Abstract
Just as how Technology adapts and changes at a fast rate so does the technique that cyber criminals use to attack systems. The introduction of new technology also introduces new opportunities for cyber criminals to strike. It is the ying and yang of the cyber security world and it creates challenges that cyber-security professionals have to overcome. Weak passwords have always been in an issue in cyber-security. Especially when access control is brought up, the reason is mainly because they are easy targets for many different attacks. Recently, cyber-security criminals have not been able to extort weak passwords that much. By combining known attacks like brute force with a new type of malware called ransomware. Ransomware is defined as a form of malicious software that is designed to restrict users from accessing their computers or files stored on computers till they pay a ransom to cyber-criminals. Brute force and remote desktop attacks have become the most common means of cyber criminals to spread ransomware. Surpassing phishing emails and spam as the top technique. Many high-profile incidents prove the damage can be done even when the whole system is encrypted. Ransomware attacks have grown into a huge issue and now weak passwords are aiding in the distribution of ransomware.
Recently Ransomware has gained a lot of attention in the cyber-security world. Ransomware is defined as a form of malicious software that is designed to restrict users from accessing their computers or files stored on computers till they pay a ransom to cyber-criminals. There are three different types of ransom where that is used by attackers, but out of three two are of these are actually used against business. The ransomware that will just lock you out your computer or the ransomware that will lock the users out and encrypt all the data on the system. The form of currency that cyber criminals prefer is concurrency such as bitcoin. According to Kethineni, S., Cao, Y., & Dodge, C. (2018) “The seemingly invisible nature of this cryptocurrency makes it difficult to identify who is using them and what they are buying” (p.4). Many organizations will pay the ransom while never disclosing the fact that they were attacked. For a Major company an attack like this can bring bad publicly and cripple the organizations’ reputation and stability.
Ransomware was introduced in 1989 but it wasn’t until 2012 when ransomware spread worldwide. The U.S. department of justice described ransomware as a new model of cyber-crime with a potential to cause impacts on a global scale. Palozza, F. (2018, October 15) explained “that the annual ransomware-induced costs, including the ransom and the damages caused by ransomware attacks, are most likely to shoot beyond $11.5 billion by 2019” (p.1) There is a long list of damages that ransomware can cause after the attack. The list of impacts are loss or destruction of crucial information, business downtime, productivity loss, business disruption in the post-attack period, damage of hostage systems, data, and files and the loss of reputation of the victimized company. The global introduction of ransomware has had a huge impact on the daily operation of many businesses.
The distribution method of ransomware used by cyber criminals was only emails phishing. Now cyber-criminals have developed a new method for the spread of ransomware, it is the systematic attack of weak password. Cyber-security professionals are no strangers to dangers of weak passwords. No matter how much education is given to end users about the importance of secure passwords this issue seems to never vanish. User still use password like name123, fluffy123 or even worse a password like 123456. Weak passwords create a vital opportunity to breach a large system, and cyber criminals are now using this as a way to spread ransomware. According to Traina, L. (2016) “And not only do people use simple, weak passwords, but they also often use the same one for everything, further magnifying the risk” (p.60). This new method of incorporating weak passwords into a ransomware attack. Is conducted into a two phases operation that works efficiently.
The first step in this method is to the figure out the password of every user with in an organization. The cyber-criminal will first use two widely known attacks the brute force attack and also the Remote Desktop Protocol (RDP) attacks. According to Palmer, D. (2019, September 12) “brute-force attacks are the primary choice for hackers because it works, we’re seeing that there is an abundance of accounts that have way too many insecure and weak passwords” (p.1). Brute force attack will target one user name and try millions of password combination until a correct match is found. Remote Desktop Protocol (RDP) are conducted the same way the attacker will try to guess to usernames and passwords in order to gain access remotely controlled endpoints.
Once the attacker has gained access to the system they can infect the system with their ransomware. There six phases that take place during the ransomware attack once they are in the system they are at stage 2 penetration. Next fornication protecting assets have been compromised, next the stage infiltration will begin the attacker will gather and compromise high value target. The second last stage is the spoliation where the attacker alters documentations and reduce restores effectiveness. And finally, the attacker will encrypt everything, wipe archives and issue out the ransom demands. At this point is very little that the organization can but follow and fulfill the demands of the attacker. These large compromises that have such a negative impact on an organization can stem from something as simple as a weak password. Weak passwords being an issue of its own shows no real signs of every going away or correcting itself, increasing the appeal of this method of spreading ransomware to cyber criminals.
Ransomware attacks have more than double since 2018 and new stains are being produced. SamSam is a new strained that has attacked hospitals, transportation systems, government institutions, companies and individuals. One of the most recent SamSam attacks took place in Indiana where a regional hospital Hancok Health was breached. Hancock Health had to pay 55,000 $ in 4 bitcoins to the attackers in order to gain information back. The Network Attached Storage (NAS) was warned to watch out for password ransomware attacks. Because affiliated companies of the vendor were also compromised. According to Naked Security (29 July 2019) “the campaign involves trying lots of commonly used passwords on internet-connected NAS boxes. The attackers hope that eventually they’ll hit on a password that allows them the access necessary to encrypt the data on it” (p.1) At first the company thought the breach may come from a vulnerability with the system. After long analysis of the ransomware they realized that the attacker was using a simple brute force attack.
Ransomware has always been a problem in cyber-security, same goes for weak passwords. Recently the combination of brute force attacks and ransomware has become a huge. The number off attacks have double because using weak passwords to gain access to a system is simple and easy. Many end users and organizations still use default passwords or create weak passwords. Cyber-criminals see the value in weak passwords because the issue is here to stay. Allowing Cyber-criminals to become more creative in developing and executing their attacks. Many different industries and organizations have fallen victim to this type of ransomware. Billions of dollars have been paid to cyber criminals and the year hasn’t even ended yet. As more organizations become more technology based new opportunity for compromise will emerged. Organizations need to spend more money on cyber-security to help build awareness with the organization. The issue of weak password and default password should be broadcast to everyone. Spending more money on cyber-security in order to protect the organization is a minor price to pay compared to being breached.
Polymorphic Malware: In with the new out with the old
Alpha Bundu
Old Dominion University
Abstract
New obstacles Cyber-security professionals now have to overcome to keep the cyber world safe. Research has shown signature-based antivirus software effectiveness has steadily decreased. Signature-based anti-viruses software detects and deters malware threats by identifying the malware’s specific signature. The issue now is what if the malware can change its signature to bypass the detection capabilities of antivirus software. This study will shed some light on polymorphic malware, a malware strand able to morph its signature. This paper will expose how old methods are useless, and new methods are can protect users from cyber-security threats. Machine learning is a new up and coming technological advance may be the very answer needed to combat polymorphic malware. In context, machine learning is an application of artificial intelligence (AI) that provides systems the ability to learn and improve from experience without being explicitly programmed. The focus of machine learning is developing computer programs that can access data, learn from the data, and take action for itself. The combination of machine learning and Signature-based antivirus software may cut down the damage polymorphic malware. Based on recent studies and documentation machine learning has helped combat against polymorphic malware. Results have shown that Signature-based antivirus programs are ineffective when paired against polymorphic malware. On this basis, we recommend it that cyber-security professionals need to investigate new technology. New technology like A.I. applications can apply to old traditional methods creating a new line of defenses against malware.
In with the old, out with the new, a well-known saying that has become very relevant in the world of cybersecurity. Signature-based antivirus software has always been a useful tool to build up an organization’s defense. It is mostly used to protect an organization’s emails. The program uses a database filled with malware signatures. The program filters out malware that may pose a threat to a system. Malware is any piece of software that is written with the spirit of damaging devices, stealing data, and causing damage.
In with the old, out with the new, a well-known saying that has become very relevant in the world of cyber-security. Signature-based antivirus software has always been a useful tool to build up an organization’s defense. It is mostly used to protect an organization’s emails. The program uses a database filled with malware signatures. The program filters out malware that may pose a threat to a system. Malware is any piece of software that is written with the spirit of damaging devices, stealing data, and causing damage.
Viruses, trojans, spyware, and ransomware are among the many kinds of malware. Malware has a unique string of bits or a binary pattern known as the virus signature. The signature is the fingerprint of the malware used for identification. The signature earns a spot in the anti-virus program’s database and a new update is released to the users. This is where the chinks within the armor of Signature-based anti-virus’s software is exposed. According to Ready Space (2018) “First, a new signature is developed for every attack. Second, new attacks (which malicious hackers and worms are working on every day) cannot be detected” (page 1). In order for a signature to be stored within a database, the malware has to infect the computer.
Essentially, cybersecurity professionals play a game of cat and mouse. They will wait for a compromise to happen and after the storm has settled than develop a countermeasure. Because of the speed and rate of change that is taking place in the tech world, this old methods are losing luster when dealing with malware. A new issue has arisen with malware signatures. What if the malware can change its signature at will? How would signature-based antivirus’s program protect the system now? A signature changing malware can make signature-based antivirus’s software useless.
The polymorphic virus is the exact malware that can bypass the detection of a signature-based antivirus’s program. According to Shadrach, Dinesh, and Andriamanalimanana, Bruno (2006) “Polymorphic viruses are the next step in terms of complexity for virus attacks. Polymorphic viruses can mutate their decryptors too many of the different forms capable of taking millions of different orientations” (page 14). Polymorphic viruses use a mutation engine that changes its decryption algorithm after every infection. The mutation engine is a part of the body of the polymorphic virus body.
The mutation engine is nothing more than a library that can be downloaded from the internet. A well-known mutation engine goes by the name of the dark avenger and is used for many attacks. The codes that are produced after infection are new codes from scratch. Creating a new level difficulty for cyber security professional when attempting to capture the signature. Cybersecurity criminals have used polymorphic viruses in many attacks that have led to major damages to business organizations. There are many polymorphic families, but the common ones are CryptoLocker, CryptXXX, VirLock, and WannaCry.
Recently there has been an increase in using these attacks. Polymorphic viruses are proof that old methods cannot keep up with new attacks. Cybersecurity professionals need new techniques to combat this new type of malware. Signature-based antivirus’s software should be swapped with machine learning and behavior-based analytics. Defined by (Team, B. E. S2017, October 5) “Machine learning is an application of artificial intelligence (AI) that provides systems the ability to automatically learn and improve from experience without being explicitly programmed” (page 2). Machine learning focuses on the development of computer programs that can access data and use it for themselves.
Machine learning algorithms will focus on anomalous behaviors of unknown programs and static characteristics. According to (Firdausi, Erwin, Nugroho, December 2010) “variants of malware families share typical behavioral patterns reflecting its origin and purpose” (page 201). Using machine learning and behavior-based analytics can check the behavior patterns in a sandbox environment. After the data from the patterns stored and transform into logical information. A malware behavior classifier mindfully uses learning techniques. Now if a polymorphic virus changes its signature, the malware behavior classifier will classify and identify the malware based on the behavior.
Machine learning and behavior-based analytics gives birth to another useful technique for
Polymorphic virus detection. This technique uses the process of execution behavior of a known malware against the execution behaviors of a set of benign programs. The conductor will mine the present malicious behavior within the malware. Where the malware is not present in a set of benign programs. At the end of the test, the outputted algorithms turn into malware detectors to detect malware. Machine learning makes techniques like these possible. Machine learning can open up new windows of possibilities for cybersecurity professionals. Allowing us to create new techniques that can make it harder for cybersecurity criminals to land successful attacks.
Signature-based anti-viruses software has been around for a long time and it still actively used to protect against malware. Using signatures to name and filter out malware but the problem is that these signatures come after the attack. A polymorphic virus created a name for itself because of its ability to change its signature after every attack. Without signature to be identified with the polymorphic virus can bypass detection. A polymorphic virus is a prime example that new techniques need to be developed to protect the cyber world. Using Machine learning and behavior-based analytics will create new countermeasures. By studying the behavior patterns of malware Machine learning and behavior-based analytics will find polymorphic viruses. Cybersecurity professionals need to apply new technology and techniques to level the playing field.
The Dangers of Data Harvesting
Alpha Bundu
Old Dominion University
Abstracts:
The convenience of shopping online from the comfort of your home has captivated the minds of a global audience. Users connect to millions of vendors that provide services based on the user’s needs. Users can shop with peace of mind and select goods and services, without the hassle of waiting for a line or driving up the street. Returning customers of the website are prompted to create user accounts. The user will add information like their email address, physical address, name, etc. Users now have the option to save their information permanently on the website and new features allow the user to save card information on the websites. Various types of sensitive information are floating around the great internet sea, and hackers cast their rods to see what they will get. Many users have this belief that hackers are their only enemy online. Third-party companies and major companies are using cookies to build a profile for online users. After the profile is built these companies will sell your information to other companies at a high price without your consent or knowledge. This act is called illegal data harvesting and its growth rate is parallel to the growth rate of technology. Data harvesting is like data mining, but one of the key differences is that data harvesting uses a process that extracts and analyzes data collected from online sources. To engage in data harvesting, a website is targeted, and the data from that site is extracted. That data can be pretty much anything the harvester wants. It might be simple text found on the page or within the page’s code. Over the past years, companies like Facebook and Google have been caught in many data harvesting scandals. Data harvesting will continue to grow as the use of the internet continue to use to increase. Users need to be educated on the dangers of Data have rested. So they can take the appropriate countermeasure against third companies that will steal their information.
Literature review:
Data harvesting is a process where a small script, also known as a malicious bot, is used to extract large amounts of data from websites and other purposes. As a cheap and easy way to collect online data, the technique is often used without permission to steal website information such as text, photos, email addresses, and contact lists. Companies can participate in data harvest by stealing information from their own customers. There have been several incidents where major companies have been caught harvesting user data and selling them to other companies. The questions below will help us to inefficiently take a look into the world of data harvesting.
What is data harvesting?
According to Murgia (2019, July 5) “Data harvesting takes place Whenever a person visits a website, their computer can send out personal data including their location, device type, hobbies, previous purchases, gender, inferred race, and financial means to “thousands” of ad tech companies”(page 2). The company will then take the information and sell it to advertising companies online. The buying company’s ads will be than appear on the screens of the user. There are six types of data types that extracted when Data harvesting takes place. Age, gender, location, web browsing history, property ownership, and financial data. After extraction, the harvester will create a profile for user-based the extracted information.
Why is third party companies’ data harvesting?
According to Here’s how much you’re Personal Information Is Selling for on the Dark Web. (2019, March 11) “Here are the 10 most common pieces of information sold on the dark web and the general range of what they’re worth—or rather can sell for”(1 page). A user social security number can be sold for one us dollars. Credit or debit cards can be sold from 5$ up to 110 $ depending with its includes the cave number, bank information, full information. Online payment services login info (e.g. Paypal) can range from $20-$200. Subscription services can range from $1-$10 dollars. Most of these prices can vary over time and the prices provide are just estimation. Now imagine if you were able to obtain millions of user’s sensitive data the profit from data harvesting is unlimited.
Who are the key players that are Data harvesting?
Third-party companies, data brokers, and major companies are all participating in illegal data harvesting. According to Kozlowska, I. (2019, July 11) “The purpose for which the data was illegally harvested is new and it hits a nerve with an American society that is already politically divided and where political emotions run high” (p 2). Cambridge Analytical was harvesting sensitive information from millions of Facebook users. Later on, it was found out that was allowing this breach to take place. CA was using the data for explicitly political purposes to help conservative campaigns in the 2016 election, including Donald Trump’s campaign. The 3,000,000 Facebook users who downloaded the app didn’t know that their personal information was being used for political purposes.
What are cookies?
Third-party data companies can assemble thousands of attributes for billions of people and by buying or licensing data or scraping public records. Illegal data harvesting has been going on years now, companies could buy up lists of users to build targeted advertising audiences. The use of smartphones and online payment methods has made it easy for companies to harvest your information. Browser cookies and trackers are a major part of this infrastructure. Fast Company’s site relies on them in order to serve content and ads. Once all that information gather profile is built for you. This very profile will be sold to the highest bidder and the company spam a user with ads.
Discussion:
User education is an important key to reduce the frequency of data harvesting that takes place on the internet. For the most part, users are sometimes are blind to how unsafe the internet is. They don’t see the importance of keeping up with patches for the programs they use. Or even keeping up with the latest cybersecurity news updates. New updates can keep the user informed about the different trends happening worldwide. Sadly users become sitting ducks to data harvesting because, without the knowledge of this issue, it is hard for users to defend or utilize countermeasures. Users need to be aware of accepting cookies online, precautions, and countermeasures to protect their privacy on the internet. User needs to be educated about threats to their privacy on the internet.
User awareness has to be directed to the so-called harmless cookies that companies are integrating on their websites. Data harvester has exploited cookies an object that seems harmless to many. Cookies are a major threat to user privacy on the internet. Cookies by themselves cannot dig up information or do research on a user. Cookies store personal information on users and then builds a specific user profile. The original purpose of cookies storing personal information is to track users’ online habits or ad personalization.
Companies that give goods or services realized how important cookies are in e-commerce. Data harvester and major companies like Google mine these cookie profiles and sells them to smaller companies. The smaller companies will pay top dollar for these profiles for the sole purpose of ad personalization. Regardless of the use of the information data harvesting leaves users vulnerable to a number of issues. To avoid this problem there are a number of countermeasures that can be used. The first step is the user should regularly clear their cookies and cache on a monthly basis. That will reduce the number of cookies they accept while surfing the internet.
Cookies can store information when a user is surfing the web, the user can utilize the countermeasure of private browsing. Private browsing is a new feature offered by various browsers. When a user enables Private Browsing mode also known as Incognito Mode in Google Chrome and InPrivate Browsing in Internet Explorer, their information will not be saved at all when visiting websites. When a user visits a website in private-browsing mode, the browser won’t store any history, cookies, form data or anything else. Some data, like cookies, kept for the duration of the private browsing session and immediately discarded when you close your browser.
Private browsing functions as a completely isolated browser session. Users will be protected from Data harvesters snooping through your browsing history. Private browsing will not leave tracks on your computer and prevents websites from using cookies stored on your computer to track your visits. Another countermeasure is not to save your card information on any browser. Browsers like Google Chrome allows user to save their payment information on the browser. Users should only use secure Wi-Fi connections because there is a risk that an eavesdropper watches the traffic. Users need to be aware of the dangers of Data harvesting and utilize countermeasures.
Conclusion:
Data harvesting has become a major threat to the privacy of many users. Due to major data breaches like the Facebook incident and Google incidents, data harvesting has captured global attention and concern. Users need to be cautious when using personal sensitive information when on the internet. Companies and browsers are using cookies to store information and build profiles on users. User education is an important key to reduce the frequency of data harvesting that takes place on the internet. Private browsing can put a halt on cookies and browsing history. Privacy on the internet has become hard to protect it is up to users to understand the risk on the internet.