Multi-Layer Protection Approach MLPA for the Detection of Advanced Persistent Threat

Background: The ongoing coronavirus (COVID-19) pandemic has had a profound global impact. Although it has unexpectedly placed considerable strain on healthcare sectors, the effects of the pandemic have been far more extensive—presenting significant challenges to infrastructures and industries including the economy, transportation systems, and even telecommunications operations. These persistent issues have created a pathway, providing cyber criminals with an opportunity to employ advanced persistent threats (APT) to target private and government sectors. These prolonged attacks have sought to target enterprise organizations within the public sector, allowing attackers to covertly gain access to their infrastructures and information systems, often remaining undetectable for long periods of time. Technically speaking, APTs are considered one of the most dangerous types of cyber-attacks, in part due to the myriad of techniques and tactics which can be undertaken. This paper will illustrate conditions for these attacks to triumph.

Methods: This paper used MITRE ATT&CK to purpose Multi Layers Protection Approach (MLPA), beginning with the implementing CPU utilization method based of using mimikatz malicious application in credential dumping technique on all internal devices, passing through the application of the approach to the entire infrastructure

Results: MLPA provided in this paper was able to detect APT attacks based on central processing unit utilization, protection rule with accuracy detection 99.7% and false-positive 0.3%. Meanwhile got entire information of APT attack #20373e4d4d11ba0e839278737ee9fc49cb164bbd#

Conclusions: In this paper we have proposed APT groups (Kimsuky, APT36, Patchwork, TA505, TA542, Ocean Lotus and Gamaredon ) and how to mitigate their attacks Through using MLPA and CPU method.