Research

The following resources include some of our uMerc's research and other resources for your reading enjoyment.

Uncovering Insiders With Threat Hunting and Active Defense

Today’s adversaries are advanced and more capable than ever before. Passive defensive tactics are no longer viable for pursuing these attackers. To compound the issue, the existence of an insider threat creates a challenging problem for the passive defender. Techniques like Threat Hunting, attempt to diminish this problem by combating advanced threats with people, also known as Threat Hunters. Although Threat Hunting is proving to be invaluable for many organizations there remains a chasm between detection and disclosure. Offensive Countermeasure tools can be leveraged as a means to proactively hunt insider threats.

How to Target Critical Infrastructure

TCritical Infrastructure is a target for some because of the yield that a successful attack could result in. Death, disruption or damage is a real possibility. The Return on Investment (ROI) and Return on Security Investment (ROSI) fall short in actually determining the level of protection required for an organization striving to protect the most sensitive data or system. The Adversary Return on Investment (AROI) is the missing piece to the equation. From the adversary’s vantage point, data, infrastructure or systems have value. By understanding this value an organization can more appropriately align its security strategy; especially, for the most critical infrastructure. 

Constructing a Measurable Tabletop Exercise for a SCADA Environment

The incident occurred back in November 2011, or at least that was the story. Initial reports that an advanced hacker had taken control of a Supervisory Control and Data Acquisition (SCADA) system started to surface.  This system controlled a physical component: a water pump. The report also indicated the compromised system was forced to operate beyond normal levels, causing a pump to fail.  But was it true? Weeks later, the report and attribution were under criticism from ICS-CERT, who had conducted the incident handling steps for the Curran-Gardner Public Water District.  By drawing a parallel to the Curran-Gardner attack, a sound and measureable tabletop exercise can be developed to help an organization deal with a reallife incident affecting a SCADA system.