Improving the Stealthiness of DNS-Based Covert Communication

At present, the recommended stance to take regarding Cyber Security is to assume a state of compromise. With the increase in Bring Your Own Device (BYOD), the Internet of Things (IOT) and Advanced Persistent Threats (ATPs), network boundaries have become porous and difficult to defend from external threats. Modern malware is complex and adept at making its presence hard to detect. Recent studies have shown that some malware variants are capable of using multiple covert communication channels for command and control (C2) and data exfiltration activities. Examples of this level of covert communication can be found in malware that targets Point of Sale (POS) systems and it has been hugely successful in exfiltrating large amounts of valuable payment information that can be sold on the black market. In the vast majority of cases, malware needs to communicate with some control mechanism or human controller in order to coordinate attacks, maintain lists of compromised machines and to exfiltrate data. There are many channels that malware can use for its communication. However, in recent times there has been an increase in malware that uses the Domain Name System (DNS) for communications in some shape or form. The work carried out in this paper explores the extent to which DNS can be used as a covert communication channel by examining a number of advanced approaches that can be used to increase the stealthy nature of DNS-based covert channels. Our work describes techniques that can be used to shadow legitimate network traffic by observing network packets leaving a host machine (piggybacking), the use of statistical modelling such as the Poisson distribution and a dynamic Poisson distribution model that can be used to further conceal malicious DNS activity within a network. The results obtained from this work show that current DNS-based C2 and data exfiltration approaches employed by malware have considerable room for improvement which suggests that DNS-based covert communication will remain a realistic threat into the future

Detection of DNS Based Covert Channels

Information theft or data exfiltration, whether personal or corporate, is now a lucrative mainstay of cybercrime activity. Recent security reports have suggested that while information, such as credit card data is still a prime target, other data such as corporate secrets, employee files and intellectual property are increasingly sought after on the black market. Malicious actors that are intent on exfiltrating valuable data, usually employ some form of Advanced Persistent Threat (APT) in order to exfiltrate large amounts of data over a long period of time with a high degree of covertness. Botnets are prime examples of APTs that are usually established on targeted systems through malware or exploit kits that leverage system vulnerabilities. Once established, Botnets rely on covert command and control (C&C) communications with a central server, this allows a malicious actor to keep track of compromised systems and to send out instructions for compromised systems to do their biding. Covert channels provide an ideal mechanism for data exfiltration and the exchange of command and control messages that are essential to a Botnets effectiveness. Our work focuses on one particular form of covert channel that enables communication of hidden messages over normal Domain Name Server (DNS) network traffic. Covert channels based on DNS traffic are of particular interest, as DNS requests are an essential part of most Internet traffic and as a result are rarely filtered or blocked by firewalls. As part of our work we have created a test bed system that uses a covert DNS channel to exfiltrate data from a compromised host. Using this system we have carried out network traffic analysis that uses baseline comparisons as a means to fingerprint covert DNS activity. Even though detection of covert DNS activity is relatively straightforward, there is anecdotal evidence to suggest that most organisations do not filter or pay enough attention to DNS traffic and are therefore susceptible to data exfiltration attacks once a host on their network has been compromised. Our work shows that freely available covert DNS tools have particular traffic signatures that can be detected in order to mitigate data exfiltration and C&C traffic

Be Aware with a Honeypot

The Internet has already become a hostile environment for computers, especially when they are directly connected with a public IP address. We have experienced this hostile activity where on an average day; the ITB Honeypot recorded over a thousand reconnaissance attacks seeking unauthorised entry onto our private network. Our Honeypot is a basic PC running Windows XP with no services offered and no activity from users that would generate traffic. The Honeypot is running in a passive state on a stub-network where all inbound and outbound traffic is recorded at the bridging computer to the WAN. We report on the majority of scans and vulnerability attacks that were used and investigate the processes that targeted vulnerable ports and access points on the network

Effects of montmorency tart cherry (L. Prunus Cerasus ) consumption on nitric oxide biomarkers and exercise performance

The purpose of this study was to investigate the effects of Montmorency tart cherry juice (MC) on nitric oxide (NO) biomarkers, vascular function, and exercise performance. In a randomized, double‐blind, placebo (PLA)‐controlled, crossover study, 10 trained cyclists (mean ± SD; VO2peak 59.0 ± 7.0 mL/kg/min) acutely ingested 30 mL of either MC or PLA following dietary restrictions of polyphenol‐rich compounds and completed 6‐minutes moderate‐ and severe‐intensity cycling bouts 1.5 hour post‐ingestion on 2 occasions for each experimental condition. The severe‐intensity cycling test was continued to exhaustion on 1 occasion and immediately followed by a 60‐seconds all‐out sprint on the other occasion. Blood pressure, pulse wave measures, tissue oxygenation index, and plasma nitrite concentration were assessed pre‐ and 1.5 hour post‐ingestion. Time to exhaustion was not different between conditions (P > .05), but peak power over the first 20 seconds (363 ± 42 vs 330 ± 26 W) and total work completed during the 60‐seconds all‐out sprint (21 ± 3 vs 19 ± 3 kJ) were 10% higher in the MC trial compared to the PLA trial (P .05). These results suggest that acute supplementation with MC can lower blood pressure and improve some aspects of exercise performance, specifically end‐sprint performance, in trained cyclists

Intervener trustworthiness predicts cooperation with conservation interventions in an elephant conflict public goods game

Conservation conflicts exist in complex socio‐ecological systems and are damaging to both people and wildlife. There is much interest in designing interventions to manage them more effectively, but the importance of who does the intervening remains underexplored. In particular, conflicts are influenced by perceptions of the trustworthiness of natural resource managers and conservation organizations. However, experimental studies of how the different facets of trustworthiness shape responses to interventions are rare in conflict settings. We develop an experimental, framed public goods game to test how support for otherwise identical elephant conflict interventions varies with perceptions of the trustworthiness of two different intervening groups—a community group or a conservation organization—and compare game behaviour to pre‐ and post‐game interviews. Results from three agro‐pastoral communities (n = 212 participants) in northern Tanzania show that participants cooperate more with interveners they perceive to be more trustworthy. Results also suggest that different aspects of trustworthiness matter differentially—with perceptions of interveners' integrity and benevolence more strongly predicting cooperation than perceptions of their ability. The findings suggest that trust‐building and greater consideration of who is best placed to intervene in conflicts may help improve natural resource management and increase stakeholder support for conservation interventions. This study also further demonstrates how experimental games offer opportunities to test behaviour change interventions and help to inform evidence‐based conservation

Aesthetics and management: bridging the gap

It is possible to identify two relatively independent and distinct perspectives on what is valuable in the visual landscape. On the one hand there is the procedure for assessing visual quality which is utilized in one form or another by the various American land management agencies. An alternative approach is represented by the scholarly study of landscape aesthetics, a perspective which has its roots in the early 1700's in English literature, and has continued and evolved into its modern form. Inherent in this aesthetic study is the belief that the aesthetic qualities of landscapes are related to the informational and functional needs of humans. There is considerable value in using this traditional approach as a basis for improving current visual asessment processes. In order for this to occur, however, it must be possible to translate the rich information provided by the traditional approach into a mapped informational form that is compatible with the current visual assessment and management techniques. The effort to develop such a translation has focused on aspects of landform and land cover that might indicate the presence of such conceptual visual properties of the landscape as coherence, legibility and mystery. Initial steps to apply and test this translation have been taken, with promising results. The methodology used in these initial studies is relatively straightforward and widely applicable. Given the importance of the challenge and the encouragement of the preliminary results, it is hoped that others concerned with the fate of the landscape will be stimulated to apply these methods to their own landscape contexts.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/26309/1/0000394.pd

Differentiation Therapy Targeting the β-Catenin/CBP Interaction in Pancreatic Cancer.

BACKGROUND:Although canonical Wnt signaling is known to promote tumorigenesis in pancreatic ductal adenocarcinoma (PDAC), a cancer driven principally by mutant K-Ras, the detailed molecular mechanisms by which the Wnt effector β-catenin regulates such tumorigenesis are largely unknown. We have previously demonstrated that β-catenin's differential usage of the Kat3 transcriptional coactivator cyclic AMP-response element binding protein-binding protein (CBP) over its highly homologous coactivator p300 increases self-renewal and suppresses differentiation in other types of cancer. AIM/METHODS:To investigate Wnt-mediated carcinogenesis in PDAC, we have used the specific small molecule CBP/β-catenin antagonist, ICG-001, which our lab identified and has extensively characterized, to examine its effects in human pancreatic cancer cells and in both an orthotopic mouse model and a human patient-derived xenograft (PDX) model of PDAC. RESULTS/CONCLUSION:We report for the first time that K-Ras activation increases the CBP/β-catenin interaction in pancreatic cancer; and that ICG-001 specific antagonism of the CBP/β-catenin interaction sensitizes pancreatic cancer cells and tumors to gemcitabine treatment. These effects were associated with increases in the expression of let-7a microRNA; suppression of K-Ras and survivin; and the elimination of drug-resistant cancer stem/tumor-initiating cells

Effects of montmorency tart cherry (L. Prunus Cerasus) consumption on nitric oxide biomarkers and exercise performance

The purpose of this study was to investigate the effects of Montmorency tart cherry juice (MC) on nitric oxide (NO) biomarkers, vascular function and exercise performance. In a randomized, double blind, placebo (PLA) – controlled, crossover study, 10 trained cyclists (mean ± SD; V̇O2peak 59.0 ± 7.0 ml/kg/min) acutely ingested 30 mL of either MC or PLA following dietary restrictions of polyphenol‐rich compounds, and completed 6 min moderate‐ and severe‐intensity cycling bouts 1.5 h post ingestion on two occasions for each experimental condition. The severe‐intensity cycling test was continued to exhaustion on one occasion and immediately followed by a 60 s all‐out sprint on the other occasion. Blood pressure, pulse wave measures, tissue oxygenation index and plasma nitrite concentration were assessed pre and 1.5 h post ingestion. Time to exhaustion was not different between conditions (P > 0.05), but peak power over the first 20 s (363 ± 42 vs. 330 ± 26 W) and total work completed during the 60 s all‐out sprint (21 ± 3 vs. 19 ± 3 kJ) were 10% higher in the MC trial compared to the PLA trial (P 0.05). These results suggest that acute supplementation with MC can lower blood pressure and improve some aspects of exercise performance, specifically end‐sprint performance, in trained cyclists

The interaction of Epstein-Barr virus encoded transcription factor EBNA2 with multiple sclerosis risk loci is dependent on the risk genotype

Background: Epstein-Barr virus (EBV) infection may be necessary for the development of Multiple sclerosis (MS). Earlier we had identified six MS risk loci that are co-located with binding sites for the EBV transcription factor Epstein-Barr Nuclear Antigen 2 (EBNA2) in EBV-infected B cells (lymphoblastoid cell lines – LCLs). Methods: We used an allele-specific chromatin immunoprecipitation PCR assay to assess EBNA2 allelic preference. We treated LCLs with a peptide inhibitor of EBNA2 (EBNA2-TAT), reasoning that inhibiting EBNA2 function would alter gene expression at these loci if it was mediated by EBNA2. Findings: We found that EBNA2 binding was dependent on the risk allele for five of these six MS risk loci (p < 0·05). Treatment with EBNA2-TAT significantly altered the expression of TRAF3 (p < 0·05), CD40 (p < 0·001), CLECL1 (p <0·0001), TNFAIP8 (p < 0·001) and TNFRSF1A (p < 0·001). Interpretation: These data suggest that EBNA2 can enhance or reduce expression of the gene depending on the risk allele, likely promoting EBV infection. This is consistent with the concept that these MS risk loci affect MS risk through altering the response to EBNA2. Together with the extensive data indicating a pathogenic role for EBV in MS, this study supports targeting EBV and EBNA2 to reduce their effect on MS pathogenesis

Antigen stimulation of peripheral blood mononuclear cells from Mycobacterium bovis infected cattle yields evidence for a novel gene expression program

<p>Abstract</p> <p>Background</p> <p>Bovine tuberculosis (BTB) caused by <it>Mycobacterium bovis </it>continues to cause substantial losses to global agriculture and has significant repercussions for human health. The advent of high throughput genomics has facilitated large scale gene expression analyses that present a novel opportunity for revealing the molecular mechanisms underlying mycobacterial infection. Using this approach, we have previously shown that innate immune genes in peripheral blood mononuclear cells (PBMC) from BTB-infected animals are repressed <it>in vivo </it>in the absence of exogenous antigen stimulation. In the present study, we hypothesized that the PBMC from BTB-infected cattle would display a distinct gene expression program resulting from exposure to <it>M. bovis</it>. A functional genomics approach was used to examine the immune response of BTB-infected (<it>n </it>= 6) and healthy control (<it>n </it>= 6) cattle to stimulation with bovine tuberculin (purified protein derivative – PPD-b) <it>in vitro</it>. PBMC were harvested before, and at 3 h and 12 h post <it>in vitro </it>stimulation with bovine tuberculin. Gene expression changes were catalogued within each group using a reference hybridization design and a targeted immunospecific cDNA microarray platform (BOTL-5) with 4,800 spot features representing 1,391 genes.</p> <p>Results</p> <p>250 gene spot features were significantly differentially expressed in BTB-infected animals at 3 h post-stimulation contrasting with only 88 gene spot features in the non-infected control animals (<it>P </it>≤ 0.05). At 12 h post-stimulation, 56 and 80 gene spot features were differentially expressed in both groups respectively. The results provided evidence of a proinflammatory gene expression profile in PBMC from BTB-infected animals in response to antigen stimulation. Furthermore, a common panel of eighteen genes, including transcription factors were significantly expressed in opposite directions in both groups. Real-time quantitative reverse transcription PCR (qRT-PCR) demonstrated that many innate immune genes, including components of the TLR pathway and cytokines were differentially expressed in BTB-infected (<it>n </it>= 8) versus control animals (<it>n </it>= 8) after stimulation with bovine tuberculin.</p> <p>Conclusion</p> <p>The PBMC from BTB-infected animals exhibit different transcriptional profiles compared with PBMC from healthy control animals in response to <it>M. bovis </it>antigen stimulation, providing evidence of a novel gene expression program due to <it>M. bovis </it>exposure.</p