As cyber threats continue to grow and resources are limited, organisations need to find ways to evaluate their resilience efficiently and take proactive measures against an attack from a specific adversary before it occurs. Threat modelling is an excellent method of assessing the resilience of ICT systems, forming Attack (Defense) Graphs (ADGs) that illustrates an adversary's attack vectors, allowing analysts to identify weaknesses in the systems.
Cyber Threat Intelligence (CTI) is information that helps us understand the current cyber threats we are facing, but have little integration with ADGs. This thesis attempts to resolve that by evaluating how CTI feeds of known Threat Actors can be used to enrich Attack (Defense) Graphs in a threat modelling tool securiCAD. The purpose of this is to allow security administrators to take proactive measures and strengthen their ICT systems against current methods used by any Threat Actor that is believed to pose a threat to them. This is also a part of a larger EU project SOCCRATES, to which this thesis is a part of.
This resulted in a tool that generates an Attacker Profile, which is based on a Threat Actor's capabilities and techniques. Techniques are methods for accomplishing specific attack steps. The Attacker Profile is then integrated with securiCAD to tweak the underlying parameters of securiCAD's attack steps to asses the security of a model with respect to the specified adversary.
In securiCAD, simulations run against a model of the infrastructure with a sequence of attack steps, determined by probability, to form possible attack vectors by the attacker. We saw evidence that the generated Attacker Profile accurately represented the Threat Actor's commonly used Tactics, Techniques and Procedures (TTPs) and adjusted the attack vectors accordingly when running the simulation. A proof of concept of integrating CTI feeds with threat modelling was thereby established, helping security analysts asses weaknesses in the systems if they were to be attacked by a specific Threat Actor.