Threat actor oriented strategy: knowing your enemy to better defend, detect and respond to cyber-attacks

Stephen McCombie

Research output: Contribution to journalArticlepeer-review


The frequency of cyber-attacks and their varied nature has grown exponentially over the last thirty years. What was once the sole domain of juvenile hackers trying to demonstrate their skills is now shared with organised crime, state sponsored information warriors, cyber activists and others. Being able to identify an attacker is key to defending against that attacker, whether they are within reach of prosecution or not. This paper suggests a new approach to cyber-attack attribution, which combines both technical and analytical features. Technical attribution involves examining artefacts discovered from investigation of the attack for indicators of origin. Analytical attribution involves such things as understanding the victim, the motive and the likely threat actor who would benefit as a result of the attack; then examining the capabilities and modus operandi of the likely threat actor and other surrounding data. By combining these approaches, defenders can then effectively establish attribution. With this attribution, defenders can better plan their cyber security posture and intelligently defend organisations from threats based on defined attack scenarios rather than adopt generic cyber defences.
Original languageEnglish
Pages (from-to)24-41
Number of pages18
JournalJournal of the Australian Institute of Professional Intelligence Officers
Issue number1
Publication statusPublished - 2018


Dive into the research topics of 'Threat actor oriented strategy: knowing your enemy to better defend, detect and respond to cyber-attacks'. Together they form a unique fingerprint.

Cite this