Advanced Persistent Threats Attribution-Extending MICTIC Framework

Abstract

This research is inserted in the context of cybersecurity and specifically in the attribution of Advanced Persistent Threats (APT). The investigation that gave rise to the article studies the MICTIC Framework, validating it and proposing an extension to facilitate the assignment of APTs. In this research, we present the motivation for this proposal and its validation. Also, the MICTIC is presented layer by layer and the extended version is submitted for validation through a survey of around 50 university professors and researchers. Due to the fact the MICTIC by itself has not been validated, we decided to do that in conjunction with the extension proposal. Attribution is very important because lets you know who promoted or who carried out an APT-type attack. On the other hand, just the fact that there are sophisticated Attribution mechanisms can act as a deterrent to future attacks. This research contributes to greater ease in obtaining the Assignment of APTs and consequently in understanding how this type of cybercrime works. so much so that there are few studies on the Assignment of APTs. This study objectively contributes to achieving the APT attribution by combining technological and non-technological techniques. It contributes to achieving computer security environments since an APT Attribution is a high deterrent to an APT group getting uncovered and an Attribution being assigned to it. Typically, cybercriminals who have been identified have stopped operating, whereas the opposite is not true; unidentified actors persist with attacks for a long time. Thus, this study also contributes to the overall maintenance of cybersecurity.