DDoS-Capable IoT Malwares: comparative analysis and Mirai Investigation

The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far

Convergence towards a European strategic culture? A constructivist framework for explaining changing norms.

The article contributes to the debate about the emergence of a European strategic culture to underpin a European Security and Defence Policy. Noting both conceptual and empirical weaknesses in the literature, the article disaggregates the concept of strategic culture and focuses on four types of norms concerning the means and ends for the use of force. The study argues that national strategic cultures are less resistant to change than commonly thought and that they have been subject to three types of learning pressures since 1989: changing threat perceptions, institutional socialization, and mediatized crisis learning. The combined effect of these mechanisms would be a process of convergence with regard to strategic norms prevalent in current EU countries. If the outlined hypotheses can be substantiated by further research the implications for ESDP are positive, especially if the EU acts cautiously in those cases which involve norms that are not yet sufficiently shared across countries

Controllability and Persistence of Money Market Rates along the Yield Curve: Evidence from the Euro Area

Controllability of longer-term interest rates requires that the persistence of their deviations from the central bank's policy rate (i.e. the policy spreads) remains suciently low. This paper applies fractional integration techniques to assess the persistence of policy spreads of euro area money market rates along the yield curve. Independently from anticipated policy rate changes, there is strong evidence for all maturities that policy spreads exhibit long memory. We show that recent changes in the operational framework and the communication strategy of the European Central Bank have significantly decreased the persistence of euro area policy spreads and, thus, have enhanced the central bank's influence on longer-term money market rates.Long memory and fractional integration, controllability and persistence of interest rates, new operational framework of the ECB

Defending cache memory against cold-boot attacks boosted by power or EM radiation analysis

Some algorithms running with compromised data select cache memory as a type of secure memory where data is confined and not transferred to main memory. However, cold-boot attacks that target cache memories exploit the data remanence. Thus, a sudden power shutdown may not delete data entirely, giving the opportunity to steal data. The biggest challenge for any technique aiming to secure the cache memory is performance penalty. Techniques based on data scrambling have demonstrated that security can be improved with a limited reduction in performance. However, they still cannot resist side-channel attacks like power or electromagnetic analysis. This paper presents a review of known attacks on memories and countermeasures proposed so far and an improved scrambling technique named random masking interleaved scrambling technique (RM-ISTe). This method is designed to protect the cache memory against cold-boot attacks, even if these are boosted by side-channel techniques like power or electromagnetic analysis.Postprint (author's final draft

Towards understanding and mitigating attacks leveraging zero-day exploits

Zero-day vulnerabilities are unknown and therefore not addressed with the result that they can be exploited by attackers to gain unauthorised system access. In order to understand and mitigate against attacks leveraging zero-days or unknown techniques, it is necessary to study the vulnerabilities, exploits and attacks that make use of them. In recent years there have been a number of leaks publishing such attacks using various methods to exploit vulnerabilities. This research seeks to understand what types of vulnerabilities exist, why and how these are exploited, and how to defend against such attacks by either mitigating the vulnerabilities or the method / process of exploiting them. By moving beyond merely remedying the vulnerabilities to defences that are able to prevent or detect the actions taken by attackers, the security of the information system will be better positioned to deal with future unknown threats. An interesting finding is how attackers exploit moving beyond the observable bounds to circumvent security defences, for example, compromising syslog servers, or going down to lower system rings to gain access. However, defenders can counter this by employing defences that are external to the system preventing attackers from disabling them or removing collected evidence after gaining system access. Attackers are able to defeat air-gaps via the leakage of electromagnetic radiation as well as misdirect attribution by planting false artefacts for forensic analysis and attacking from third party information systems. They analyse the methods of other attackers to learn new techniques. An example of this is the Umbrage project whereby malware is analysed to decide whether it should be implemented as a proof of concept. Another important finding is that attackers respect defence mechanisms such as: remote syslog (e.g. firewall), core dump files, database auditing, and Tripwire (e.g. SlyHeretic). These defences all have the potential to result in the attacker being discovered. Attackers must either negate the defence mechanism or find unprotected targets. Defenders can use technologies such as encryption to defend against interception and man-in-the-middle attacks. They can also employ honeytokens and honeypots to alarm misdirect, slow down and learn from attackers. By employing various tactics defenders are able to increase their chance of detecting and time to react to attacks, even those exploiting hitherto unknown vulnerabilities. To summarize the information presented in this thesis and to show the practical importance thereof, an examination is presented of the NSA's network intrusion of the SWIFT organisation. It shows that the firewalls were exploited with remote code execution zerodays. This attack has a striking parallel in the approach used in the recent VPNFilter malware. If nothing else, the leaks provide information to other actors on how to attack and what to avoid. However, by studying state actors, we can gain insight into what other actors with fewer resources can do in the future

Monetary Policy Implementation and Overnight Rate Persistence

Overnight money market rates are the predominant operational target of monetary policy. As a consequence, central banks have re- designed the implementation of monetary policy to keep the deviations of the overnight rate from the key policy rate small and short-lived. This paper uses fractional integration techniques to explore how the operational framework of four major central banks affects the persis- tence of overnight rates. Our results suggest that a well-communicated and transparent interest rate target of the central bank is a particu- larly important condition for a low degree of overnight rate persistence.Controllability and Persistence of Interest Rates; Oper- ational Framework of Central Banks; Long Memory and Fractional Integration