More Related Content Similar to [CB19] From Advanced Persistent Threats to "Advanced Persistent Manipulators": The Evolving Cyber Defense Battlefield by Mei Nelson (20) [CB19] From Advanced Persistent Threats to "Advanced Persistent Manipulators": The Evolving Cyber Defense Battlefield by Mei Nelson2. AS ADVANCED PERSISTENT THREATS
CONTINUE THEIR WORK...
Copyright © 2019 Accenture. All rights reserved. 2
Source: US-CERT Source: FBI
3. Copyright © 2019 Accenture. All rights reserved. 3
A NEW BREED OF THREAT
EMERGES:
4. Copyright © 2019 Accenture. All rights reserved. 4
ADVANCED
PERSISTENT
MANIPULATORS
“An actor or combination
of actors perpetrating
an extended,
sophisticated, multi-
platform,multi-media
informationattack on a
specified target”
— CLINT WATTS, THE ALLIANCE FOR SECURING DEMOCRACY
5. ADVANCED PERSISTENT THREATS VS
ADVANCED PERSISTENT MANIPULATORS
Copyright © 2019 Accenture. All rights reserved. 5
APTs APMs
Main Characteristics Organized, resourceful,
well-funded, defined
objectives, conducting
network operations
Organized, resourceful, well-funded,
defined objectives, conducting
information operations across all social
media platforms
Goals Strategic advantage, profit Influence audiences, discredit
adversaries, enlist allies and agents, incite
fear and provoke conflict, distort reality
Methods Network intrusion,
vulnerability exploitation
Use inauthentic accounts, create
forgeries, stage real world provocations
Actors State-sponsored actors,
cybercriminals, corporate
espionage actors
Activists, extremist groups, state-
sponsored actors, political campaigns,
lobbyists, businesses, or celebrities
7. WARFARE&
DECEPTION
兵者,詭道也。故能而示之不能,用而
示之不用,近而示之遠,遠而示之近。
All warfare is based on deception. Hence, when
we are able to attack, we must seem unable;
when using our forces, we must appear inactive;
when we are near, we must make the enemy
believe we are far away; when far away, we must
make him believe we are near.
7
Source: Amazon
Copyright © 2019 Accenture. All rights reserved.
8. INFORMATIONOPERATIONS
&DECEPTION
The Set Up: a novel of espionage
“I will force the enemy to take our strength for
weakness, and our weakness for strength, and
thus will turn his strength into weakness.”
- A fictional KGB officer in charge of
disinformation operations
8
Source: Abebooks.co.uk
Copyright © 2019 Accenture. All rights reserved.
12. INFORMATION OPERATIONS
TARGET AUDIENCES
12
Targets of Non-state actors
• Own group members or
rival groups
• Law enforcement
• Politicians
• General public
Targets of State actors
• One’s own citizens
• Adversary country’s
politicians, military,
bureaucrats
• Various groups within
the adversary country
• Mass opinion
Copyright © 2019 Accenture. All rights reserved.
13. 13
• Flooding the media with multiple versions of a story to
confuse the audience
• Publicizing scandalous information to discredit a critic
or adversary
• Distracting world opinion from negative information,
by highlighting or even creating some other crisis or
scandal
• Using inauthentic social media profiles to inflame real-
world violence by publicizing rallies of rival groups
Copyright © 2019 Accenture. All rights reserved.
INFORMATION OPERATIONS
TACTICS
14. 14
CASE STUDY: #MACRONLEAKS (PART I)
• Disinformation campaign: rumors,
fake news, forged documents
• Offensive network intrusion:
computers of Macron’s campaign
staff
• Spreading stolen data using trolls
and bots
Source: Reuters
Copyright © 2019 Accenture. All rights reserved.
15. 15
CYBER-ENABLED INFORMATION OPERATIONS
Broadly
Any information operations taking place in
cyberspace, including in online media and
social media
Narrowly
Information operations leveraging offensive
cyber threat activity such as subverting
secure system
Copyright © 2019 Accenture. All rights reserved.
18. CASE STUDY: #MACRONLEAKS (PART II)
1818
18
• Spear phishing campaign
• Hacktivist personas
• Social media bots
• Imagery board: 4chan
SNAKEMACKEREL (APT 28)
Copyright © 2019 Accenture. All rights reserved. Source: Fancy Bears’ Hack Team website
19. CASE STUDY: THE INTEGRITY INITIATIVE
19
Objective: Disinformation
& Counternarrative
• Perpetrator:
”Anonymous”
Likely state-controlled
hacktivist persona
• Six Leaks from Nov. 5th
2018
• Financial focus? – No,
but it can happen
Copyright © 2019 Accenture. All rights reserved.
Source: the CyberGuerrilla website
20. CASE STUDY: FANCY BEARS’ HACK TEAM
20
Source: Fancy Bears’ Hack Team website
Copyright © 2019 Accenture. All rights reserved.
21. 21
SKATE
Copyright © 2019 Accenture. All rights reserved.
CASE STUDY: ENDLESS MAYFLY & OPERATION
NEWSCASTER
1. Used typo-squatted domains to create
inauthentic websites
2. Promoted these domains on social
media platforms using inauthentic
personas
3. Hosted malicious mobile applications
4. Leveraged “ephemeral disinformation”
– Burn After Reading
21
25. 25
SUGGESTIONS
• Follow geopolitical events
• Set social media policies
• Filter inauthentic accounts
• Verify claims
• Investigate information sources
Copyright © 2019 Accenture. All rights reserved.
28. LEGAL NOTICE & DISCLAIMER
© 2019 Accenture.
Accenture Security
Accenture Security helps organizations build resilience from the inside out, so they can confidently focus
on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry
understanding across client value chains and services that span the security lifecycle, Accenture
protects organizations’ valuable assets, end-to-end. With services that include strategy and risk
management, cyber defense, digital identity, application security and managed security, Accenture
enables businesses around the world to defend against known sophisticated threats, and the unknown.
Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
This document is produced by consultants at Accenture as general guidance. It is not intended to
provide specific advice on your circumstances. If you require advice or further details on any matters
referred to, please contact your Accenture representative.
The opinions, statements, and assessments in this report are solely those of the individual author(s) and
do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or
affiliates.