic analysis across the six dimensions of the Hofstede national culture classification and the eight dimensions of the Meyer classification on leaked internal communications of the ransomware group Conti. Insights from such applications can, first, assist in combating cybercrime and, second, can provide a level of confidence in nuanced cyber-attack attribution processes.
Score: 0.0
License:
Abstract: Cybercriminal profiling and cyber-attack attribution have been elusive goals world-wide, due to their effects on societal and geopolitical balance and stability. Attributing actions to a group or state is a complex endeavour, with traditional established approaches including cyber threat intelligence and analysis of technical means such as malware analysis, network forensics and geopolitical intelligence. However, we propose an additional component for profiling threat actor groups through analysing cultural aspects of human behaviours and interactions. We utilise a set of variables which determine characteristics of national and organisational culture to create a cultural "footprint" of cybercriminal groups. As a case study, we conduct thematic analysis across the six dimensions of the Hofstede national culture classification and the eight dimensions of the Meyer classification on leaked internal communications of the ransomware group Conti. We propose that a systematic analysis of similar communications can serve as a practical tool for a) understanding the modus operandi of cybercrime and cyberwarfare-related groups, and b) profiling cybercriminal groups and/or nation-state actors. Insights from such applications can, first, assist in combating cybercrime and, second, if combined with additional cyber threat intelligence, can provide a level of confidence in nuanced cyber-attack attribution processes.

Related papers

Countering Autonomous Cyber Threats [40.00865970939829]
Foundation Models present dual-use concerns broadly and within the cyber domain specifically. Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations. This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
arXiv Detail & Related papers (2024-10-23T22:46:44Z)
A Smart City Infrastructure Ontology for Threats, Cybercrime, and Digital Forensic Investigation [2.2530496464901106]
Efforts have been made to assist digital forensic investigators (DFI) and law enforcement agencies (LEA) in their investigative efforts. Forensic tool innovations and developments, such as the Unified Cyber Ontology (UCO) and Cyber-investigation Standard Expression (CASE), have been proposed to assist DFI and LEA. To mitigate weaknesses in both and to ensure a safer cyber-physical environment for all, we propose the Smart City Ontological Expression (SCOPE)
arXiv Detail & Related papers (2024-08-04T13:20:01Z)
Psychological Profiling in Cybersecurity: A Look at LLMs and Psycholinguistic Features [0.741787275567662]
We explore the potential of psychological profiling techniques, particularly focusing on the utilization of Large Language Models (LLMs) and psycholinguistic features. Our research underscores the importance of integrating psychological perspectives into cybersecurity practices to bolster defense mechanisms against evolving threats.
arXiv Detail & Related papers (2024-06-26T23:04:52Z)
Inference Attacks: A Taxonomy, Survey, and Promising Directions [44.290208239143126]
This survey provides an in-depth and comprehensive inference of attacks and corresponding countermeasures in ML-as-a-service. We first propose the 3MP taxonomy based on the community research status, trying to normalize the confusing naming system of inference attacks. Also, we analyze the pros and cons of each type of inference attack, their workflow, countermeasure, and how they interact with other attacks.
arXiv Detail & Related papers (2024-06-04T07:06:06Z)
Towards in-situ Psychological Profiling of Cybercriminals Using Dynamically Generated Deception Environments [0.0]
Cybercrime is estimated to cost the global economy almost $10 trillion annually. Traditional perimeter security approach to cyber defence has so far proved inadequate to combat the growing threat of cybercrime. Deceptive techniques aim to mislead attackers, diverting them from critical assets whilst simultaneously gathering cyber threat intelligence on the threat actor. This article presents a proof-of-concept system that has been developed to capture the profile of an attacker in-situ, during a simulated cyber-attack in real time.
arXiv Detail & Related papers (2024-05-19T09:48:59Z)
Human Factors in the LastPass Breach [0.0]
The paper argues for the integration of human-centric considerations into cybersecurity measures. It focuses on mitigating factors such as goal-directed behavior, cognitive overload, human biases (e.g., optimism, anchoring), and risky behaviors.
arXiv Detail & Related papers (2024-05-03T00:41:29Z)
Graph Mining for Cybersecurity: A Survey [61.505995908021525]
The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
arXiv Detail & Related papers (2023-04-02T08:43:03Z)
Generating Cyber Threat Intelligence to Discover Potential Security Threats Using Classification and Topic Modeling [6.0897744845912865]
Cyber Threat Intelligence (CTI) has been represented as one of the proactive and robust mechanisms. Our goal is to identify and explore relevant CTI from hacker forums by using different supervised and unsupervised learning techniques.
arXiv Detail & Related papers (2021-08-16T02:30:29Z)
The Feasibility and Inevitability of Stealth Attacks [63.14766152741211]
We study new adversarial perturbations that enable an attacker to gain control over decisions in generic Artificial Intelligence systems. In contrast to adversarial data modification, the attack mechanism we consider here involves alterations to the AI system itself.
arXiv Detail & Related papers (2021-06-26T10:50:07Z)
An interdisciplinary conceptual study of Artificial Intelligence (AI) for helping benefit-risk assessment practices: Towards a comprehensive qualification matrix of AI programs and devices (pre-print 2020) [55.41644538483948]
This paper proposes a comprehensive analysis of existing concepts coming from different disciplines tackling the notion of intelligence. The aim is to identify shared notions or discrepancies to consider for qualifying AI systems.
arXiv Detail & Related papers (2021-05-07T12:01:31Z)
Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
arXiv Detail & Related papers (2020-07-05T18:22:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.