Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems

Zimba, Aaron; Wang, Zhaoshun; Chen, Hongsong

doi:10.1016/j.icte.2017.12.007

Cited by 65 publications

(26 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To compensate for this, the DIVDS currently provides vulnerability evaluation for known security vulnerabilities that exist inside Docker images that are not provided in existing Docker environments. However, for the IVD module, there is a disadvantage that the DIVDS are based on Clair that performs static analysis, making it difficult to detect anomalies [12], [13] that may occur during a container execution. To secure the disadvantages of the current DIVDS, the application of dynamic analysis techniques to detect anomalies [4], [14]- [17] that may occur during container execution is necessary.…”

Section: Discussionmentioning

confidence: 99%

“…2) Upon receiving requests from the IVD module, the corresponding vulnerability reporting site provides vulnerable software package metadata to the IVD module 3) The client requests the Docker image from Docker image repository through 'docker pull image' command 4) Docker engine, which receives the 'docker pull' command through the Docker cli, requests for the Docker image download from Docker image repository 5) Docker image repository provides the requested Docker image by the client to the Docker engine 6) Client who downloads the Docker image from Docker image repository loads Docker image into the DIVDS to diagnose vulnerability in the Docker image 7) For the Docker image loaded from Step (6), the IVD module of the DIVDS extracts the software package metadata, OS metadata, and the metadata defined in Table 1 (image_metadata) installed in the Docker image 8) The IVD module detects vulnerable software package installed in the Docker image by comparing the vulnerable software package metadata (IVD_metadata) with the metadata of the Docker image extracted in Step (7) 9) The IVD module outputs the vulnerable software package information existing in the Docker image (O) through the comparison process performed in Step (8) 10) The IVD module loads the Docker image vulnerability information output (O) in Step (9) into the IVE module for Docker image vulnerability evaluation 11) The IVE module extracts and counts the number of CVE severities (severity_num), one of the values required for the Docker image vulnerability evaluation, from the Docker image vulnerability result (O) received from the IVD module in Step (10) 12) The IVE module calculates the Docker image vulnerability score (image score ) using the number of CVE severities (severity_num) extracted in Step (11) and the severity weight defined in Table 4 (severity_weight) 13) The IVE module compares the Docker image vulnerability score (image score ) calculated in Step (12) with the Docker image vulnerability threshold score (θ ) defined in the IVE module 14) The IVE module outputs the Docker image vulnerability evaluation result (K ), which is the result of comparison between the Docker image vulnerability score (image score ) and Docker image vulnerability threshold score (θ) performed in Step (13) 15) The IVE module provides the Docker image vulnerability evaluation result (K ) from…”

Section: Overview Of the Divdsmentioning

confidence: 99%

See 1 more Smart Citation

DIVDS: Docker Image Vulnerability Diagnostic System

Kwon

Lee

2020

IEEE Access

View full text Add to dashboard Cite

Since the development of Docker in 2013, container utilization projects have emerged in various fields. Docker has the advantage of being able to quickly share application build environments among developers through container technology, but it does not provide security guarantees for known security vulnerabilities inside Docker images. Since the Docker images are shared without a means of security vulnerability diagnostic, polluted Docker images can be distributed so that the Docker-based application build environments can be easily collapsed. In this paper, we introduce a Docker Image Vulnerability Diagnostic System (DIVDS) for a reliable Docker environment. The proposed DIVDS diagnoses Docker images when uploading or downloading the Docker images from a Docker image repository. INDEX TERMS Container, Docker image security, Docker image vulnerability evaluation.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Overview Of the Divdsmentioning

confidence: 99%

DIVDS: Docker Image Vulnerability Diagnostic System

Kwon

Lee

2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Some of the research works were interested in finding the network behavior of ransomware. Zimba et al [21] studied the emerging cyber threat to crucial infrastructure and magnify the network segmentation approach, prioritize the security of production network devices and limiting ransomware propagation. By applying reverse engineering on WannaCry ransomware and perform source code analysis they uncover the employed techniques to discover vulnerable nodes.…”

Section: Network Behaviormentioning

confidence: 99%

Ransomware Prevention and Mitigation Techniques

Alshaikh¹,

Ramadan²,

Ahmed³

2020

IJCA

View full text Add to dashboard Cite

Ransomware is a malware family that using security techniques such as cryptography to hijacking user files and associated resources and requests cryptocurrency in exchange for the locked data. There is no limit to who can be targeted by ransomware since it can be transmitted over the internet. Like traditional malware, ransomware may enter the system utilizing "social engineering, malware advertising, spam emails, take advantage of vulnerabilities, drive-by downloads or through open ports or by utilizing back doors". But in contrast to traditional malware, even after removal, ransomware influence is irreparable and tough to alleviate its impact without its creator assistance. This kind of attack has a straightforward financial implication, which is fueled by encryption technology, cyber currency. Therefore, ransomware has turned into a profitable business that has obtained rising popularity between attackers. As stated by "Cybersecurity Ventures", ransomware is the quickest increasing type of cybercrime. Since, global ransomware wastage expense is predicted to hit $20 billion in 2021, up from just $325 million in 2015 which, is 57X extra in 2021. In this paper, a brief of the recent research in the prevention of ransomware attacks and the best practices to mitigate the attack impact is presented. General TermsRansomware prevention technique, ransomware mitigation technique, signature-based, behavior-based.

show abstract

“…The attacker tries to characterize sensitive information about a set of individuals and monitors their transactions for a certain period of time. To address this situation, several privacy approaches have been proposed to decouple the users' pseudonymous identities from the specific transactions they make, thereby preventing attempts to link the transacting parties on the based of the data that appears in the blockchain [21,22].…”

Section: Related Workmentioning

confidence: 99%

Hy-Bridge: A Hybrid Blockchain for Privacy-Preserving and Trustful Energy Transactions in Internet-of-Things Platforms

Firoozjaei

Ghorbani

Kim

et al. 2020

Sensors

View full text Add to dashboard Cite

In the current centralized IoT ecosystems, all financial transactions are routed through IoT platform providers. The security and privacy issues are inevitable with an untrusted or compromised IoT platform provider. To address these issues, we propose Hy-Bridge, a hybrid blockchain-based billing and charging framework. In Hy-Bridge, the IoT platform provider plays no proxy role, and IoT users can securely and efficiently share a credit with other users. The trustful end-to-end functionality of blockchain helps us to provide accountability and reliability features in IoT transactions. Furthermore, with the blockchain-distributed consensus, we provide a credit-sharing feature for IoT users in the energy and utility market. To provide this feature, we introduce a local block framework for service management in the credit-sharing group. To preserve the IoT users’ privacy and avoid any information leakage to the main blockchain, an interconnection position, called bridge, is introduced to isolate IoT users’ peer-to-peer transactions and link the main blockchain to its subnetwork blockchain(s) in a hybrid model. To this end, a k-anonymity protection is performed on the bridge. To evaluate the performance of the introduced hybrid blockchain-based billing and charging, we simulated the energy use case scenario using Hy-Bridge. Our simulation results show that Hy-Bridge could protect user privacy with an acceptable level of information loss and CPU and memory usage.

show abstract

Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems

Cited by 65 publications

References 4 publications

DIVDS: Docker Image Vulnerability Diagnostic System

DIVDS: Docker Image Vulnerability Diagnostic System

Ransomware Prevention and Mitigation Techniques

Hy-Bridge: A Hybrid Blockchain for Privacy-Preserving and Trustful Energy Transactions in Internet-of-Things Platforms

Contact Info

Product

Resources

About