Digital Immunity Module: Preventing Unwanted Encryption using Source Coding

Unwanted data encryption, such as ransomware attacks, continues to be a significant cybersecurity threat. Ransomware is a preferred weapon of cybercriminals who target small to large organizations' computer systems and data centres. It is malicious software that infects a victim's computer system and encrypts all its valuable data files. The victim needs to pay a ransom, often in cryptocurrency, in return for a decryption key. Many solutions use methods, including the inspection of file signatures, runtime process behaviors, API calls, and network traffic, to detect ransomware code. However, unwanted data encryption is still a top threat. This paper presents the first immunity solution, called the digital immunity module (DIM). DIM focuses on protecting valuable business-related data files from unwanted encryption rather than detecting malicious codes or processes. We show that methods such as file entropy and fuzzy hashing can be effectively used to sense unwanted encryption on a protected file, triggering our novel source coding method to paralyze the malicious manipulation of data such as ransomware encryption. Specifically, maliciously encrypted data blocks consume exponentially larger space and longer writing time on the DIM-protected file system. As a result, DIM creates enough time for system/human intervention and forensics analysis. Unlike the existing solutions, DIM protects the data regardless of ransomware families and variants. Additionally, DIM can defend against simultaneously active multiple ransomware, including the most recent hard to detect and stop fileless ones. We tested our solution on 39 ransomware families, including the most recent ransomware attacks. DIM successfully defended our sample file dataset (1335 pdf, jpg, and tiff files) against those ransomware attacks with zero file loss.

Digital Immunity Module: Preventing Unwanted Encryption using Source Coding

Unwanted data encryption, such as ransomware attacks, continues to be a significant cybersecurity threat. Ransomware is a preferred weapon of cybercriminals who target small to large organizations' computer systems and data centres. It is malicious software that infects a victim's computer system and encrypts all its valuable data files. The victim needs to pay a ransom, often in cryptocurrency, in return for a decryption key. Many solutions use methods, including the inspection of file signatures, runtime process behaviors, API calls, and network traffic, to detect ransomware code. However, unwanted data encryption is still a top threat. This paper presents the first immunity solution, called the digital immunity module (DIM). DIM focuses on protecting valuable business-related data files from unwanted encryption rather than detecting malicious codes or processes. We show that methods such as file entropy and fuzzy hashing can be effectively used to sense unwanted encryption on a protected file, triggering our novel source coding method to paralyze the malicious manipulation of data such as ransomware encryption. Specifically, maliciously encrypted data blocks consume exponentially larger space and longer writing time on the DIM-protected file system. As a result, DIM creates enough time for system/human intervention and forensics analysis. Unlike the existing solutions, DIM protects the data regardless of ransomware families and variants. Additionally, DIM can defend against simultaneously active multiple ransomware, including the most recent hard to detect and stop fileless ones. We tested our solution on 39 ransomware families, including the most recent ransomware attacks. DIM successfully defended our sample file dataset (1335 pdf, jpg, and tiff files) against those ransomware attacks with zero file loss.

CARTOGRAPHIC MODELS OF PEST DIFFUSION PROCESSES IN NETWORK CYBERSPACE

Рассматривается весьма актуальная проблема моделирования процесса диффузии вредоносных кодов и деструктивных контентов в киберпространстве, которое в современных условиях носит все более выраженный сетевой характер. В отличии от ранее широко используемых аналоговых и даже развивающих их дискретных эпидемических моделей, в настоящей работе учитываются статический (накопленную информацию) и динамический (информационный трафик) ресурсы узлов и ветвей сети. Наряду с этим принимается во внимание дозировка вредоноса, внедряемого в сеть для нарушения её работоспособности. Все это позволяет осуществить сетевое картографирование эпидемического процесса, порождаемого в результате диффузии вредоносной инъекции. Предлагаемая модель открывает новую страницу в описании информационных эпидемий (и не только) во взвешенных сетях, где предлагаемая авторами формализация масштабирует изображаемые размеры узлов и ветвей модели в соответствии со значениями ресурсов или потенциалов её элементов. Фактически получается граф (карта) исследуемого сетевого ландшафта, в котором циркулирует информация. В случае внедрения вредоноса компоненты карты окрашиваются с учетом дозировки его присутствия в них, где топологической основой выступают “звезды” сети. Для этого авторами предлагаются соответствующие аналитические выражения. The article deals with a very relevant problem of modeling the process of diffusion of malicious codes and destructive content in cyberspace, which in modern conditions has an increasingly pronounced network character. In contrast to the previously widely used analog and even developing discrete epidemic models, this paper takes into account the static (accumulated information) and dynamic (information traffic) resources of nodes and branches of the network. Along with this, the dosage of the malware introduced into the network to disrupt its performance is taken into account. All this makes it possible to carry out network mapping of the epidemic process generated as a result of the diffusion of malicious injection. The proposed model opens a new page in the description of information epidemics (and not only) in weighted networks, where the formalization proposed by the authors scales the depicted sizes of nodes and branches of the model in accordance with the values of resources or potentials of its elements. In fact, a graph (map) of the network landscape under study is obtained, in which information circulates. In the case of the introduction of the malware, the map components are colored taking into account the dosage of its presence in them, where the topological basis is the “stars” of the network. For this purpose, the authors propose the corresponding analytical expressions.

SECURITY ANALYSIS OF PROTECTED AND ANONYMOUS BROWSERS

Индустрия браузеров существует в основном за счет косвенных источников финансирования, поэтому создатели браузеров должны заботиться о привлекательности предлагаемого продукта. При выборе браузера пользователь руководствуется соображениями красоты, удобства и скорости работы. Большинство пользователей в современном мире не являются технически подготовленными, это обычные люди, которые подбирают товары в магазинах или общаются в соцсетях и т. п. Они имеют смутные представления об информационной безопасности и часто пренебрегают ею либо, наоборот, начинают бояться вмешательства в частную жизнь и не знают, как себя обезопасить или как проверить ее обеспечение. Поэтому основная ответственность обеспечения информационной безопасности лежит на создателях браузера и зависит от их добросовестности и компетенции. Одна из задач специалистов по информационной безопасности - помогать улучшать сервисы с точки зрения их безопасности. С этой целью в работе проведен анализ безопасности четырех браузеров, которые были изначально представлены как браузеры для безопасного и анонимного пользования. Задача обзора и анализа заключается в определении наиболее безопасного и конфиденциального инструмента для веб-серфинга, а также выявления содержания в этих браузерах вредоносных кодов. The browser industry is largely driven by indirect funding, so browser makers should be concerned about the attractiveness of the product they offer. When choosing a browser, the user is guided by considerations of beauty, convenience and speed of work. Most users in the modern world are not technically trained, they are ordinary people who pick up products in stores or communicate on social networks, etc. They have a vague idea of information security, and often neglect it, or, on the contrary, begin to fear interference with their privacy and do not know how to protect themselves or how to check its provision. Therefore, the main responsibility for ensuring information security lies with the creators of the browser and depends on their integrity and competence. One of the tasks of information security professionals is to help improve services in terms of their security. To this end, the work carried out a security analysis of four browsers that were originally presented as browsers for safe and anonymous use. The task of the survey and analysis is to determine the most secure and confidential tool for web surfing, as well as to identify the content of malicious codes in these browsers.

One Size Does Not Fit All

Malware analysis is an essential task to understand infection campaigns, the behavior of malicious codes, and possible ways to mitigate threats. Malware analysis also allows better assessment of attackers’ capabilities, techniques, and processes. Although a substantial amount of previous work provided a comprehensive analysis of the international malware ecosystem, research on regionalized, country-, and population-specific malware campaigns have been scarce. Moving towards addressing this gap, we conducted a longitudinal (2012-2020) and comprehensive (encompassing an entire population of online banking users) study of MS Windows desktop malware that actually infected Brazilian banks’ users. We found that the Brazilian financial desktop malware has been evolving quickly: it started to make use of a variety of file formats instead of typical PE binaries, relied on native system resources, and abused obfuscation techniques to bypass detection mechanisms. Our study on the threats targeting a significant population on the ecosystem of the largest and most populous country in Latin America can provide invaluable insights that may be applied to other countries’ user populations, especially those in the developing world that might face cultural peculiarities similar to Brazil’s. With this evaluation, we expect to motivate the security community/industry to seriously consider a deeper level of customization during the development of next-generation anti-malware solutions, as well as to raise awareness towards regionalized and targeted Internet threats.

ImageDetox: Method for the Neutralization of Malicious Code Hidden in Image Files

Malicious codes may cause virus infections or threats of ransomware through symmetric encryption. Moreover, various bypassing techniques such as steganography, which refers to the hiding of malicious code in image files, have been devised. Unknown or new malware hidden in an image file in the form of malicious code is difficult to detect using most representative reputation- or signature-based antivirus methods. In this paper, we propose the use of ImageDetox method to neutralize malicious code hidden in an image file even in the absence of any prior information regarding the signatures or characteristics of the code. This method is composed of four modules: image file extraction, image file format analysis, image file conversion, and the convergence of image file management modules. To demonstrate the effectiveness of the proposed method, 30 image files with hidden malicious codes were used in an experiment. The malicious codes were selected from 48,220 recent malicious codes purchased from VirusTotal (a commercial application programming interface (API)). The experimental results showed that the detection rate of viruses was remarkably reduced. In addition, image files from which the hidden malicious code had previously been removed using a nonlinear transfer function maintained nearly the same quality as that of the original image; in particular, the difference could not be distinguished by the naked eye. The proposed method can also be utilized to prevent security threats resulting from the concealment of confidential information in image files with the aim of leaking such threats.

Ransomware Attacks: - Impact, Symptoms, Working, Preventive Measures and Response

Ransomware is the malware that breaches the protection of the system by using malicious codes. Modern ransomware families, encrypt certain file types on compromised systems. The attacks not only focused on a particular individual, but many organizations and institutions are also involved. New threats to the education sectors and similar organizations are centered here. Possible identification, prevention methods & responses to the rising ransomware attacks explained to combat them efficiently. The main ground of this research is to identify & understand the working of encrypting ransomware and understand the potential ways to counter them before attacking our systems & networks. Following the methodologies presented in this paper with careful analysis can effectively prevent and avert ransomware attacks.

Identification of Web Site Reliability through Data Scrapping at Web Crawler’s Navigation

Searching a specified content on the web site is like epistle a single character in bunch of pages. When the user enters their keyword into any search engines, it takes that in to web server mining process for collecting the entire terms related to that entered key phrase. Few pages gives legal and authenticated matter for the user, which they really wanted to access. Whereas many other pages are bringing them some unwanted and malicious codes of pages or virus activity pages to harm user’s activities and the system’s functions. Generally a web page attacks the targeted system by faulty instructions and malevolent programs through some sort of intrusion methodologies are called as phishing. In this attacking method user is set to access unknown or illegal sites by the way of accessing some unidentified websites link imbedding with legal site contents. Once victim’s system performance got compromised then hackers started to do attack. To avoid this kind of molestations, user needs to understand reliability of web page’s contents before started to continue browsing. This research paper is going to present web crawler architecture, design complexities and implementation for scrapping web contents from visited web pages for indentifying their reliability and freshness.

Platform-Independent Malware Analysis Applicable to Windows and Linux Environments

Most cyberattacks use malicious codes, and according to AV-TEST, more than 1 billion malicious codes are expected to emerge in 2020. Although such malicious codes have been widely seen around the PC environment, they have been on the rise recently, focusing on IoT devices such as smartphones, refrigerators, irons, and various sensors. As is known, Linux/embedded environments support various architectures, so it is difficult to identify the architecture in which malware operates when analyzing malware. This paper proposes an AI-based malware analysis technology that is not affected by the operating system or architecture platform. The proposed technology works intuitively. It uses platform-independent binary data rather than features based on the structured format of the executable files. We analyzed the strings from binary data to classify malware. The experimental results achieved 94% accuracy on Windows and Linux datasets. Based on this, we expect the proposed technology to work effectively on other platforms and improve through continuous operation/verification.

Malicious Code Variant Detection : A Survey

Malicious codes have become one of the major threats to computer systems. The malicious software which is also referred to as malware is designed by the attackers and can change their code as they propagate. The existing defense against malware is highly affected by the diversity and volume of malware variants that are being created rapidly. The variants of malware families exhibit typical behavioral patterns exhibiting their origin and purpose. The behavioral patterns can be exploited statically or dynamically to detect and classify malware into their known families. This paper provides a detailed survey of techniques to detect and classify malware into their respective families.