Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the ‘Hacktivist’ Threat to Critical Infrastructure

Peter Maynard, Kieran McLaughlin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The hacktivist threat actor is listed in many risk decision documents. Yet their tactics and techniques often remain a mystery. We create a MITRE ATT&CK TM (ATT&CK) model of a well known hacktivist who goes under the pseudonym of Phineas Fisher, and map that threat to critical infrastructure. The analysis is derived from hacker manifestos, journalist reporting, and official government documentation. This analysis fills a gap in current threat models, to better define what skills and methods a determined hacker might employ. This paper also identifies seven essential mitigations which can be deployed by critical infrastructure operations and asset owners, to prevent such intrusions by hacktivists. We are in the process of contributing this threat actor into the MITRE ATT&CK knowledge base.
Original languageEnglish
Title of host publication2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA): Proceedings
Publisher IEEE
Number of pages7
DOIs
Publication statusPublished - 14 Jul 2020
Event2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) - Dublin, Ireland
Duration: 15 Jun 202019 Jun 2020

Conference

Conference2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
CountryIreland
CityDublin
Period15/06/202019/06/2020

Fingerprint

Dive into the research topics of 'Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the ‘Hacktivist’ Threat to Critical Infrastructure'. Together they form a unique fingerprint.

Cite this