Risk assessment of targeted cyber-attacks: a practical workshop on Advanced Persistent Threats campaigns

Sunday, December 4, 2022 with Giorgio Di Tizio and Fabio Massacci (8:30AM-5:30PM)

This full-day workshop will introduce participants to some principles behind cybersecurity vulnerability assessment and risk mitigations and provides some hands-on analysis with a rich dataset.

We will focus on Advanced Persistent Threats (APTs), considered the highest risk to cybersecurity. We will discuss the basic notion of targeted and untargeted cyber attacks and the kill chain of targeted attacks (MITRE ATT&CK framework) including some examples of well-known APTs such as APT29, behind the Russian interferences in the 2016 US presidential election and the SolarWinds hack. Then, we discuss possible methodologies to evaluate the risk of software update strategies. In the second part of the tutorial, we will present a large dataset compromising data from over 85 APTs and 350 campaigns covering more than 500 reports from cyber security companies. We introduce the participants to the Neo4j dataset where such rich relational data is stored and we present some key concepts for queries. Participants will incrementally practice data extraction by leveraging the relationships of the Neo4j database, for example, to determine the APTs exploiting a 0-day vulnerability. We will then perform some simple statistical analysis on the extracted data and show how the risk of different patching strategies can be calculated.

Participants could then play with their own favorite scenarios. Familiarity with a Python notebook is the only prerequisite for independent data analysis.