IRIS Institutional Research Information System - OPENBS Open Archive UniBS

This paper examines the Uber data breach of September 2022, where the Lapsus$ group exploited multi-factor authentication (MFA) fatigue to compromise contractor credentials. The attackers gained access to internal systems, demonstrating the sophistication and persistence of modern Advanced Persistent Threats (APTs). Using the ACRE framework, which focuses on later stages of the cyber kill chain, we highlight how effective Cyber Threat Intelligence (CTI) can systematically detect and analyse such attacks. The ACRE framework provides tools to collect, process, and analyse threat data, enabling organisations to identify APT activity and mitigate risks proactively. By applying ACRE to the Uber breach, this study demonstrates its capacity to uncover critical intelligence and improve defensive strategies. The case underscores the importance of intelligence-driven approaches in addressing the complexities of contemporary cyber threats and enhancing organisational resilience.

Towards Cyber Resilience against APTs

Gaudenzi A.;Nodari L.;Cerutti F.
2025-01-01

Abstract

This paper examines the Uber data breach of September 2022, where the Lapsus$ group exploited multi-factor authentication (MFA) fatigue to compromise contractor credentials. The attackers gained access to internal systems, demonstrating the sophistication and persistence of modern Advanced Persistent Threats (APTs). Using the ACRE framework, which focuses on later stages of the cyber kill chain, we highlight how effective Cyber Threat Intelligence (CTI) can systematically detect and analyse such attacks. The ACRE framework provides tools to collect, process, and analyse threat data, enabling organisations to identify APT activity and mitigate risks proactively. By applying ACRE to the Uber breach, this study demonstrates its capacity to uncover critical intelligence and improve defensive strategies. The case underscores the importance of intelligence-driven approaches in addressing the complexities of contemporary cyber threats and enhancing organisational resilience.
2025
CEUR Workshop Proceedings
MIUR (compresi PRIN FIRB,FISR)
2-s2.0-105005826413
Inglese
2025 Joint National Conference on Cybersecurity, ITASEC and SERICS 2025
2025
Alma Mater Studiorum University, ita
3962
CEUR-WS
Attack modelling; Neuro-symbolic machine learning; Threat intelligence
Not applicable
restricted
Gaudenzi, A.; Nodari, L.; Valentim, R.; Giordano, D.; Drago, I.; Russo, A.; Cerutti, F.
273
info:eu-repo/semantics/conferenceObject
7
4 Contributo in Atti di Convegno (Proceeding)::4.1 Contributo in Atti di convegno
4.1 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
ITASEC25___ACRE.pdf

solo utenti autorizzati

Licenza: Non specificato
Dimensione 750.62 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
750.62 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11379/639507
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact