Destructive Malwares on MITRE ATT&CK Tactics for Cyber Warfare: A Brief Survey and Analysis

Most types of malware are spy-on that seek to collect and steal sensitive information by infecting target systems. However, some malware, such as Stuxnet that was the alleged creation of a state-level sponsored attack in 2010, has been used for cyber warfare. Particularly, malware taking aim at an opposing nation does not just serve for espionage, but actually shuts up and sabotages an enemy's critical infrastructure, the real-world examples of which are Saudi Aramco hacking in 2012 and Ukraine's power outage in 2015. Critical infrastructure of a nation, which is vital as it provides crucial services, requires a set of robust security measures in place, but is often left lacking security in terms of equipment deployed, workforce and expertise. To protect critical infrastructure from malicious actors during times of conflict, there must be manpower capable of monitoring, analyzing and responding to internal and external threats, with consistent security posture against ever-changing cyber threats. As a means of ensuring staying cyber-secure, the MITRE ATT&CK framework is a best-practice tool to understand techniques and trends used in previous cyberattacks. This paper takes a look into the framework, to investigate and categorize what tactics and techniques have been used by key types of malware amidst cyber warfare.