Investigating Advanced Persistent Threat Tactics in Cloud Environments: A Forensic Study of AWS CloudTrail Log Data

The focus of this study is to identify and reduce Advanced Persistent Threats (APTs) in the cloud environment of Amazon Web Services (AWS). Popular security frameworks like MITRE ATT&CK, Cyber-Kill Chain and Pyramid of Pain were employed to improve effectiveness of forensic investigation in cloud environments. Tactics, techniques and procedures (TTPs) using Cloud Trail log data were analyzed in order to discover the efficiency of these frameworks in attack patterns identification. Findings from the study reveals that logs are crucial for identifying attack trends such as lateral movement, exfiltration of data, escalation of privileges in order to help improve understanding and analysis of APT activities in AWS environment, and the integration of frameworks such as MITRE ATT & CK, Cyber-Kill Pains and Pyramid of Pain provides strategies that are proactive to quelling advanced cyber adversaries