A general definition of malware

International audienceWe propose a general, formal definition of the concept of malware (malicious software) as a single sentence in the language of a certain modal logic. Our definition is general thanks to its abstract formulation, which, being abstract, is independent of--but nonetheless generally applicable to--the manifold concrete manifestations of malware. From our formulation of malware, we derive equally general and formal definitions of benware (benign software), anti-malware ("antibodies" against malware), and medware (medical software or "medicine" for affected software). We provide theoretical tools and practical techniques for the detection, comparison, and classification of malware and its derivatives. Our general defining principle is causation of (in)correctness

Finansowe, bilansowe i podatkowe konsekwencje ataku typu ransomware

Ransomware is a prime cybersecurity threat at the moment. In this paper we analyze financial implications of ransomware attacks, motivation of the ransomware victim to pay ransom, and legal, accounting and tax implications of such payment. The methodological approach used in the study is a combination of formal-dogmatic method and argumentative literature review. First, we provide an overview of all potential losses which could be incurred by the ransomware attack. Further, we analyze under which conditions is legal to pay any kind of ransom, including cyber ransom, as an organization as well as which other considerations victims should consider when deciding to pay ransom. In that respect we analyze accounting and tax implications of losses inflicted by the ransomware attack, putting special attention to the ransom payments.Oprogramowanie typu ransomware jest obecnie istotnym zagrożeniem w zakresie cyberbezpieczeństwa. W niniejszym artykule analizujemy finansowe konsekwencje ataków typu ransomware, a także motywy zapłaty okupu przez ofiarę takiego ataku oraz prawne, bilansowe i podatkowe konsekwencje takiej zapłaty. Podejście metodologiczne zastosowane w pracy stanowi połączenie metody formalno-dogmatycznej z metodą krytyki literatury. Na początku opisujemy wszelkie potencjalne straty, jakie mogą wynikać z ataku ransomware. Następnie poddajemy analizie warunki, w których zapłata przez jednostkę organizacyjną okupu jakiegokolwiek rodzaju, w tym wymuszonego drogą komputerową, jest legalna, a także inne względy, które ofiara musi wziąć pod uwagę, decydując się na zapłatę okupu. W tym zakresie analizujemy bilansowe i podatkowe implikacje strat poniesionych na skutek ataku ransomware, ze szczególnym uwzględnieniem zapłaty okupu

Exploring Knowledge Leakage Risk in Knowledge-Intensive Organisations: behavioural aspects and key controls

Knowledge leakage poses a critical risk to the competitive advantage of knowledge-intensive organisations. Although knowledge leakage is a human-centric security issue, little is known about leakage resulting from individual behaviour and the protective strategies and controls that could be effective in mitigating leakage risk. Therefore, this research explores the perspectives of security practitioners on the key factors that influence knowledge leakage risk in the context of knowledge-intensive organisations. We conduct two focus groups to explore these perspectives. The research highlights three types of behavioural controls that mitigate the risk of knowledge leakage: human resource management practices, knowledge security training and awareness practices, and compartmentalisation practices

Mitigating BYOD Information Security Risks

Organisations that allow employees to Bring Your Own Device (BYOD) in the workplace trade off the convenience of allowing employees to use their own device against higher risks to the confidentiality, integrity, and availability of organisational information assets. While BYOD is a well-defined and accepted trend in some organisations, there is little research on how policies can address the information security risks posed by BYOD. This paper reviews the extant literature and develops a comprehensive list of information security risks that are associated with allowing BYOD in organisations. This list is then used to evaluate five BYOD policy documents to determine how comprehensively BYOD information security risks are addressed. The outcome of this research shows that of the 13 identified BYOD risks, only 8 were adequately addressed by most of the organisations

Phishing in email and instant messaging

Abstract. Phishing is a constantly evolving threat in the world of information security that affects everyone, no matter if you’re a retail worker or the head of IT in a large organisation. Because of this, this thesis aims to give the reader a good overview of what phishing is, and due to its prevalence in email and instant messaging, focuses on educating the reader on common signs and techniques used in phishing in the aforementioned forms of communication. The chosen research method is literature review, as it is the ideal choice for presenting an overview of a larger subject. As a result of the research, many common phishing signs and techniques in both email and instant messaging are presented. Some of these signs include strange senders, fake domain names and spellings mistakes. With this thesis, anyone looking to improve their understanding about phishing can do so in a way that is easy to understand. Some suggestions for future research are also presented based on this thesis’ shortcomings, namely the lack of studies on phishing in instant messaging

On Malfunction, Mechanisms and Malware Classification

Malware has been around since the 1980s and is a large and expensive security concern today, constantly growing over the past years. As our social, professional and financial lives become more digitalised, they present larger and more profitable targets for malware. The problem of classifying and preventing malware is therefore urgent, and it is complicated by the existence of several specific approaches. In this paper, we use an existing malware taxonomy to formulate a general, language independent functional description of malware as transformers between states of the host system and described by a trust relation with its components. This description is then further generalised in terms of mechanisms, thereby contributing to a general understanding of malware. The aim is to use the latter in order to present an improved classification method for malware

Mining Malware Specifications through Static Reachability Analysis

International audienceAbstract. The number of malicious software (malware) is growing out of control. Syntactic signature based detection cannot cope with such growth and manual construction of malware signature databases needs to be replaced by computer learning based approaches. Currently, a single modern signature capturing the semantics of a malicious behavior can be used to replace an arbitrarily large number of old-fashioned syntactical signatures. However teaching computers to learn such behaviors is a challenge. Existing work relies on dynamic analysis to extract malicious behaviors, but such technique does not guarantee the coverage of all behaviors. To sidestep this limitation we show how to learn malware signatures using static reachability analysis. The idea is to model binary programs using pushdown systems (that can be used to model the stack operations occurring during the binary code execution), use reachability analysis to extract behaviors in the form of trees, and use subtrees that are common among the trees extracted from a training set of malware files as signatures. To detect malware we propose to use a tree automaton to compactly store malicious behavior trees and check if any of the subtrees extracted from the file under analysis is malicious. Experimental data shows that our approach can be used to learn signatures from a training set of malware files and use them to detect a test set of malware that is 5 times the size of the training set

Malware: the never-ending arm race

"Antivirus is death"' and probably every detection system that focuses on a single strategy for indicators of compromise. This famous quote that Brian Dye --Symantec's senior vice president-- stated in 2014 is the best representation of the current situation with malware detection and mitigation. Concealment strategies evolved significantly during the last years, not just like the classical ones based on polimorphic and metamorphic methodologies, which killed the signature-based detection that antiviruses use, but also the capabilities to fileless malware, i.e. malware only resident in volatile memory that makes every disk analysis senseless. This review provides a historical background of different concealment strategies introduced to protect malicious --and not necessarily malicious-- software from different detection or analysis techniques. It will cover binary, static and dynamic analysis, and also new strategies based on machine learning from both perspectives, the attackers and the defenders

A Systematic Review of the Criminogenic Potential of Synthetic Biology and Routes to Future Crime Prevention

Synthetic biology has the potential to positively transform society in many application areas, including medicine. In common with all revolutionary new technologies, synthetic biology can also enable crime. Like cybercrime, that emerged following the advent of the internet, biocrime can have a significant effect on society, but may also impact on peoples' health. For example, the scale of harm caused by the SARS-CoV-2 pandemic illustrates the potential impact of future biocrime and highlights the need for prevention strategies. Systematic evidence quantifying the crime opportunities posed by synthetic biology has to date been very limited. Here, we systematically reviewed forms of crime that could be facilitated by synthetic biology with a view to informing their prevention. A total of 794 articles from four databases were extracted and a three-step screening phase resulted in 15 studies that met our threshold criterion for thematic synthesis. Within those studies, 13 exploits were identified. Of these, 46% were dependent on technologies characteristic of synthetic biology. Eight potential crime types emerged from the studies: bio-discrimination, cyber-biocrime, bio-malware, biohacking, at-home drug manufacturing, illegal gene editing, genetic blackmail, and neuro-hacking. 14 offender types were identified. For the most commonly identified offenders (>3 mentions) 40% were outsider threats. These observations suggest that synthetic biology presents substantial new offending opportunities. Moreover, that more effective engagement, such as ethical hacking, is needed now to prevent a crime harvest from developing in the future. A framework to address the synthetic biology crime landscape is proposed

A taxonomy for threat actors' persistence techniques

[EN] The main contribution of this paper is to provide an accurate taxonomy for Persistence techniques, which allows the detection of novel techniques and the identification of appropriate countermeasures. Persistence is a key tactic for advanced offensive cyber operations. The techniques that achieve persistence have been largely analyzed in particular environments, but there is no suitable platform¿agnostic model to structure persistence techniques. This lack causes a serious problem in the modeling of activities of advanced threat actors, hindering both their detection and the implementation of countermeasures against their activities. In this paper we analyze previous work in this field and propose a novel taxonomy for persistence techniques based on persistence points, a key concept we introduce in our work as the basis for the proposed taxonomy. Our work will help analysts to identify, classify and detect compromises, significantly reducing the amount of effort needed for these tasks. It follows a logical structure that can be easy to expand and adapt, and it can be directly used in commonly accepted industry standards such as MITRE ATT&CK.Villalón-Huerta, A.; Marco-Gisbert, H.; Ripoll-Ripoll, I. (2022). A taxonomy for threat actors' persistence techniques. Computers & Security. 121:1-14. https://doi.org/10.1016/j.cose.2022.10285511412