Critical Analysis and Countermeasures Tactics,

Techniques and Procedures (TTPs) that targeting

civilians: A case study On Pegasus
1st
Osama Hussien 2nd Usman Butt 2nd RejwanBin Sulaiman
Northumbria University Northumbria University Northumbria University
Department of Computer Science and Department of Computer Science and Department of Computer Science and
Engineering Engineering Engineering
London, UK London, UK London, UK
ossama.akram@northumbria.ac.uk usman.butt@northumbria.ac.uk rejwan.binsulaiman@gmail.com

Abstract— Individuals, businesses, and governments all face spyware attack, including cybercriminal tactics and
additional difficulties because of the rise of sophisticated vulnerabilities, and briefly mention other common attacks in
cyberattack attacks. This paper investigates the targeting of this research paper. In a comprehensive manner, the author
journalists and activists by the malware Pegasus. To gain a deeper will ultimately provide an extensive overview of crucial
understanding of the tactics utilized by cybercriminals and the tactics and techniques that both individuals and organizations
vulnerabilities that facilitate their scope, this research looks on can effectively utilize to safeguard themselves from the
numerous occurrences and identifies recurring patterns in the constantly changing and advancing danger of cyber-attacks.
strategies, methods, and practices employed. In this paper, a
comprehensive analysis is conducted on the far-reaching The selection of the Pegasus attacks and techniques was to
consequences of these attacks for cybersecurity policy, provide a broad overview of different types of attacks and
encompassing the pressing need for enhanced threat intelligence TTPs in the phishing attacks, while still focusing on the most
sharing mechanisms, the implementation of more resilient incident significant and recent incidents such as Pegasus. The
response protocols, and the allocation of greater financial resources investigation endeavors to enhance the fortification of cyber
towards the advancement of cybersecurity research and safety by scrutinizing occurrences, deliberating on
development initiatives. The research also discusses how Pegasus preventative measures, and comprehending how to safeguard
will affect SCADA systems and critical infrastructure, and it against nascent menaces.
describes some of the most important tactics that businesses may use
to reduce the danger of cyberattacks and safeguard themselves The aim of this paper is to provide an intricate and
against the 21st century's growing threats. The extent of Pegasus exhaustive account of the Pegasus spyware, expounding on its
spyware, which can access various data and communications on extensive and harmful impact on the basic rights of privacy
mobile devices running iOS and Android potentially jeopardise the and civil liberties, which are severely undermined by the
civil rights and privacy of journalists, activists, and political leaders sneaky and covert monitoring of journalists and activists by
throughout the world, was found to be worrying. governments. Additionally, it seeks to emphasize the dangers
and risks of Pegasus spyware, coupled with a thorough
Keywords—Pegasus spyware, Cyberattack tools,
examination of the TACTICS , TECHNIQUES, AND
Cybersecurity policy, SCADA systems, Critical infrastructure,
Privacy and civil liberties, Threat intelligence sharing, Incident
PROCEDURES (TTPs) utilized by cyber offenders to carry
response plans, Cybersecurity research and development, Tactics, out comparable attacks resembling Pegasus. Within the
techniques, and procedures of cybercriminals, Mobile device contents of this manuscript, the central point of interest
security, Journalists and activists as targets, Pegasus vulnerability pertains to the scrutinization and assessment of the
analysis. methodologies utilized in the execution of contemporary and
renowned cyber assaults, accompanied by an all-inclusive
I. INTRODUCTION discourse on the most efficacious tactics and precautionary
Cyberattacks targeting major businesses, human right actions that can be enforced to minimize the probability of
advocate and journalists have increased in the past decade [1] forthcoming attacks.
and. [2]. The assaults damaged essential infrastructure, II. LITRETURE REVIEW
damaged finances, and damaged reputations. Attacks are
becoming more frequent and sophisticated due to a multitude A. Section remarks
of variables, such as linked devices, cloud computing, and This section examines recent attacks/techniques using
hackers' use of AI and machine learning. The Pegasus Pegasus. Additionally, it offers a critical evaluation of the
malware, used to covertly access and examine mobile devices nature of these attacks, the methods employed, and the
in the modern day, stands out as one of the most noticeable possible effects on both enterprises and people. The study also
and notable threats. State-sponsored actors and other groups examines potential defences against such attacks, as well as
use this tool to target human rights defenders, journalists, and the analysis and reflections that might be made in response to
activists, causing widespread disruption, making it critical for them.
individuals and organizations to understand the latest hacking
techniques and how to defend against them as the threat
landscape evolves. The author will analyze the Pegasus

XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE

B. Introductionn and History projects. For instance, the Nintendo Switch was vulnerable to
Pegasus is spyware developed by the Israeli occupation this vulnerability since it utilized this WebKit in its native
cyber-arms company NSO Group that can be covertly internet browser, which has been only intended for
installed on mobile phones (and other devices) running most connecting to networks featuring captive portals [9] Due to a
versions of iOS and Android [3]. Pegasus is able to exploit flaw in the JavaScript engine of WebKit, it can be vulnerable
iOS versions up to 14.7, through a zero-click exploit [3], to this attack.
which means that it can infect a device without any user
interaction [3]. Pegasus can access various data and functions The threat actor makes use of the CVE-2016-4657 [8]
on the infected device, such as contacts, messages, photos, flaw to get access on the system memory of Safari in WebKit.
microphone, camera and location [3]. After that, a malware is installed on the target device that
takes advantage of the kernel memory addressing leak caused
by CVE-2016-4655 [10], Apple's approach for deserializing
binary information lacks a size-checking function in one of
the user-provided parameters that represents a 64-bit integer
which allow this malware to proceed. The iOS kernel's
address space configuration randomization option, which
randomly generates the kernel image base through the boot
loader before each boot, can thus be determined by the threat
actor using this vulnerability [11].
To mitigate the Pegasus vulnerability, which allows the
installation of a surveillance tool on the target’s device, the
malware initially deactivates code signing. Code signing
ensures that code is secure and authentic. Disabling code
signing is analogous to a doctor permitting a patient to ingest
any substance, regardless of its safety. Another flaw, CVE-
2016-4656 [12], allows the malware to reallocate previously
freed memory from a string and insert a stack pivot into the
NULL page in order to execute code in a privileged
environment. The vulnerability enables root access by giving
Figure 1 Documentation reveals Pegasus can access various an attacker access to a shell [11].
data from infected devices [4].

One of the most notorious Pegasus spyware deployments

involved the hacking of Amazon founder and Washington
Post owner Jeff Bezos' smartphone. The Saudi Arabian
government reportedly carried out the event as punishment
for the Washington Post's negative coverage of the country,
according to sources [5]. This incident demonstrated the
potential of Pegasus to target influential figures and
compromise their personal and professional data. However,
Bezos was not the only victim of Pegasus. In 2019,
WhatsApp discovered that Pegasus had been used to hack
into the phones of multiple activists and journalists in India
[6]. These attacks raised questions about the role of Pegasus
in suppressing dissent and undermining democracy in India.
Figure 2 Inner working and methodology of Pegasus
Moreover, Pegasus has been implicated in violating the rights
of human rights defenders in Palestine. In July 2021, an
From this section, and according to [18] it was concluded
investigation by Front Line Defenders (FLD), a Dublin-based
that Pegasus contain several key component as described In
human rights group, found that the mobile phones of
figure 2, starting with the Communication module, which is
Palestinian rights defender and lawyer Salah Hammouri and
responsible for sending and receiving data between the device
five others were hacked using Pegasus [7]. This attack was
and the command-and-control server controlled by the
particularly alarming given that Hammouri’s Jerusalem
attacker, the Data Collection Module is responsible for
residency status had already been revoked, raising concerns
harvesting data from various sources on the device, such as
that the spyware was being used to further curtail his human
messages, calls, photos, videos, location, passwords and
rights work [7].
apps, while the Device Control module is responsible for
manipulating the device’s functions, such as turning on or off
C. Methodology the microphone or camera, recording audio or video, deleting
The first Pegasus version dates to 2016 was the CVE- files or apps, finally, the Self Destruction module is
2016-4657 with Apple's WebKit [8], that was referred to be responsible for removing traces of Pegasus spyware from the
an open-source browsing engine, so that 3rd programmers device when instructed by the attacker or when detected by
and sometimes even rivals can incorporate it into their own security software [18].
 target journalists, activists, and opposition politicians in
Figure 3 sums up the details of how the Pegasus uses Zero various countries, raising concerns about privacy and civil
Days vulnerabilities to attack any vulnerable device [18] liberties violations. The report called for greater transparency
from companies like NSO Group, the Israeli company that
developed Pegasus, and for greater regulation of the
surveillance industry to prevent abuses. However, the
Pegasus vulnerability also poses challenges for governments
in regulating and monitoring the development and use of
cyberweapons. While some believe that it is the duty for
governments to safeguard their population from cyber
dangers, some pointing out that the widespread use of
technologies like Pegasus can weaken democracy and may
ultimately be ineffective in the battle against terrorism and
other criminal behaviour [14]. Therefore, when dealing with
cyberweapons like Pegasus, an appropriate approach must be
used that takes into account security issues and human rights
concerns.

Tight rules for the creation and use of those tools are
required in light of the major concerns highlighted by the use
Figure 3 Pegasus exploitation process of Pegasus spyware over the increasingly sophisticated nature
of cyberattacks. The NSO Group has been under controversy
D. General Impact for providing its spyware to nations having an established
The Pegasus vulnerability poses a grave risk to privacy history of violating human rights, and requests for stricter
and civil liberties, as it enables governments and other hostile export controls have increased in recent years which leaded
actors to infiltrate individuals and organizations without their that its on the US Black List now [15], the widespread use of
awareness or consent [13]. The capability to remotely access Pegasus and other advanced spyware highlights the need for
confidential data and communication on a mobile device greater regulation and oversight of the cybersecurity industry
constitutes a severe breach of privacy, as well as a potential to prevent the abuse of these tools by authoritarian regimes
instrument for surveillance and censorship. A major concern and other malicious actors.
regarding the use of Pegasus is that it can be employed to More openness and responsibility in the creation and
target journalists, activists, and other individuals who are application of cyberweapons are required to solve this issues.
opposed to government policies or involved in human rights Authorities need to be held accountable for any kind of
work [13]. By tracking their communication and activities, misuses of there authority or invasions of privacy that occur
governments can monitor and intimidate these individuals, as a result of using this technologies and spywares and they
possibly resulting in the silencing of free speech and the should be forced to report how they use them there ought to
limitation of civil liberties [13]. be increased efforts to support and safeguard human rights
7 and privacy, especially the improvement of encryption as
6 well as additional privacy-enhancing technology [16].
5
4 E. SCADA Impact
3
Another serious threat caused by Pegasus is the
2 operational integrity and reliability of SCADA systems and
1 critical infrastructure. By exploiting various vulnerabilities in
0 the system, Pegasus spyware can access and manipulate data,
Qatar
Egypt
Algeria

Israel
UK

Lebanon

Kazakhstan
Poland

Bangladesh
United States

Yemen
Greece

Togo
Rwanda

Tajikstan

commands, sensors, actuators, and other components of

SCADA systems. This could result in loss of control,
malfunctioning, damage, or shutdown of critical processes
and equipment. For example, Pegasus spyware could alter the
pressure or temperature readings of a gas pipeline or a nuclear
reactor, causing leaks or explosions Alternatively, it could
Figure 4 Suspected Pegasus usage intensity in different disrupt the power supply or communication networks of a
company [4] transportation system or a hospital, affecting the safety and
efficiency of these services [17] and with the power of being
The global reach and impact of Pegasus spyware on able to infiltrate devices with zero clicks, it can be
human rights was revealed by a report based on DNS cache catastrophic. It can also cause a significant financial
probing on domain names extracted from command and implication. A cyberattack on these systems could cause direct
control (C&C) servers. The report [4] found that at least 45 costs such as repair expenses, fines, lawsuits, compensation
countries were suspected of having Pegasus infections, claims, or ransom payments [17]. Moreover, it could cause
operated by at least 33 likely NSO customers, including indirect costs such as loss of revenue [17], reputation damage
governments, intelligence agencies, and law enforcement customer dissatisfaction, or competitive disadvantage. For
agencies. The report also noted that Pegasus had been used to instance, Pegasus spyware could steal confidential
information or trade secrets from an industrial company or a guard from such attacks, organisations must make sure they
utility provider [18], giving an advantage to its competitors or adopt strict safety protocols, such as strict access controls,
adversaries. Additionally, Pegasus spyware could expose multi-factor authentication, and frequent security
sensitive data such as personal information, financial records assessments.
or health records of customers or employees of these systems
leading to identity theft or fraud [18].
Researchers at [19] highlights the challenge of zero-day III. TACTICS , TECHNIQUES, AND PROCEDURES, AND COUNTER
vulnerabilities on SCADA Systems that can be exploited by MEASURES
malicious actors before they are patched. A recent example Cybersecurity is a critical concern in today’s digital world,
of such a vulnerability is CVE-2021-30860 [20], which was with cyberattacks becoming increasingly prevalent and
used by Pegasus spyware to infect iOS devices without any sophisticated. Attackers penetrate networks, steal data, and
user interaction. The paper’s analysis and suggestions are create disruption using a range of attack vectors and TTP. It
also relevant and timely for cybersecurity and human rights might be difficult and slow down the process of identifying an
in light of the Pegasus vulnerability and its misuse by attacker’s TTPs to retrieve security data from unstructured
authoritarian governments, the same researcher proposed a material [23]. The problem was addressed by several
simulation and detection framework to protect SCADA researchers using a variety of approaches, including a
systems from ransomware attacks, which can exploit zero- thorough evaluation of various Natural Language Processing
day vulnerabilities like Pegasus [21]. (NLP) and machine learning techniques, most notably a data
processing pipeline that classifies unstructured content into
attackers' tactics and techniques by using a knowledge base of
F. Covid-19 and Hybrik/From Home Work Envirionment adversary TTPs [24], that makes it possible for textual data to
Impact be automatically and promptly extracted in order to extract
According to [17], the high number of Internet of Things crucial security information, supporting efficient threat
(IoT) devices linked to home networks is one of the reasons detection and response.
why they are vulnerable to Pegasus. According to [17], In the One common TTP used by attackers is social engineering
digital age, the average family has 10 IoT gadgets. The more and phishing attacks [25], It entails coercing people into
of the internet of things devices there are, the less difficult it disclosing private information or allowing access to systems.
is for hackers to enter the network by breaking into them. Other TTPs used to obtain unauthorised access to systems and
Additionally, 59.7% of residences had routers that were data include spear-phishing, malware, and brute-force
susceptible to hacker assaults and password changes [18]. To assaults. Attackers also employ strategies like ransomware to
prevent these threats, some governments and organizations encrypt private information and demand payment from their
have strict policies that forbid employees from using their targets. In order to create efficient defences and safeguard
own devices for work purposes [19] [20]. Other security against cyberattacks, it is essential to understand the TTPs
measures include updating cyber hygiene practices, employed by attackers. To protect themselves from these
risks, organisations must develop effective security measures
providing security awareness training, and revising cyber
and keep up with the most recent TTPs.
hygiene rules. However, these precautions may not be enough
to stop advanced attacks like Pegasus [21]. Table 1 types of breaches or attacks in 2022, among the
Researchers at [17] also highlight other challenges and threats organizations [24]
faced by remote workers who are working from home due to
the global pandemic. Although they proposed some robust
Attack Type/Organization Type

Phishing

Impersonation

General Malware

Denial Of Service

Online Banking Attack

Organization Account Takeover

Ransomware

Outsider unauthorized access

Instant Messages
Unauthorized listening to video conference/ or

Insider unauthorized access

protocols for organizations to protect their remote workers
and corporate networks from cyberattacks. However, these
protocols may not be enough to prevent the Pegasus spyware,
which can exploit zero-day vulnerabilities, remote workers
who use their personal devices for work purposes may be at
risk of this spyware and compromise their sensitive data and
networks.

G. Related and Similar attack vectors

This recent attacks has highlighted the importance of
maintaining updated security systems, replacing legacy
systems, regular backups, security awareness training and
Organization

implementing multi-factor authentication to guard against

unauthorized access. This ransomware attack is one of many 83 27 12 10 8 8 4 2 1 1
examples of how cyber threats are on the rise globally. Other
notable examples includes The 2017 Equifax data breach [17]
and the 2016 hack of the DNC [18] are other high-profile
Charities

cyber attacks that have occurred in recent years. State- 87 26 11 2 6 6 4 2 3 1

sponsored cyberattacks are also rising in regularity [19] and
[20]. The governments of China and Russia was charged with
funding cyber espionage against numerous agencies of the
United States and commercial companies [21] and [22]. To
 To defend against these attacks, individuals and security technologies can help mitigate the risk of exploitation
organizations must also implement best practices for of known vulnerabilities. Users must routinely update their
cybersecurity, such as regularly updating software and devices nevertheless, and keep an eye out for any strange
hardware to address vulnerabilities, using strong passwords behaviour and it's important to note that It is crucial for
and limiting access to sensitive information [26]. Security governments and international organisations to control the use
protocols such as firewalls and intrusion detection and of cyberarms like Pegasus and make those responsible who
prevention systems, endpoint protection software, encryption misuse them for nefarious reasons accountable.
technologies and Security Information and Event V. ACKNOWLEDGMENTS
Management (SIEM) tools can be used to aggregate and
analyse security events across the network, providing greater The authors would like to express their gratitude to
visibility into potential threats and help can mitigate any {BLINDED CO-AUTHOR 1} and {BLINDED-CO
AUTHOR 2} for their valuable contributions to this research.
unauthorized access to systems and data [27]. Regular
Their expertise, assistance, and support were instrumental in
security assessments and employee training on recognizing
the successful completion of this study.
and avoiding cyberattacks can also significantly reduce the
risk of successful attacks. VI. CONFLICT OF INTEREST
The authors declare no conflicts of interest related to the
The Pegasus attacks are a prime example of how state- publication of this research article.
sponsored actors can use sophisticated spyware to
compromise the security of mobile devices. Keeping mobile REFERENCES
devices updated with the latest security patches, using strong
passwords, and being cautious of unknown links and
[1] References
attachments are important countermeasures [28].
[1] B. Marczak and J. Scott-Railton, "The Million Dollar Dissident: NSO Group’s iPhone
Common methods used in cyberattacks include phishing, Zero-Days used against a UAE Human Rights Defender," vol. Citizen Lab 24, 2016.
malware, social engineering, and credential stuffing. These [2] Z. A. Sairafi, "Cybersecurity challenges for Human Rights Defenders in Gulf
methods rely on taking advantage of flaws in software, Cooperation Council (GCC) countries," vol. Diss. Central European University, 2022.
[3] M. Agrawal, G. Varshney, S. Kakandwar and K. P. Singh, "Pegasus: Zero-Click
hardware, or human factors to access systems and data which spyware attack -its countermeasures and challenges," no.
are easier to execute with less technical knowledge thanks to 10.13140/RG.2.2.21979.90405, 2022.
the adoption of tools like Metasploit and the Burp suite [29]. [4] B. Marczak, J. Scott-Railton, S. Mckun and R. Deibert, "HIDE AND SEEK Tracking
NSO Group’s Pegasus Spyware to Operations in 45 Countries," no.
Organizations must educate their employees about these 10.13140/RG.2.2.33325.95204, 2018.
techniques and regularly conduct vulnerability assessments [5] R. Albergotti, C. Timberg and J. Greene, "Jeff Bezos's IPhone Had Apple's State-of-
and penetration testing to identify potential weaknesses. the-Art Security, and That May Have Helped Its Alleged Hackers," 2020. [Online].
Available: https://www.washingtonpost.com/technology/2020/01/29/apple-iphone-
bezos-hack/. [Accessed 17 February 2023].
The success of cyber-attacks can be attributed to the [6] H. Pullanoor, "Explained: How Pegasus Is Used to Hack into Phones to Spy on Users,"
2021. [Online]. Available: https://www.ndtv.com/india-news/what-is-pegasus-
existence of unremedied software, feeble passcodes, and spyware-explained-2489195. . [Accessed 17 February 2023].
unguarded hardware susceptibilities. To effectively shield [7] Front Line Defenders, "Press Release - Front Line Defenders Investigation Finds
their networks from looming dangers and ensure the Pegasus Spyware on 6 Palestinian HRD Phones," 2021. [Online]. Available:
https://www.frontlinedefenders.org/en/press-release-front-line-defenders-
safeguarding of confidential data, it is of utmost importance investigation-finds-pegasus-spyware-6-palestinian-hrd-phones. . [Accessed 17
for enterprises to take a pre-emptive approach to security by February 2023].
[8] NIST, "CVE-2016-4657," 2016. [Online]. Available:
enforcing rigorous entry restrictions, carrying out regular https://nvd.nist.gov/vuln/detail/CVE-2016-4657. [Accessed 18 February 2023].
security inspections, and utilizing state-of-the-art security [9] A. Carman, "Nintendo Switch's Secret Browser Has a Flaw That Could Lead to a
mechanisms. The malevolent acts of cyber criminals are a Jailbreak.," 2017. [Online]. Available:
https://www.theverge.com/circuitbreaker/2017/3/14/14921138/nintendo-switch-
formidable menace, therefore it is imperative to undertake exploit-jailbreak-webkit-vulnerability. [Accessed 18 February 2023].
measures to safeguard oneself against them. By embracing a [10] NIST, "CVE-2016-4655," 2016. [Online]. Available:
pre-emptive stance towards cybersecurity and keeping https://nvd.nist.gov/vuln/detail/CVE-2016-4655. [Accessed 18 February 2023].
[11] Jndok, "Analysis and Exploitation of Pegasus Kernel Vulnerabilities (CVE-2016-4655
abreast of the most recent perils, people and institutions can / CVE-2016-4656)," 2016. [Online]. Available:
greatly mitigate the likelihood of succumbing to digital http://jndok.github.io/2016/10/04/pegasus-writeup. [Accessed 19 February 2023].
assaults. [12] NIST, "CVE-2016-4656," 2016. [Online]. Available:
https://nvd.nist.gov/vuln/detail/CVE-2016-4656. [Accessed 19 February 2023].
[13] J. Rudie, Z. Katz, S. Kuhbander and S. Bhunia, "Technical Analysis of the NSO
Group’s Pegasus Spyware," in 2021 International Conference on Computational
IV. CONCLUSION Science and Computational Intelligence (CSCI), 10.1109/CSCI54926.2021.00188,
2021, pp. 747-752.
It is essential to create a comprehensive plan for defending [14] A. Chawla, "Pegasus Spyware – 'A Privacy Killer'," SSRN Electronic Journal, no.
against such threats as the complexity and severity of 10.2139/ssrn.3890657, 2021.
cyberattacks increase in order to effectively reduce the risks [15] C. J. Bennett, "The Privacy Advocates: Resisting the Spread of Surveillance," The MIT
Press, no. http://www.jstor.org/stable/j.ctt5hhfb6, 2008.
involved. Undoubtedly, the appearance of Pegasus is a
[16] D. E. Sanger, N. Perlroth, A. Swanson and R. Bergman, "U.S. Blacklists Israeli Firm
particularly unsettling example of such attacks because it NSO Group over Spyware.," 2021. [Online]. Available:
exploits a variety of vulnerabilities in iOS devices to infect https://www.nytimes.com/2021/11/03/business/nso-group-spyware-blacklist.html.
[Accessed 17 February 2023].
and track its victims without their knowledge or consent. This
[17] J. L. Koepke and D. G. Robinson, "Danger ahead: Risk assessment and the future of
paper emphasizes the importance of understanding the TTPs bail reform," Wash. L. Rev, vol. 93, 2018.
used by attackers, discussing vulnerabilities and [18] D. Pliatsios, P. Sarigiannidis, T. Lagkas and A. G. Sarigiannidis, "A Survey on SCADA
countermeasures to provide valuable insights to organizations Systems: Secure Protocols, Incidents, Threats and Tactics," IEEE Communications
Surveys & Tutorials, vol. 22, no. 10.1109/COMST.2020.2987688, pp. 1942-1976,
and individuals. Implementing best practices such as strong 2020.
passwords, regular security assessments, and advanced
[19] J. Ibarra, U. J. Butt, A. Do, H. Jahankhani and A. Jamal, "Ransomware Impact to [29] K.-K. R. Choo and P. Grabosky, "Cyber crime," Oxford Handbook of Organized Crime,
SCADA Systems and its Scope to Critical Infrastructure," in 2019 IEEE 12th L. Paoli, Oxford University Press, vol. DOI:
International Conference on Global Security, Safety and Sustainability (ICGS3), 10.1093/oxfordhb/9780199730445.013.003, 2013.
10.1109/ICGS3.2019.8688299, 2019, pp. 1-12. [30] W. Banks, "Cyber espionage and electronic surveillance: Beyond the media coverage,"
[20] NIST NVD, "CVE-2021-30860 Detail," 2021. [Online]. Available: Emory LJ 66, vol. 513, 2016.
https://nvd.nist.gov/vuln/detail/CVE-2021-30860. [Accessed 21 March 2023]. [31] E. Iasiello, "China’s three warfares strategy mitigates fallout from cyber espionage
[21] U. J. Butt, M. Abbod, A. Lors, H. Jahankhani, A. Jamal and A. Kumar, "Ransomware activities," Journal of Strategic Security 9, vol. 2, no. 45-69, 2015.
Threat and its Impact on SCADA," in 2019 IEEE 12th International Conference on [32] J. Wiggen, "The impact of COVID-19 on cyber crime and state-sponsored cyber
Global Security, Safety and Sustainability (ICGS3), 10.1109/ICGS3.2019.8688327, activities," Konrad-Adenauer-Stiftung, vol. 391, 2020.
2019, pp. 205-212.
[33] C. Sauerwein, I. Pekaric, M. Felderer and R. Breu, "An analysis and classification of
[22] U. J. Butt, W. Richardson, A. Nouman, H.-M. Agbo, C. Eghan and F. Hashmi, "Cloud public information security data sources used in research and practice," Computers &
and its security impacts on managing a workforce remotely: A reflection to cover security, vol. 82, pp. 140-155, 2019.
remote working challenges," in Advanced Sciences and Technologies for Security
Applications, https://doi.org/10.1007/978-3-030-68534-8_18, 2021. [34] C. Sauerwein and A. Pfohl, "Towards Automated Classification of Attackers' TTPs by
combining NLP with ML Techniques," arXiv preprint arXiv:2207.08478, 2022.
[23] F. Schmidt, "Tapping fiber optics," 30 June 2013. [Online]. Available:
https://www.dw.com/en/tapping-the-worlds-fiber-optic-cables/a-16916476. [Accessed [35] GOV.UK, "Cyber Security Breaches Survey 2022," 2022.
21 March 2023]. [36] K. Arlitsch and A. Edelman, "Staying safe: Cyber security for people and
[24] Avast, "Avast Smart Home: Security Report 2019," February 2019. [Online]. organizations," Journal of Library Administration, vol. 54.1, pp. 46-56, 2014.
Available: [37] G. González-Granadillo, S. González-Zarzosa and R. Diaz, "Security information and
https://cdn2.hubspot.net/hubfs/486579/avast_smart_home_report_feb_2019.pdf. event management (SIEM): analysis, trends, and usage in critical infrastructures,"
[Accessed 21 March 2023]. Sensors, vol. 21.14, no. 4759, 2021.
[25] O. F. N. Statistics, "Coronavirus and homeworking in the UK," Office For National [38] M. Agrawal, G. Varshney, K. P. Singh, Saumya and M. Verma, "Pegasus: Zero-Click
Statistics, 2020. spyware attack – its countermeasures and challenges," 2022.
[26] Bin Sulaiman, R., 2019. Future threats to internet of things (iot) security & privacy: A [39] H. Holm and T. Sommestad, "So long, and thanks for only using readily available
survey. Rejwan, Future Threats to Internet of Things (IoT) Security & Privacy: A scripts," Information & Computer Security, vol. 25, pp. 47-61, 2017.
Survey (December 25, 2019).
[27] N. Daswani and M. Elbayadi, "The Equifax Breach," Big Breaches , vol. 75–95, no.
https://doi.org/10.1007/978-1-4842-6655-7_4, 2021.
[28] C. Lam, "A slap on the wrist: Combatting Russia's cyber attack on the 2016 US
presidential election," BCL Rev. 59, vol. 2167, 2018.