CySec members contribute to RAID 2024
The International Symposium on Research in Attacks, Intrusions, and Defenses (RAID) brings together leading researchers and practitioners from academia, government, and industry to discuss cutting-edge research in computer and information security. RAID 2024 took place in Padua, Italy, from September 30 to October 2, 2024. Martina Lindorfer, Aakanksha Saha, Carlotta Tagliaro, and Martina Komsic contributed to two presentations at the event.
Aakanksha Saha presented her research, “ADAPT it! Automating APT Campaign and Group Attribution by Leveraging and Linking Heterogeneous Files,” co-authored with Jorge Blasco, Lorenzo Cavallaro, and Martina Lindorfer. The study addresses the growing complexity of Advanced Persistent Threats (APTs), which have increasingly challenged cybersecurity efforts across industries, governments, and democratic institutions. The rise in the number of actors and the sophistication of their campaigns has made tracking and attributing APTs more difficult. Traditional methods relying on threat intelligence often lead to fragmented information, delays in connecting campaigns with specific threat groups, and misattribution.
In response to these challenges, Saha introduced ADAPT, a machine learning-based approach that automates APT attribution at two levels: the campaign level, to identify samples with similar objectives, and the group level, to identify samples operated by the same entity. ADAPT supports various heterogeneous file types, including executables and documents, and links them through shared features to find connections. Evaluated on datasets from MITRE and 6,134 APT samples from 92 threat groups, ADAPT proved highly effective in clustering and attribution, significantly improving the ability to track APTs. Through real-world case studies, ADAPT demonstrated its capability to effectively identify clusters representing threat campaigns and associate them with their respective groups, marking a major advancement in automating APT attribution.
Carlotta Tagliaro presented a study on “Large-Scale Security Analysis of Real-World Backend Deployments Speaking IoT-Focused Protocols.” The research was conducted with Martina Komsic, Andrea Continella, Kevin Borgolte, and Martina Lindorfer. The team performed a large-scale analysis of three widely-used IoT protocols — MQTT, CoAP, and XMPP. They compiled a dataset of over 337,000 backend deployments, augmented with geographical and provider data, and carried out non-invasive active measurements to assess three major security threats: information leakage, weak authentication, and denial-of-service attacks.
The study revealed significant immaturity in IoT backend security. Among the key insights, the researchers discovered that 9.44% of backends expose sensitive information, 30.38% of CoAP-speaking backends are vulnerable to denial-of-service attacks, and an alarming 99.84% of MQTT and XMPP backends use insecure transport protocols, with only 0.16% adopting TLS (of which 70.93% implement a vulnerable version).