To search, Click below search items. |
| All Published Papers Search Service |
|
|
|
Title |
Modeling of APT Actors Targeting Healthcare Sector |
|
Author |
Muhammad Dikko Gambo and Dr Talal Mousa Alkharobi |
| Citation |
Vol. 25 No. 2 pp. 155-168 |
|
Abstract |
The healthcare sector plays a crucial role in saving lives, storing sensitive patient data, and ensuring public health. Any compromise in this sector can have severe consequences, including patient safety and privacy breaches. Globally, the healthcare industry continues to be the top target for cyberattacks given its role in society and the value of its immense data. Advanced Persistent Threats (APTs) continue to be a major security problem in today¡¯s cyberspace. The necessity for up-to-date information is crucial for cybersecurity experts to effectively carry out their responsibilities. This paper presents an in-depth study of Advanced Persistent Threats (APTs) targeting the healthcare sector, focusing on three APT groups: FIN4, Deep Panda, and APT41. The study identifies and examines the Tactics, Techniques, and Procedures (TTPs) employed by these groups, using the Cyber Kill Chain, Diamond Model, and MITRE ATT&CK frameworks. The study reveals how these APT actors gain and maintain access to healthcare systems, highlighting their strategies for exploiting vulnerabilities and evading detection. We also offer a novel ontological breakdown of TTPs, providing a structured approach to understanding these complex cyber attacks. The paper contributes significantly to the cybersecurity field by proposing a comprehensive Cyber Threat Intelligence (CTI) model, which includes actionable CTI reports for each APT group. These reports serve as a strategic resource for healthcare organizations, enabling them to adopt proactive and targeted defense strategies. Finally, we formulate practical recommendations presented in a Course of Action matrix for robust defense against these sophisticated adversaries. |
|
Keywords |
TTP,APT,CKC, CTI |
|
URL |
