Due to the blooming of Industrial 4.0 such as internet of things (IoT), cloud computing, industrial IoT (IIoT), and artificial intelligence (AI), with their innovative ideas and opportunities, the cyber attacker's modus operandi against the cyber defense triage is incredible. The genre of advanced persistent threat (APT) actors/group are equipped with sophisticated and substantial resources of tools, techniques, and procedure (TTP) at a breakneck pace. The IoT gadgets such as sensors, intelligent devices, and various rapidly emerging resources with energy, memory, and processing power are exponentially prone to multiple vulnerabilities. The nature of IIoT prompts heterogenous and rapid changes ranging the vulnerabilities from simple to complex attacks. APT menace follows the covert TTPs to target the asset of any organization like the government, military, or financial industry.
TopBackground
In order to categorize the identity of attackers, in 2006 APT Phrase is framed by U.S. Airforce Analysts. The characteristics of an APT attackers are well skilled and persistent, equipped with sophisticated resources and targeted. The APT attackers launch an attack in multi stages. The APT is multi stage model. Quintero-Bonilla .et.al,2020 says, that the APT life cycle model consists of three-stages with Initial compromise (IC), Lateral movement, command &control(C2C), intrusion kill chain (IKC) is a four-stage model Information Collection, Intrusion phase, Lateral expansion, Information theft phase, 4 Stages Initial Compromise, C&C, Lateral movement, Attack achievement. This model called attack chain which comprises five Stages such as Reconnaissance, Incursion, Discovery, Capture, Ex-filtration. 5 Stages Delivery, Exploit, Installation, C&C, Actions. Attackers once after run a malware and exploit the zero -day vulnerability, access the network through the compromised computer to achieve the default goals. This life cycle based on the intrusion kill chain model which consists of 6Stages like Reconnaissance, weaponization, Delivery, Initial intrusion, C&C, Lateral movement, Data ex-filtration. The Lockheed Martin company designed a life cycle called cyber kill chain CKC, to understand the attackers TTP, they proposed 7 Stages Research, Preparation, Intrusion, conquering network, hiding presence, gathering data, Maintaining access. (Formerly Mandiant) the FireEye, after done penetrated testing of the APT1 campaign, it concluded with 8 Stages Initial recons, Initial, compromise, establish foothold, Escalate, privileges, Internal recon, move laterally, Maintain presence, Complete mission. The ATT and CK Focuses on the tactics based on the cyber threat actor who wants to accomplishes strategic goal and it classifies into 11 Stages such as Initial access, Persistence, Privilege Escalation, Discovery, Lateral movement, Collection, Exfiltration Stages executed in parallel: Execution, Defence evasion, Credential access, and Command &Control.
Figure 1. A survey from 2018 to 2021 of cyber threats Challenges on IIoT