Analisis Cyber Threat Injeksi Malware pada Suatu Dokumen Menggunakan Metode Mandiant’s Cyber Attack Lifecycle Model

Rifqi Mahmud(1*), Yudi Prayudi(2),


(1) Universitas Islam Indonesia
(2) Universitas Islam Indonesia
(*) Corresponding Author

Abstract


The number of malware attacks that occur by embedding malicious code or exploits makes it important to know the flow of the malware attack that occurs so that we can understand where the attack started and what impacts can be caused by a malware attack that occurs, and how the flow of the attack using an analytical method Cyber Attack Lifecycle. This research was conducted to find out the flow of a malware attack, to find out where the attack started and to find out what impact the attack could have on the Mandiant's Cyber Attack Lifecycle Model. Mandiant's Cyber Attack Lifecycle Model was chosen as the analysis method because it has 8 stages that can cover the entire attack flow, namely initial recon, initial compromise, establish foothold, escalate privileges, internal recon, move laterally, maintain presence, and complete mission. Analysis of the attack was carried out from a document file which was indicated to contain malware in which the document file was sent by someone using Microsoft Excel document format and would be analyzed using Mandiant's Cyber Attack Lifecycle Model method to find out where the attack started and how the attack flow could occur. The results showed that the application of the Mandiant's Cyber Attack Lifecycle Model was successful in covering all the attack paths well, knowing the impact of the attack, and being able to find out where the attack started.

Full Text:

PDF

References


CIS. (2016). The Center for Internet Security Community Attack Model.

Cunningham, C. (2020). Cyber Warfare : Truth, Tactics, And Strategies : strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare. Packt Publishing Ltd.

Digintrude. (2018). Malwares and Its Impact On Business. Retrieved October 10, 2021, from https://www.digintrude.com/malwares-and-its-impact-on-business.htm.

Espenschied, J., Gunn, A., & Computing. (2016). Threat Genomics.

Evans, D. (2011). Internet of things application in smart grid: A brief overview of challenges, opportunities, and future trends. Cisco IBSG, (April), 267–283. https://doi.org/10.1016/B978-0-12-812154-2.00013-4.

Hansen, S. S., & Larsen, T. M. T. (2015). Dynamic Malware Analysis: Detection and Family Classification using Machine Learning. Aalborg University.

Herr, T. (2014). PrEP: A framework for malware and cyber weapons. 9th International Conference on Cyber Warfare and Security. 2014, ICCWS 2014, 84–91. https://doi.org/10.2139/ssrn.2343798.

Hootsuite. (2021). Digital 2021 : Global Overview Report. Retrieved from https://datareportal.com/reports/digital-2021-global-overview-report.

Howard, R. (2008). Cyber Fraud Trends and Mitigation. The International Journal of Forensic Computer Science, 9–24. https://doi.org/10.5769/j200801001.

Hutchins, E., Cloppert, M., & Amin, R. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. 6th International Conference on Information Warfare and Security, ICIW 2011, (July 2005), 113–125.

Komatwar, R., & Kokare, M. (2021). A Survey on Malware Detection and Classification. Journal of Applied Security Research, 16(3), 390–420. https://doi.org/10.1080/19361610.2020.1796162.

Mandiant. (2013). APT1 Report 2013.

Mitre. (2015). Industry Perspective on Cyber Resiliency : Key Concepts & Terms (No. 15–330). Retrieved from http://www2.mitre.org/public/industry-perspective/key_concepts.html.

NCSC. (2016). Common Cyber attacks. UK Government, (January), 16. Retrieved from https://www.ncsc.gov.uk/white-papers/common-cyber-attacks-reducing-impact.

Patten, D. (2017). The Evolution to Fileless Malware, 13. Retrieved from https://infosecwriters.com/Papers/DPatten_Fileless.pdf.

Rahalkar, S., & Jaswal, N. (2019). The Complete Metasploit Guide.

Rebecca M. Blank. Patrick D. Gallagher. (2012). NIST Special Publication 800-30 Revision 1 - Guide for Conducting Risk Assessments. NIST Special Publication, (September), 95.

Sihwail, R., Omar, K., & Zainol Ariffin, K. A. (2018). International journal of advanced science, engineering and information technology IJASEIT. International Journal on Advanced Science, Engineering and Information Technology, 8(4–2), 1662–1671. Retrieved from http://ijaseit.insightsociety.org/index.php?option=com_content&view=article&id=9&Itemid=1&article_id=6827.

US DoD Joint Publication. (2013). JP 3-60 Joint Targeting, (January), 137.




DOI: http://dx.doi.org/10.30645/j-sakti.v6i1.438

Refbacks

  • There are currently no refbacks.



J-SAKTI (Jurnal Sains Komputer & Informatika)
Published Papers Indexed/Abstracted By:


Jumlah Kunjungan :

View My Stats