Table of ContentsSummaryIntroductionProgression of Advanced Persistent Threats (APT)Most Famous APT Attacks of the 21st CenturyWhy Should You Use Big Data Analytics in Cybersecurity?Big Data Tools for CybersecurityConclusionSummaryIn 2015 attack on US government office personnel management has been attributed to what is described as an ongoing cyber war between China and the United States. The most recent series of attacks have been discussed using a wide range of codenames, with Deep Panda being the most common attribution. The attack on OPM in May 2015 reportedly compromised more than 4 million U.S. personnel records, with fears that information relating to Secret Service personnel may also have been stolen. And the FBI and various security experts have concluded that it is an advanced persistent threat (APT). Say no to plagiarism. Get a Tailored Essay on “Why Violent Video Games Should Not Be Banned”?Get the original essay Executing an APT attack requires a larger number of assets than a standard web application attack. The culprits are usually groups of experienced cybercriminals with considerable financial backing. Some APT attacks are subsidized by the government and used as digital combat weapons. Traditional security systems may not be able to help control or mitigate the problem. This is where Bigdata analytics comes into play in information security, providing the ability to correlate logging events based on time and user behavior across the entire spectrum of devices and technologies. a company, as well as many other dynamic information and solutions to ensure security.IntroductionCyber ​​Attacks have pushed corporate fraud across the world to an unprecedented level, with information theft unexpectedly overwhelming the distribution of physical resources , as new information indicates. Reported fraud levels have gradually increased since 2012, but 86% of organizations worldwide revealed they experienced at least one digital incident in 2017, according to feedback from Kroll's annual global fraud study. misrepresentations and risks. as nervousness runs high in boardrooms about the hack after several years where Wanna Cry digital attacks focused on a large number of associations around the world, disabling the operations of the UK's National Health Service in American delivery service FedEx. More recently, imperfections found in chips made by Intel, AMD and ARM have sparked new concerns about the companies' vulnerability to attacks. Information risk is now the biggest concern cited by executives who participated in the study, as Equifax's experience has sharpened minds and demonstrated that experts are increasingly responding forcefully. The US credit reporting company is now facing criminal and regulatory investigations on both sides of the Atlantic, after a digital attack led to the burglary of the personal information of as many as 143 million US citizens. Most of those surveyed in the study believed their organization was “deeply or somewhat vulnerable” to information theft; an increase of six rates a year ago. Progression of Advanced Persistent Threats (APT) A successful APT attack can be broken down into three stages: network infiltration, expansion of the attacker's presence, and extraction ofinformation accumulated, all without being identified. Infiltration attempts are routinely invaded through negotiation of one of three attack surfaces: web resources, network resources, or authorized human users. Through malicious exchanges or social construction attacks, risks are constantly under threat from considerable affiliations. Additionally, infiltrators can execute a DDoS attack against their target at any time, serving as both a smokescreen to distract organized labor and a means to weaken security. Once the initialized access, attackers quickly introduce indirect access shell malware that provides network access and enables remote stealth operations. Sidepasses can also come from Trojans masquerading as real programming elements. Expansion Once control is established, attackers attempt to expand their essence within the system. This includes moving up an association's hierarchy, exchanging staff members with access to the most sensitive information. In doing so, they are prepared to gather basic business data, including product offering data, representative information, and budget records. Depending on a definitive attack objective, the information collected may be sold to a competing company, modified to disrupt an organization's product offering, or used to bring down an entire organization. If evil is the thought process, this stage is used to quietly take control of different basic abilities and control them successively in order to cause the most extreme harm. For example, attackers could erase entire databases within an organization and then disrupt organized exchanges to delay the recovery process. Extraction When an APT case is in progress, the stolen data is usually stored in a secure area inside the attacked system. When enough information has been collected, cheaters must separate it without being recognized. Normally, white noise tactics are used to hijack your security group, so that data can be moved surreptitiously. This can appear as a DDoS attack, again tying up network manpower and potentially debilitating site protections to encourage mining. The Most Famous APT Attacks of the 21st Century Titan Rain (2003) In 2003, malicious hackers located in China launched a progression of cyber-attacks against the US government aimed at appropriating sensitive information and secrets and privileged people of the State, in a task nicknamed Titan Rain by American specialists (Thornburgh, 2005). The hackers' focus was on military information and included APT attacks on high-end executives at organizations such as NASA and the FBI. Sykipot Attacks (2006) The Sykipot cyberattacks use vulnerabilities in Adobe Reader and Acrobat and are part of a long-running cyberattack crusade in a series targeting primarily American and British associations, including resistance workers, broadcasting and telecommunications organizations and government offices. GhostNet (2009) GhostNet is the name analysts have provided for a large-scale cyberespionage task. which was first published in 2009. Completed in China, the attacks were successful in trading PCs in over 100 distinct countries, with a focus on penetrating network devices linked to international embassies and servicesgovernments. Stuxnet Worm (2010) Seen as an Opportunity The Stuxnet worm, one of the most advanced malware ever identified, was used in activities against Iran in 2010. Its subtleties showed that state actors exclusive parties could have been involved in its development and deployment. A key difference with Stuxnet is that, unlike most infections, the worm targets frameworks that are not usually associated with the web for security reasons. Instead, it infects Windows machines using USB drives and then proliferates throughout the system, testing Siemens Step7 programming on PCs controlling a PLC (programmable logic controllers). Deep Panda (2015) A recently discovered APT attack influencing the US Government Personnel Office management has been attributed to what is described as an ongoing cyber war between China and the United States (Jeremy, 2015). The most recent series of attacks have used a wide range of codenames, with Deep Panda being the most well-known attribution. The attack on OPM in May 2015 was considered to have resulted in over 4 million personnel records in the United States also possibly having been stolen. Why should you use Bigdata analytics for cybersecurity? The constant increase in the number of successful digital attacks, as well as their unwanted consequences and broad impacts, demonstrate that traditional cybersecurity instruments and practices are not ready to adapt to the complex danger scene due to the reasons that accompany him. progressively and detect advanced persistent threats (APT). To overcome these obstacles, come up with a development display for cybersecurity that energizes the fuse of enormous devices and information advancements. There are hundreds of such tools and technologies and they are well documented in the academic literature. A portion of the unmistakable huge information tools include Hadoop, Spark, Storm, Flume, HBase, Hive, Kafka, Cassandra, and Mahout. It has been suggested that huge information tools and innovations would change the cybersecurity investigation by allowing associations to collect a large amount of data. heterogeneous security-related data from various sources performs in-depth security analyzes in real-time and provides a consolidated view of security-related information. The big data processing framework used in security analytics systems. The preparation structure gives the rules for handling the enormous amount of information. In the reviewed articles, three frameworks are used: Hadoop, Spark and Storm. These frameworks are very popular, as evidenced by their use by well-known organizations such as Yahoo, Google, IBM, Facebook, and Amazon. Big data analysis can be a suitable approach for the detection of APTs. A challenge in APT investigations is the enormous amount of data to sift through for anomalies. Data comes from an ever-increasing range of numerous information sources that must be audited. This enormous volume of information makes the detection task seem like finding a needle in a pile. Due to the amount of information, legacy network perimeter defense systems will become ineffective in law enforcement investigations of targeted attacks and will not be able to scale with the growing size of organizational networks. As a result, a completely new approach is needed. Many companies collect information about user and host activities within the organization's network, as recorded by firewalls, Internet proxies,..