Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the ‘Hacktivist’ Threat to Critical Infrastructure

Peter Maynard; Kieran McLaughlin

doi:10.1109/CyberSA49311.2020.9139715

Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the ‘Hacktivist’ Threat to Critical Infrastructure

Peter Maynard, Kieran McLaughlin

School of Electronics, Electrical Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The hacktivist threat actor is listed in many risk decision documents. Yet their tactics and techniques often remain a mystery. We create a MITRE ATT&CK TM (ATT&CK) model of a well known hacktivist who goes under the pseudonym of Phineas Fisher, and map that threat to critical infrastructure. The analysis is derived from hacker manifestos, journalist reporting, and official government documentation. This analysis fills a gap in current threat models, to better define what skills and methods a determined hacker might employ. This paper also identifies seven essential mitigations which can be deployed by critical infrastructure operations and asset owners, to prevent such intrusions by hacktivists. We are in the process of contributing this threat actor into the MITRE ATT&CK knowledge base.

Original language	English
Title of host publication	2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA): Proceedings
Publisher	IEEE
Number of pages	7
DOIs	https://doi.org/10.1109/CyberSA49311.2020.9139715
Publication status	Published - 14 Jul 2020
Event	2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) - Dublin, Ireland Duration: 15 Jun 2020 → 19 Jun 2020

Conference

Conference	2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
Country/Territory	Ireland
City	Dublin
Period	15/06/2020 → 19/06/2020

Access to Document

10.1109/CyberSA49311.2020.9139715Licence: Unspecified

1 Finished

R1594ECI: Analysing and Detecting Advanced Multistage Attacks Against ICS
McLaughlin, K.
13/01/2016 → 30/09/2018
Project: Research

Cite this

@inproceedings{f0f95a0e3795412aa1dfb00c10207b2e,

title = "Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the {\textquoteleft}Hacktivist{\textquoteright} Threat to Critical Infrastructure",

abstract = "The hacktivist threat actor is listed in many risk decision documents. Yet their tactics and techniques often remain a mystery. We create a MITRE ATT&CK TM (ATT&CK) model of a well known hacktivist who goes under the pseudonym of Phineas Fisher, and map that threat to critical infrastructure. The analysis is derived from hacker manifestos, journalist reporting, and official government documentation. This analysis fills a gap in current threat models, to better define what skills and methods a determined hacker might employ. This paper also identifies seven essential mitigations which can be deployed by critical infrastructure operations and asset owners, to prevent such intrusions by hacktivists. We are in the process of contributing this threat actor into the MITRE ATT&CK knowledge base. ",

author = "Peter Maynard and Kieran McLaughlin",

year = "2020",

month = jul,

day = "14",

doi = "10.1109/CyberSA49311.2020.9139715",

language = "English",

booktitle = "2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA): Proceedings",

publisher = " IEEE ",

note = "2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) ; Conference date: 15-06-2020 Through 19-06-2020",

}

Maynard, P & McLaughlin, K 2020, Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the ‘Hacktivist’ Threat to Critical Infrastructure. in 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA): Proceedings. IEEE , 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), Dublin, Ireland, 15/06/2020. https://doi.org/10.1109/CyberSA49311.2020.9139715

Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the ‘Hacktivist’ Threat to Critical Infrastructure. / Maynard, Peter; McLaughlin, Kieran.

2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA): Proceedings. IEEE , 2020.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the ‘Hacktivist’ Threat to Critical Infrastructure

AU - Maynard, Peter

AU - McLaughlin, Kieran

PY - 2020/7/14

Y1 - 2020/7/14

N2 - The hacktivist threat actor is listed in many risk decision documents. Yet their tactics and techniques often remain a mystery. We create a MITRE ATT&CK TM (ATT&CK) model of a well known hacktivist who goes under the pseudonym of Phineas Fisher, and map that threat to critical infrastructure. The analysis is derived from hacker manifestos, journalist reporting, and official government documentation. This analysis fills a gap in current threat models, to better define what skills and methods a determined hacker might employ. This paper also identifies seven essential mitigations which can be deployed by critical infrastructure operations and asset owners, to prevent such intrusions by hacktivists. We are in the process of contributing this threat actor into the MITRE ATT&CK knowledge base.

AB - The hacktivist threat actor is listed in many risk decision documents. Yet their tactics and techniques often remain a mystery. We create a MITRE ATT&CK TM (ATT&CK) model of a well known hacktivist who goes under the pseudonym of Phineas Fisher, and map that threat to critical infrastructure. The analysis is derived from hacker manifestos, journalist reporting, and official government documentation. This analysis fills a gap in current threat models, to better define what skills and methods a determined hacker might employ. This paper also identifies seven essential mitigations which can be deployed by critical infrastructure operations and asset owners, to prevent such intrusions by hacktivists. We are in the process of contributing this threat actor into the MITRE ATT&CK knowledge base.

U2 - 10.1109/CyberSA49311.2020.9139715

DO - 10.1109/CyberSA49311.2020.9139715

M3 - Conference contribution

BT - 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA): Proceedings

PB - IEEE

T2 - 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)

Y2 - 15 June 2020 through 19 June 2020

ER -

Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the ‘Hacktivist’ Threat to Critical Infrastructure

Abstract

Conference

Access to Document

Fingerprint

Projects

R1594ECI: Analysing and Detecting Advanced Multistage Attacks Against ICS

Cite this