199 research outputs found
A Study of Perceptions on Incident Response Exercises, Information Sharing, Situational Awareness, and Incident Response Planning in Power Grid Utilities
The power grid is facing increasing risks from a cybersecurity attack. Attacks that shut off electricity in Ukraine have already occurred, and successful compromises of the power grid that did not shut off electricity to customers have been privately disclosed in North America. The objective of this study is to identify how perceptions of various factors emphasized in the electric sector affect incident response planning. Methods used include a survey of 229 power grid personnel and the use of partial least squares structural equation modeling to identify causal relationships. This study reveals the relationships between perceptions by personnel responsible for cybersecurity, regarding incident response exercises, information sharing, and situational awareness, and incident response planning. The results confirm that the efforts by the industry on these topics have advanced planning for a potential attack
Ransomware Simulator for In-Depth Analysis and Detection: Leveraging Centralized Logging and Sysmon for Improved Cybersecurity
Abstract
Ransomware attacks have become increasingly prevalent and sophisticated, posing significant threats to organizations and individuals worldwide. To effectively combat these threats,
security professionals must continuously develop and adapt their detection and mitigation
strategies. This master thesis presents the design and implementation of a ransomware simulator to facilitate an in-depth analysis of ransomware Tactics, Techniques, and Procedures
(TTPs) and to evaluate the effectiveness of centralized logging and Sysmon, including the
latest event types, in detecting and responding to such attacks.
The study explores the advanced capabilities of Sysmon as a logging tool and data source,
focusing on its ability to capture multiple event types, such as file creation, process execution,
and network traffic, as well as the newly added event types. The aim is to demonstrate the
effectiveness of Sysmon in detecting and analyzing malicious activities, with an emphasis on
the latest features. By focusing on the comprehensive aspects of a cyber-attack, the study
showcases the versatility and utility of Sysmon in detecting and addressing various attack
vectors.
The ransomware simulator is developed using a PowerShell script that emulates various
ransomware TTPs and attack scenarios, providing a comprehensive and realistic simulation
of a ransomware attack. Sysmon, a powerful system monitoring tool, is utilized to monitor
and log the activities associated with the simulated attack, including the events generated by
the new Sysmon features. Centralized logging is achieved through the integration of Splunk
Enterprise, a widely used platform for log analysis and management. The collected logs are
then analyzed to identify patterns, indicators of compromise (IoCs), and potential detection
and mitigation strategies.
Through the development of the ransomware simulator and the subsequent analysis of
Sysmon logs, this research contributes to strengthening the security posture of organizations
and improving cybersecurity measures against ransomware threats, with a focus on the latest
Sysmon capabilities. The results demonstrate the importance of monitoring and analyzing
system events to effectively detect and respond to ransomware attacks. This research can serve
as a basis for further exploration of ransomware detection and response strategies, contributing
to the advancement of cybersecurity practices and the development of more robust security
measures against ransomware threats
Enhancing cyber assets visibility for effective attack surface management : Cyber Asset Attack Surface Management based on Knowledge Graph
The contemporary digital landscape is filled with challenges, chief among them being the management and security of cyber assets, including the ever-growing shadow IT. The evolving nature of the technology landscape has resulted in an expansive system of solutions, making it challenging to select and deploy compatible solutions in a structured manner. This thesis explores the critical role of Cyber Asset Attack Surface Management (CAASM) technologies in managing cyber attack surfaces, focusing on the open-source CAASM tool, Starbase, by JupiterOne. It starts by underlining the importance of comprehending the cyber assets that need defending. It acknowledges the Cyber Defense Matrix as a methodical and flexible approach to understanding and addressing cyber security challenges. A comprehensive analysis of market trends and business needs validated the necessity of asset security management tools as fundamental components in firms' security journeys. CAASM has been selected as a promising solution among various tools due to its capabilities, ease of use, and seamless integration with cloud environments using APIs, addressing shadow IT challenges. A practical use case involving the integration of Starbase with GitHub was developed to demonstrate the CAASM's usability and flexibility in managing cyber assets in organizations of varying sizes. The use case enhanced the knowledge graph's aesthetics and usability using Neo4j Desktop and Neo4j Bloom, making it accessible and insightful even for non-technical users. The thesis concludes with practical guidelines in the appendices and on GitHub for reproducing the use case
- …