Comparative Analysis of Distinctive Features of the Ransomware Tactics in Relation to Other Malware

Ransomware have become a real threat to the use of technology. Unlike other forms of malware that could target systems by deleting or editing some files and creating backdoor for the attacker to access the system, ransomware have gone a notch higher by targeting humans. This is achieved when a ransomware encrypts data of the infected computer and a note demanding for a ransom to be paid is printed on the screen. Due to the advancement in technology, ransomware use advanced and secure encryption algorithm that is difficult to decrypt even when the computational power is not limited. In this work, we present some of the major behavioral characteristics that we found to be common with ransomware and not with other malware. Our results show that a careful analysis of suspicious network and file activities can help detect a ransomware attack. Further, careful analysis of ransomware behavior can help develop a system that can detect an impeding ransomware attack and thereby eliminate it

Supervisory Control and Data Acquisition (SCADA) System Forensics Based on the Modbus Protocol

Supervisory Control and Data Acquisition (SCADA) has been at the cored of Operational Technology (OT) used in industries and process plants to monitor and control critical processes, especially in the energy sector. In petroleum sub-sector, it has been used in monitoring transportation, storage and loading of petroleum products. It is linked to instruments that collect and monitor parameters such as temperature, pressure and product densities. It gives commands to actuators by the use of the application programs installed on the programmable logic controllers (PLCs). Earlier SCADA systems were isolated from the internet, hence protected by an airgap from attacks taking place on interconnected systems. The recent trend is that SCADA systems are becoming more integrated with other business systems using Internet technologies such as Ethernet and TCP/IP. However, TCP/IP and web technologies which are predominantly used by IT systems have become increasingly vulnerable to cyberattacks that are experienced by IT systems such as malwares and other attacks.  It is important to conduct vulnerability assessment of SCADA systems with a view to thwarting attacks that can exploit such vulnerabilities. Where the vulnerabilities have been exploited, forensic analysis is required so as to know what really happened. This paper reviews SCADA systems configuration, vulnerabilities, and attacks scenarios, then presents a prototype SCADA system and forensic tool that can be used on SCADA. The tool reads into the PLC memory and Wireshark has been to capture network communication between the SCADA system and the PLC

Identity Theft Mitigation in Kenyan Financial Sectors (SACCOs): Handwritten Signature Verification

The existence of identity theft in society has become a major concern due to the effects it causes to those that are affected by it, more especially in the financial sector. Thus this thesis establishes the existence of identity theft issues in the financial sector loan sections and proposes an algorithm that addresses the mitigation processes of identity theft by having the signatures on the loan forms verified using the implementation of the proposed algorithm, then the results are compared with the human experts verification that are done on a daily basis. From the qualitative data collected from the four SACCOs presented indicate the 93% of the respondents knew that forgery of one’s signature in the SACCO exists and from the 93%, 95% of them had been victims of identity theft and 50% of them knew it after deductions were been made from their accounts. The algorithm was implemented in a prototype that was used to test the signatures that were corrected from various individuals that belonged to various SACCOs. The prototype had successfully verified 80.1% of the test signatures and as expected the highest results from the four Human experts verification of forged signature was 8.3% indicating that they had indicated more signatures as originals. The prototype thus recorded an accuracy of 91.4% and a precision of 60.0%.

Smartphone as an Agent of Anti-forensics: A Case of Workplace Environment in Kenya

Computer anti-forensic techniques work to ensure that forensic evidence left behind after a digital crime is not easily uncovered by forensic investigators, if they are to uncover them, there will be a considerable delay. Smartphones have become a common device within an organization’s workforce where employees interact with highly confidential data that they access using their laptop computers at the workplace. This has led to the use of smartphones to commit digital crimes at the workplace.  The primary objective of this study is to find out whether the use of smartphones at workplace environment in Kenya may be exploited to advance activities that may derail forensic investigations in the event of a digital crime. We also set to establish data security risks within organization and other techniques and/or methods by which smartphones may be used to exfiltrate data. Finally, we shall analyze research areas that require further attention from researchers to enhance defense and guard against smartphones data exfiltration. To achieve these objectives, we shall implement and test an android mobile software prototype, developed using android studio to send data exfiltration attempt to a web-based user interface when an employee within an organization uploads data above a set authorized limit. We shall review existing literature to understand other techniques that may be used to exfiltrate data from organizations as well as analyze research areas that require further attention from researchers to enhance defense and guard against data exfiltration through smartphones usage. We collected a total of two thousand five hundred and eighty-four records of data exfiltration attempts from our eleven sampled population. Of these records, One thousand eight hundred and ninety-one happened in the evening hours while six hundred and seven in the afternoon hours, then finally, eighty-six records were registered in the morning hours.  In conclusion, the research study, has revealed that there exist challenges in reporting smartphone-based data exfiltration attempts while using the mobile-based software prototype.Data exfiltration attempts was observed to happen within organization’s workplace, with evening hours being the most affected by this vice with a figure of over one thousand data exfiltration attempts. We also noted that there exists, at least three categories of data security risks that organizations are exposed to when employees have their smartphones within the workplace. We recorded an additional eleven other techniques and methods by which a smartphone may be used to steal data from an organization