Facts In News
Syllabus: GS-3/Science and Technology, Cybersecurity
- A new Cybercrime investigation tool to be deployed to track cyberattacks targeting humans.
- It has been developed by the I-hub NTIHAC foundation (c3ihub) at IIT Kanpur with support from the Department of Science and Technology (DST) under National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS).
- It is a tool for apprehending cybercriminals’ modes of operations in a crime execution lifecycle.
- It also compares modus operandi (Mode of Operation) used in different crimes and manages user roles and track activity for crime paths.
- A TTPs-based investigation framework could be highly effective as it restricts the numbers of forms and methods the investigation can be conducted and primarily relies on criminals’ TTPs, leading to rapid conviction of cybercriminals.
|About TTPs (tactics, techniques and procedures)
– In cyber security, it describes the behaviors, strategies and methods used by attackers to develop and execute cyber attacks on enterprise networks.
– The TTP Triangle:
1. Tactics describe the technical objectives (the “why”) an attacker is performing an action. For instance, the attacker’s goal might be to run malicious code on your systems or steal confidential data from your network.
2. Techniques describe how a hacker achieves their objectives. The methods used by the attacker to engage in their attack. For example, an attacker may guess passwords to gain access to an account or engage in password cracking, where they use credentials of unrelated accounts to gain access to target accounts.
3. Procedures are the detailed description of the components used in an attack, including the tools and practices that attackers used . For instance, to perform the techniques and sub-techniques described earlier, an attacker may use CrackMapExec, an exploitation tool that can collect information in targeted networks.
1. To know the hacker or threat group and better understand an attack framework.
2. Help focusing on the investigation path, identify threat sources ,define the severity of the threat, and support incident response .
3. Help in identifying emerging threats and in developing threat and attack countermeasures.