Pengembangan Skenario Serangan Siber untuk Pelatihan Tim Tanggap Insiden Siber Pemerintah Daerah Menggunakan Framework MITRE ATT&CK dan Cyber Kill Chain
DOI:
https://doi.org/10.52436/1.jpti.715Kata Kunci:
Malware Stealer, Pencurian Kredensial, Pelatihan Keamanan Siber, Phishing, Skenario Serangan Siber, Tim Tanggap Insiden Siber (TTIS)Abstrak
Keamanan siber menjadi tantangan utama bagi organisasi dalam menghadapi ancaman seperti phishing, malware, dan eksploitasi kerentanan. Penelitian ini mengembangkan dan memvalidasi skenario serangan siber untuk meningkatkan kesiapan Tim Tanggap Insiden Siber (TTIS) di pemerintah daerah. Skenario yang dikembangkan mencakup pencurian kredensial melalui phishing dan malware stealer, serta eksploitasi kerentanan aplikasi web untuk menyisipkan situs judi online ilegal. Penyusunan skenario menggunakan framework MITRE ATT&CK dan metodologi Cyber Kill Chain guna memetakan teknik serangan secara sistematis. Validasi dilakukan melalui expert judgement oleh pakar keamanan siber untuk menilai realisme dan relevansi skenario terhadap ancaman nyata. Hasil validasi menunjukkan bahwa skenario ini sesuai dengan ancaman terkini dan mencerminkan celah keamanan yang sering dimanfaatkan oleh penyerang. Evaluasi skenario menunjukkan bahwa latihan berbasis serangan nyata meningkatkan deteksi insiden serta efektivitas respons tim. Penelitian ini berkontribusi dalam penyempurnaan metode pelatihan keamanan siber di sektor publik dengan menyediakan skenario berbasis ancaman yang kontekstual. Hasil penelitian dapat digunakan untuk meningkatkan strategi pelatihan dan optimalisasi alat pendukung. Penelitian selanjutnya dapat mengembangkan skenario serangan tambahan, seperti ransomware dan Advanced Persistent Threats (APT), serta mengintegrasikan teknik deteksi otomatis guna meningkatkan kesiapan TTIS.
Unduhan
Referensi
Presiden Republik Indonesia, ‘Peraturan Presiden Republik Indonesia Nomor 95 Tahun 2018 tentang Sistem Pemerintahan Berbasis Elektronik’, 2018.
N. Wahyuni, ‘Implementasi Kebijakan Pemerintah Daerah Tentang Sistem Pemerintahan Berbasis Elektronik’, Musamus Journal of Public Administration, vol. 5, no. 2, pp. 385–396, 2023, doi: 10.35724/mjpa.v5i2.5097.
Badan Siber dan Sandi Negara, ‘Lanskap Keamanan Siber Indonesia 2024’, pp. 1–107, 2025.
M. Azhar, ‘BSSN luncurkan tim tanggap insiden siber (CSIRT) pemerintah daerah’. Accessed: Jan. 26, 2025. [Online]. Available: https://govinsider.asia/indo-en/article/bssn-luncurkan-tim-tanggap-insiden-siber-csirt-pemerintah-daerah
M. Bumbungan, M. Yuniar, and B. P.P., ‘PERAN CSIRT: STRATEGI EFEKTIF PENCEGAHAN DAN PENANGANAN INSIDEN KEAMANAN SIBER’, 2024.
D. Fajriyani, A. Fauzi, M. Devi Kurniawati, A. Yudo Prakoso Dewo, A. Fahri Baihaqi, and Z. Nasution, ‘Tantangan Kompetensi SDM dalam Menghadapi Era Digital (Literatur Review)’, Jurnal Ekonomi Manajemen Sistem Informasi, vol. 4, no. 6, pp. 1004–1013, 2023, doi: 10.31933/jemsi.v4i6.1631.
N. D. K. Salwa, ‘Tantangan & Hambatan Besar yang Dihadapi CSIRT-BSSN Indonesia’. Accessed: Jan. 26, 2025. [Online]. Available: https://csirt.or.id/pengetahuan-dasar/tantangan-csirt-bssn
P. Prabaswari, M. Alfikri, and I. Ahmad, ‘Evaluasi Implementasi Kebijakan Pembentukan Tim Tanggap Insiden Siber pada Sektor Pemerintah’, Matra Pembaruan, vol. 6, no. 1, pp. 1–14, 2022, doi: 10.21787/mp.6.1.2022.1-14.
G. N. Angafor, I. Yevseyeva, and L. Maglaras, ‘Scenario-based incident response training: lessons learnt from conducting an experiential learning virtual incident response tabletop exercise’, Information and Computer Security, vol. 31, no. 4, pp. 404–426, Oct. 2023, doi: 10.1108/ICS-05-2022-0085/FULL/XML.
G. N. Angafor, I. Yevseyeva, and Y. He, ‘Game-based learning: A review of tabletop exercises for cybersecurity incident response training’, SECURITY AND PRIVACY, vol. 3, no. 6, p. e126, Nov. 2020, doi: https://doi.org/10.1002/spy2.126.
Jason Kick, ‘Cyber Exercise Playbook’.
S. Yeom, D. Shin, and D. Shin, ‘Scenario-based cyber attack·defense education system on virtual machines integrated by web technologies for protection of multimedia contents in a network’, Multimed Tools Appl, vol. 80, no. 26, pp. 34085–34101, 2021, doi: 10.1007/s11042-019-08583-0.
B. Alothman, A. Alhajraf, R. Alajmi, R. Al Farraj, N. Alshareef, and M. Khan, ‘Developing a Cyber Incident Exercises Model to Educate Security Teams’, Electronics 2022, Vol. 11, Page 1575, vol. 11, no. 10, p. 1575, May 2022, doi: 10.3390/ELECTRONICS11101575.
M. F. Safitra, M. Lubis, and H. Fakhrurroja, ‘Counterattacking Cyber Threats: A Framework for the Future of Cybersecurity’, Sustainability 2023, Vol. 15, Page 13369, vol. 15, no. 18, p. 13369, Sep. 2023, doi: 10.3390/SU151813369.
A. O’Neill, S. B. Maynard, A. Ahmad, and J. Filippou, ‘Cybersecurity Incident Response in Organisations: A Meta-level Framework for Scenario-based Training’, ACIS 2022 - Australasian Conference on Information Systems, Proceedings, Aug. 2021, Accessed: Jan. 25, 2025. [Online]. Available: https://arxiv.org/abs/2108.04996v1
M. E. Adideswar, ‘Bersiap Menghadapi Insiden Siber: Table Top Exercise (TTX) | 2023 - 1st CDEF Magazine’. Accessed: Jan. 25, 2025. [Online]. Available: https://cdef.gitbook.io/2023-1st-cdef-magazine/cyber-horizon/bersiap-menghadapi-insiden-siber-table-top-exercise-ttx
European Network and Information Security Agency (ENISA), ‘Good Practice Guide for Incident Management’, Management, p. 110, 2010.
E. ?eker, ‘The Concept of Cyber Defence Exercises (CDX): Planning, Execution, Evaluation’, May 2019, Accessed: Jan. 25, 2025. [Online]. Available: https://arxiv.org/abs/1906.03184v1
IBM, ‘X-Force Cyber Range’. Accessed: Jan. 25, 2025. [Online]. Available: https://www.ibm.com/id-id/services/xforce-cyber-range
M. M. Yamin, B. Katt, and V. Gkioulos, ‘Cyber ranges and security testbeds: Scenarios, functions, tools and architecture’, Comput Secur, vol. 88, p. 101636, 2020, doi: https://doi.org/10.1016/j.cose.2019.101636.
NICE Community, ‘The Cyber Range?: A GuideDocument for the Use Cases, Features, and Types of Cyber Ranges in Cybersecurity Education, Certification, and Training’, no. September, pp. 1–15, 2023.
G. Langner, F. Skopik, S. Furnell, and G. Quirchmayr, ‘A Tailored Model for Cyber Security Education Utilizing a Cyber Range’, International Conference on Information Systems Security and Privacy, no. Icissp, pp. 365–377, 2022, doi: 10.5220/0010834000003120.
I. Late? and C. Boja, ‘Cyber Range as a Competency Based Education Instrument in Cyber Security’, no. October, 2022, doi: 10.24818/basiq/2022/08/093.
M. Glas, M. Vielberth, and G. Pernul, ‘Train as you Fight: Evaluating Authentic Cybersecurity Training in Cyber Ranges’, Conference on Human Factors in Computing Systems - Proceedings, p. 19, Apr. 2023, doi: 10.1145/3544548.3581046/SUPPL_FILE/3544548.3581046-VIDEO-FIGURE.MP4.
NIST, ‘Computer Security Incident Handling Guide - NIST SP 800-61 Rev 2’, Aug. 2012, doi: 10.6028/NIST.SP.800-61R2.
Cyber and Infrastrucuter Security Centre, ‘Enhanced Cyber Security Obligations - Cyber Security Exercise’, 2018.
European Network and Information Security Agency (ENISA), NCSS Good Practice Guide – Designing and Implementing National Cyber Security Strategies. European Network and Information Security Agency, 2016. doi: doi/10.2824/48036.
MITRE Corporation, ‘MITRE ATT&CK’. Accessed: Jan. 26, 2025. [Online]. Available: https://attack.mitre.org/
Lockheed Martin, ‘Cyber Kill Chain’. Accessed: Jan. 26, 2025. [Online]. Available: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Insikt Group, ‘H1 2024 Malware & Vulnerability Trends Report: Zero-Day Exploits, Infostealers, and Emerging Malware Threats’. Accessed: Jan. 25, 2025. [Online]. Available: https://www.recordedfuture.com/research/h1-2024-malware-and-vulnerability-trends-report
A. Yesidora, ‘BSSN: 3.908 Situs Pemerintah Disisipi Situs Judi Online Sepanjang 2024 - Fintech Katadata.co.id’. Accessed: Jan. 25, 2025. [Online]. Available: https://katadata.co.id/digital/fintech/6791047e2552e/bssn-3908-situs-pemerintah-disisipi-situs-judi-online-sepanjang-2024
I. Yudhianto and C. Safitri, ‘Simple, Fast, and Accurate Cybercrime Detection on E-Government with Elastic Stack SIEM’, JEPIN (Jurnal Edukasi dan Penelitian Informatika), vol. 9, no. 2, pp. 263–276, Aug. 2023, doi: 10.26418/JP.V9I2.64213.
N. Chowdhury and V. Gkioulos, ‘Cyber security training for critical infrastructure protection: A literature review’, Comput Sci Rev, vol. 40, p. 100361, May 2021, doi: 10.1016/j.cosrev.2021.100361.
F. Y. Loumachi, M. C. Ghanem, and M. A. Ferrag, ‘GenDFIR: Advancing Cyber Incident Timeline Analysis Through Retrieval Augmented Generation and Large Language Models’, Sep. 2024.
A. P. Diman and T. K. Abdul Rahman, ‘Understanding the Root Cause of Cybersecurity Incidents Through DuPont’s Dirty Dozen Framework’, International Journal of Business and Technology Management; Vol 6 No 3 (2024): Sep 2024, Sep. 2024.
F. Y. Loumachi, M. C. Ghanem, and M. A. Ferrag, ‘Advancing Cyber Incident Timeline Analysis Through Retrieval-Augmented Generation and Large Language Models’, Computers 2025, Vol. 14, Page 67, vol. 14, no. 2, p. 67, Feb. 2025, doi: 10.3390/COMPUTERS14020067.
D. Kim, S. Jeon, K. Kim, J. Kang, S. Lee, and J. T. Seo, ‘Guide to developing case-based attack scenarios and establishing defense strategies for cybersecurity exercise in ICS environment’, Journal of Supercomputing, vol. 80, no. 15, pp. 21642–21675, Oct. 2024, doi: 10.1007/S11227-024-06273-9/TABLES/5.
C. Leite, J. Hartog, D. dos Santos, and E. Costante, ‘Actionable Cyber Threat Intelligence for Automated Incident Response’, 2023, pp. 368–385. doi: 10.1007/978-3-031-22295-5_20.
