HOW TO STOP APT GROUPS, WITHIN THE CAPABILITIES OF AN INCIDENT RESPONSE ENVIRONMENT

Cyber threats js on the rise. Both in volume and complexity. This is happening when the individual, either as a private or as an employee are getting more and more dependant upon digital soliutons. In cojunction with this growing dependability on digital solutions we observe that large events , such as the pandemic gives us a further backdrop for cyber attacks. The reason for this is that there are primarly two groups threat actors today. Gouvernment founded, and organized crime. The main objective is to see if can use the combination of structured technical data , and unstructured data such as news, blogs or simelar to predict probable targets of cyber attacks.

Advanced Persistent Threat (APT) groups are highly skilled groups that preform cyber-attacks. The motivation varies, but it has often been established ties to states, or organized crime. Protection against APT groups, are mostly reactive, doing analysis based on technical indicators. The goal of the research project is to combine technical data with non-technical data using a mixed method research plan to develop a methodology to predict future targets of APT groups. The Norwegian Digitalization Agency (DigDIR)is a government entity with responsibility to provide infrastructure for over 3000 federal and municipal IT- services, DigDIR we must accept that we are a true and valid target from APT threat actors. The research will be using ongoing projects for testing the methodology. Both related to security operations, and practical incident handling.