Abstract

The cyber-threat landscape is becoming more dynamic ensuring cyberattacks will be increasingly more difficult to attribute. Previous studies explored cultural drivers of cyberattacks. This study focuses on an individual or group and the behaviors exhibited through cyberattack actions. Forensic psychology shows that a multidimensional scaling process known as Smallest Space Analysis can provide a visual representation of the co-occurrence of behaviors based on actions taken by a criminal. The question becomes; is it possible to use this forensic process to identify behaviors of cyberattack actions? Using the VERIS Community Database and the NSA/CSS Technical Cyber Threat Framework, this study attempted to identify human behavior from data-theft actions. Using Jaishankar’s (2007) Space Transition theory which posits that criminal behavior in physical space transition to digital space, allows burglary behavior to transition to data-theft behaviors. Further, leveraging burglary behavior identified by Fox and Farrington. The results were mixed, cyberattack actions formed clear structures within the SSA space and facets were readily defined. However, the behavioral sub-types appeared throughout the SSA space and did not conform to definable regions. The lack of empirical data to align cognitive behaviors to cyberattack actions implies that this method may still have merit but requires more research concerning action-to-behavior.