An Analysis of Faculty and Staff\u27s Identification of Malware Threats

This document presents findings related to faculty and staff member’s ability to identify malware threats. This study involved discovering the most common incidents of malware threats to higher education systems. From this research, eight categories of malware were identified to be the most common threats to higher education systems. This document also describes the impact of malware intrusions on higher education systems to emphasis the importance of recognizing malware threats. Faculty and staff members at a midsize southeastern university were presented with realistic scenarios to determine the ability to identify malware threats. The results indicate malware categories such as virus, Trojan, browser hijacker, adware, and ransomware were identifiable by faculty and staff. Additionally, the findings demonstrate malware threats in the worm, spyware, and rootkit categories were difficult for faculty and staff members to identify. A recommendation for educating faculty and staff members to better identify malware threats in the less identified categories was proposed to help mitigate future malware intrusions. Future recommendations include investigating new types of malware risks and students’ awareness, or recognition of malware threats and solutions for mitigating these risks

A review of Two Factor Authentication Security Challenges in the Cyberspace

Today, single-factor authentication, e.g. Passwords, is no longer considered secure on the cyberspace and electronic learning environment. With the advancement of technology, passwords are becoming easier for cyber-attacks to forcibly test and eventually guess passwords or harvest them with technologies such as keystroke loggers. Two factor Authentication (2FA) has been recently introduced to overcome this problem by providing an additional layer of security using secondary means (ownership factor or inherent factor), however, the users of 2FA are still facing challenges such as delays in receiving SMS codes, expiry of codes before use, burden of carrying hardware tokens all the time and in some instances payment for incoming SMS. A review of literature on studies conducted on two factor authentication security issues and challenges is done in this paper. The paper concludes that 2FA has a number of challenges ranging from the cost of manufacturing tokens, maintaining codes, distribution of millions of tokens to users and delays in receiving verification codes. Therefore, based on the findings, the study recommends that other studies be conducted on an alternative multifactor authentication schemes that are easy to use and will protect users in an appropriate manner

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

Case Study in Enterprise Risk Management: Happy Tails, Inc.

Enterprise risk management is a necessity for businesses in today’s marketplace. Firms that are unaware of risks they are facing often find themselves in unexpected trouble. The field of enterprise risk management has been growing since the 1990s as an effort to minimize the costs that risk imposes on firms. In this case study, I identified risks for Happy Tails, Inc. and recommended various techniques to manage the risks. I found that not only does Happy Tails face many of the same major risks faced by most firms in the marketplace today, but it also faces some unique risks due to its corporate structure and line of business. This thesis highlights several of the most significant risks for Happy Tails, Inc. and recommends various risk management techniques to minimize the cost of risk for the firm

Developing a state of the art methodology and toolkit for ICS SCADA forensics

Supervisory Control and Data Acquisition (SCADA) systems are used in different Critical National Infrastructure (CNI), including Electric Power, Oil & Gas, Manufacturing, Utility, Transportation services and others. The underpinning control systems have unique characteristics such as being real-time and safety critical. Therefore interference and disruption of the services from cyber attack poses a significant risk to; the environment, properties, economies and human lives. Responding to such events in not trivial, and recovering the required forensic evidence to understand the cause and consequence of such an event is key. Further, developing a suitable incident response methodology to identify evidential artefacts of the causes of disruption is crucial, should security mechanisms fail. In this paper we present the state of the art methodology forensic toolkit for cyber incident response on Industrial Control System (ICS) environment of SCADA plus evaluate the applicability of current IT forensic tools and the requirements of an 'ICS forensic toolbag'. The research work presents an experimental case study of a malware USB device based attack, a man in the middle attack and a remote access attack

On the malware detection problem : challenges and novel approaches

Orientador: André Ricardo Abed GrégioCoorientador: Paulo Lício de GeusTese (doutorado) - Universidade Federal do Paraná, Setor de Ciências Exatas, Programa de Pós-Graduação em Informática. Defesa : Curitiba,Inclui referênciasÁrea de concentração: Ciência da ComputaçãoResumo: Software Malicioso (malware) é uma das maiores ameaças aos sistemas computacionais atuais, causando danos à imagem de indivíduos e corporações, portanto requerendo o desenvolvimento de soluções de detecção para prevenir que exemplares de malware causem danos e para permitir o uso seguro dos sistemas. Diversas iniciativas e soluções foram propostas ao longo do tempo para detectar exemplares de malware, de Anti-Vírus (AVs) a sandboxes, mas a detecção de malware de forma efetiva e eficiente ainda se mantém como um problema em aberto. Portanto, neste trabalho, me proponho a investigar alguns desafios, falácias e consequências das pesquisas em detecção de malware de modo a contribuir para o aumento da capacidade de detecção das soluções de segurança. Mais especificamente, proponho uma nova abordagem para o desenvolvimento de experimentos com malware de modo prático mas ainda científico e utilizo-me desta abordagem para investigar quatro questões relacionadas a pesquisa em detecção de malware: (i) a necessidade de se entender o contexto das infecções para permitir a detecção de ameaças em diferentes cenários; (ii) a necessidade de se desenvolver melhores métricas para a avaliação de soluções antivírus; (iii) a viabilidade de soluções com colaboração entre hardware e software para a detecção de malware de forma mais eficiente; (iv) a necessidade de predizer a ocorrência de novas ameaças de modo a permitir a resposta à incidentes de segurança de forma mais rápida.Abstract: Malware is a major threat to most current computer systems, causing image damages and financial losses to individuals and corporations, thus requiring the development of detection solutions to prevent malware to cause harm and allow safe computers usage. Many initiatives and solutions to detect malware have been proposed over time, from AntiViruses (AVs) to sandboxes, but effective and efficient malware detection remains as a still open problem. Therefore, in this work, I propose taking a look on some malware detection challenges, pitfalls and consequences to contribute towards increasing malware detection system's capabilities. More specifically, I propose a new approach to tackle malware research experiments in a practical but still scientific manner and leverage this approach to investigate four issues: (i) the need for understanding context to allow proper detection of localized threats; (ii) the need for developing better metrics for AV solutions evaluation; (iii) the feasibility of leveraging hardware-software collaboration for efficient AV implementation; and (iv) the need for predicting future threats to allow faster incident responses