Modern society is now reliant on digital communication and networks for conducting a wide array of tasks, ranging from simple acts such as browsing the web through to mission critical tasks such as the management of critical infrastructure and industrial controls. This reliance shows a growing emphasis on strategic importance of cyberspace (Sharma, 2010). While organisations and individuals are keenly exploiting the benefits of cyberspace, these same platforms have also opened new avenues for nefarious actors in the pursuit of their criminal activities to attack, disrupt, or steal from organisations and individuals. Criminal organisations and lone criminals worldwide have access to powerful, evolving capabilities which they use to identify and target their victims allowing for the perpetration of a wide variety of cyber crimes. Cyber attacks and the term ‘cyber warfare’1 has come to use more regularly and it is apparent that a new class of weapons has emerged: software viruses, Trojan horses, logic bombs, etc. and where such weapons exist, then attackers exist also. The modus operandi of nationstate actors is not much different from that used by cyber criminals – with the exception of their end goals. ududThis paper discusses ways in which utilising methods from typically non-cyber disciplines – business and criminology – can successfully be applied to the cyber domain in order to help in the fight against and prevention of cyber attacks, including those used in Cyber Warfare. Through the provision of a visual representation, this paper clarifies how journey mapping and crime scripting can help in building an understanding of the steps criminals or adversaries in general undertake during execution of a cyber criminal or cyber warfare attacker. In essence, within our work we have deconstructed the lifecycle of attack events and translated the steps within it into a visualisation map to show the full event process, highlighting key steps as well as positive and negative events. Such work can be applied to military defence area, as it can aid in the decision processes when undertaking steps in pursuit, prevention, preparation and protection. The end goals of the two differ, but tactics and techniques – reconnaissance for, preparation of and execution of attacks – uses the same modus operandi.
展开▼
机译:现代社会现在依靠数字通信和网络来执行各种各样的任务,从简单的行为(例如浏览网络)到任务关键型任务(例如关键基础结构和工业控制的管理)。这种依赖性表明,人们越来越重视网络空间的战略重要性(Sharma,2010年)。尽管组织和个人热衷于利用网络空间的好处,但这些平台也为邪恶的行为者开展犯罪活动以攻击,破坏或窃取组织和个人开辟了新途径。世界各地的犯罪组织和孤独的罪犯都可以使用强大的不断发展的功能,他们可以用来识别和瞄准受害者,从而进行各种各样的网络犯罪。网络攻击和“网络战争”一词的使用越来越频繁,而且显然已经出现了新一类武器:软件病毒,特洛伊木马,逻辑炸弹等,并且在存在此类武器的地方,也存在攻击者。民族国家行为者的作案手法与网络罪犯所使用的作法没有太大区别,只是他们的最终目标不同。 ud ud本文讨论了如何将典型的非网络学科(业务和犯罪学)的方法成功地应用于网络领域,以帮助打击和预防网络攻击,包括网络战争中使用的那些方法。通过提供可视化表示,本文阐明了旅程映射和犯罪脚本如何有助于建立对犯罪分子或对手在执行网络犯罪或网络战争攻击者期间通常采取的步骤的了解。本质上,在我们的工作中,我们解构了攻击事件的生命周期,并将其中的步骤转换为可视化地图,以显示整个事件过程,突出显示关键步骤以及正面和负面事件。这样的工作可以应用于军事防御领域,因为它在采取追击,预防,准备和保护等步骤时可以帮助决策过程。两者的最终目标不同,但是战术和技术(侦察,准备和执行攻击)使用相同的作案手法。
展开▼
