Saved in:
Bibliographic Details
Main Authors: Mersinas, Konstantinos, Liu, Aimee, Panteli, Niki
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2411.02548
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913599980568576
author Mersinas, Konstantinos
Liu, Aimee
Panteli, Niki
author_facet Mersinas, Konstantinos
Liu, Aimee
Panteli, Niki
contents Cybercriminal profiling and cyber-attack attribution have been elusive goals world-wide, due to their effects on societal and geopolitical balance and stability. Attributing actions to a group or state is a complex endeavour, with traditional established approaches including cyber threat intelligence and analysis of technical means such as malware analysis, network forensics, and geopolitical intelligence. However, we propose an additional component for profiling threat actor groups through analysing cultural aspects of human behaviours and interactions. We utilise a set of variables which determine characteristics of national and organisational culture to create a cultural "footprint" of cybercriminal groups. As a case study, we conduct thematic analysis across the six dimensions of the Hofstede national culture classification and the eight dimensions of the Meyer classification on leaked internal communications of the ransomware group Conti. We propose that a systematic analysis of similar communications can serve as a practical tool for a) understanding the modus operandi of cybercrime and cyberwarfare-related groups, and b) profiling cybercriminal groups and/or nation-state actors. Insights from such applications can, first, assist in combating cybercrime and, second, if combined with additional cyber threat intelligence, can provide a level of confidence in nuanced cyber-attack attribution processes.
format Preprint
id arxiv_https___arxiv_org_abs_2411_02548
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Analysing the cultural dimensions of cybercriminal groups -- A case study on the Conti ransomware group
Mersinas, Konstantinos
Liu, Aimee
Panteli, Niki
Cryptography and Security
-
Cybercriminal profiling and cyber-attack attribution have been elusive goals world-wide, due to their effects on societal and geopolitical balance and stability. Attributing actions to a group or state is a complex endeavour, with traditional established approaches including cyber threat intelligence and analysis of technical means such as malware analysis, network forensics, and geopolitical intelligence. However, we propose an additional component for profiling threat actor groups through analysing cultural aspects of human behaviours and interactions. We utilise a set of variables which determine characteristics of national and organisational culture to create a cultural "footprint" of cybercriminal groups. As a case study, we conduct thematic analysis across the six dimensions of the Hofstede national culture classification and the eight dimensions of the Meyer classification on leaked internal communications of the ransomware group Conti. We propose that a systematic analysis of similar communications can serve as a practical tool for a) understanding the modus operandi of cybercrime and cyberwarfare-related groups, and b) profiling cybercriminal groups and/or nation-state actors. Insights from such applications can, first, assist in combating cybercrime and, second, if combined with additional cyber threat intelligence, can provide a level of confidence in nuanced cyber-attack attribution processes.
title Analysing the cultural dimensions of cybercriminal groups -- A case study on the Conti ransomware group
topic Cryptography and Security
-
url https://arxiv.org/abs/2411.02548