Study finds a mathematical link between sociopolitical events and advanced cyberattacks

An interdisciplinary team of researchers from the Universidad Carlos III de Madrid (UC3M) has created a mathematical model which makes it possible to explain, according to different sociopolitical variables, certain advanced cyberattacks that are usually carried out by countries. This is a first step towards the ambitious goal of predicting the occurrence of these cyberattacks.

The cyberattacks analyzed by these researchers are known as Advanced Persistent Threats (known as APTs). "Their complexity indicates that it is [countries] that are behind them," explains one of the study's authors, Lorena González Manzano, lecturer at the Computer Security Lab in UC3M's Computer Science Department. In this research they have analyzed whether there is a relationship between cyberattacks and certain strategic, economic and military events.

Although there was some attribution of intention of these APTs, until now there wasn't a mathematical link that would allow these attacks to be modeled. However, this work led by lecturer González and published in the Security and Communication Networks journal indicates that it is possible to establish this link.

"The model is based on information published by the media and other economic indicators to explain the occurrence of APTs," says another of the study's authors, lecturer José María de Fuentes, from the same UC3M research group. The motivations for these cyberattacks are very varied. "They are much more sophisticated than those that can affect normal users. They are usually aimed at intellectual property theft or espionage," says Lorena González Manzano.

This research opens the door to future lines of work, such as "the prediction of cyberattacks through the observation of other variables which have nothing to do with the cyber world," according to de Fuentes. "For example, in some cases the data on the level of exports (such as mobile phones) is useful to determine if a cyber attack is likely to occur in a given country," adds lecturer González Manzano.

This work is interdisciplinary in nature and integrates "geopolitical factors (to understand the relationship between countries) with data on cyberattacks and combines all of this with a mathematical perspective," explain the researchers.