Finding evidence of wordlists being deployed against SSH Honeypots - implications and impacts

This paper is an investigation focusing on activities detected by three SSH honeypots that utilise Kippo honeypot software. The honeypots were located on the same /24 IPv4 network and configured as identically as possible. The honeypots used the same base software and hardware configurations. The data from the honeypots were collected during the period 17th July 2012 and 26th November 2013, a total of 497 active day periods. The analysis in this paper focuses on the techniques used to attempt to gain access to these systems by attacking entities. Although all three honeypots are have the same configuration settings and are located on the same IPv4 /24 subnet work space, there is a variation between the numbers of activities recorded on each honeypots. Automated password guessing using wordlists is one technique employed by cyber criminals in attempts to gain access to devices on the Internet. The research suggests there is wide use of automated password tools and wordlists in attempts to gain access to the SSH honeypots, there are also a wide range of account types being probed

The convergence of IT and OT in critical infrastructure

Automation and control systems, such as SCADA (Supervisory Control and Data Acquisition), DCS (Distributed Control Systems) and are often referred to as Operational Technology (OT). These systems are used to monitor and control critical infrastructures such as power, pipelines, water distribution, sewage systems and production control,). Traditionally, these OT systems have had a degree of physical separation from Information Technology (IT) infrastructures. With changing technologies and a drive towards data-driven and remote operations the two technology environments are starting to converge. With this convergence, what was a relatively standalone secure and isolated environment is now connected and accessible via the Internet/cloud. With this interconnection comes the cyber security challenges that are typically associated with only with IT infrastructures. OT data that is then accessible from these environments could include critical information such as pressures, temperatures, proximity levels, control signals and other sensor signals. Due to the aforementioned convergence, OT data and associated control mechanisms are now significantly vulnerable to cyber-attacks. This paper provides an understanding of cyber security in an operational technology context (rather than traditional IT environments) and discusses the underlying causes, vulnerabilities, and the risks that are created by convergence and interconnection. We report on evidence of convergence between IT and OT, and use Hofstede’s model of organisational culture to explain the different attitudes and value drivers in IT and OT

A profile of prolonged, persistent SSH attack on a Kippo Based Honeynet

This paper is an investigation focusing on activities detected by SSH honeypots that utilised kippo honeypot software. The honeypots were located across a variety of geographical locations and operational platforms. The honeynet has suffered prolonged, persistent and attack from a /24 network which appears to be of Chinese geographical origin. In addition to these attacks, other attackers have been successful in compromising real hosts in a wide range of other countries that were subsequently involved in attacking the honeypot machines in the honeynet

Entering the Era of Dark Matter Astronomy? Near to Long-Term Forecasts in X-Ray and Gamma-Ray Bands

We assess Galactic Dark Matter (DM) sensitivities to photons from annihilation and decay using the spatial and kinematic information determined by state-of-the-art simulations in the Latte suite of Feedback In Realistic Environments (FIRE-2). For kinematic information, we study the energy shift pattern of DM narrow emission lines predicted in FIRE-2 and discuss its potential as DM-signal diagnosis, showing for the first time the power of symmetric observations around $l=0^{\circ}$. We find that the exposures needed to resolve the line separation of DM to gas by XRISM at $5\sigma$ to be large, $\gtrsim 4$ Ms, while exposures are smaller for Athena ($\lesssim 50$ ks) and Lynx ($\lesssim 100$ ks). We find that large field-of-view exposures remain the most sensitive methods for detection of DM annihilation or decay by the luminosity of signals in the field of view dominating velocity information. The $\sim$4 sr view of the Galactic Center region by the Wide Field Monitor (WFM) aboard the eXTP mission will be highly sensitive to DM signals, with a prospect of $\sim 10^5$ to $10^6$ events from the 3.5 keV line in a 100 ks exposure, with the range dependent on photon acceptance in WFM's field of view. We also investigate detailed all-sky luminosity maps for both DM annihilation and decay signals - evaluating the signal-to-noise for a DM detection with realistic X-ray and gamma-ray backgrounds - as a guideline for what could be a forthcoming era of DM astronomy.Comment: 18 pages, 12 figures, 1 table. Estimate for eXTP S/N revised, typo on Athena exposure corrected, text improve

Patterns and patter - An investigation into SSH activity using Kippo Honeypots

This is an investigation of the activity detected on three honeypots that utilise the Kippo SSH honeypot system on VPS servers all on the same C class address. The systems ran on identical software bases and hardware configurations. The results are over the period 21st March 2013 until Tuesday 04 June 2013. The initial analysis covered in this paper examines behaviours and patterns detected of the attacking entities. The attack patterns were not consistent and there was large disparity in numbers and magnitude of attacks on all hosts. Some of these issues are explored in the paper

Small to Medium Enterprise Cyber Security Awareness: An Initial Survey of Western Australian Business

Small to Medium Enterprises (SMEs) represent a large proportion of a nation’s business activity. There are studies and reports reporting the threat to business from cyber security issues resulting in computer hacking that achieve system penetration and information compromise. Very few are focussed on SMEs. Even fewer are focussed on directly surveying the actual SMEs themselves and attempts to improve SME outcomes with respect to cyber security. This paper represents research in progress that outlines an approach being undertaken in Western Australia with SMEs in the northwest metropolitan region of Perth, specifically within the large local government catchments of Joondalup and Wanneroo. The high order goal of the project was to assist with measures to improve their cyber security resilience and resistance to threats. This paper documents outcomes of an initial survey of SMEs and its implications for interventions to improve information security and make the businesses less susceptible to computer hacking incidents

Why penetration testing is a limited use choice for sound cyber security practice

Penetration testing of networks is a process that is overused when demonstrating or evaluating the cyber security posture of an organisation. Most penetration testing is not aligned with the actual intent of the testing, but rather is driven by a management directive of wanting to be seen to be addressing the issue of cyber security. The use of penetration testing is commonly a reaction to an adverse audit outcome or as a result of being penetrated in the first place. Penetration testing used in this fashion delivers little or no value to the organisation being tested for a number of reasons. First, a test is only as good as the tools, the tester and the methodology being applied. Second, the results are largely temporal. That is, the test will likely only find known vulnerabilities that exist at one specific point in time and not larger longitudinal flaws with the cyber security of an organisation, one such flaw commonly being governance. Finally, in many cases, one has to question what the point is in breaking the already broken. Penetration testing has its place when used judiciously and as part of an overall review and audit of cyber security. It can be an invaluable tool to assess the ability of a system to survive a sustained attack if properly scoped and deployed. However, it is our assessment and judgement that this rarely occurs

Exchanging demands: Weaknesses in SSL implementations for mobile platforms

The ActiveSync protocol’s implementation on some embedded devices leaves clients vulnerable to unauthorised remote policy enforcement. This paper discusses a proof of concept attack against the implementation of ActiveSync in common Smart phones including Android devices and iOS devices. A two‐phase approach to exploiting the ActiveSync protocol is introduced. Phase 1 details the usage of a man‐in‐the‐middle attack to gain a vantage point over the client device, whilst Phase 2 involves spoofing the server‐side ActiveSync responses to initiate the unauthorised policy enforcement. These vulnerabilities are demonstrated by experiment, highlighting how the system can be exploited to perform a remote factory reset upon an Exchange‐integrated Smart phone

Single-boson exchange decomposition of the vertex function

We present a decomposition of the two-particle vertex function of the single-band Anderson impurity model which imparts a physical interpretation of the vertex in terms of the exchange of bosons of three flavors. We evaluate the various components of the vertex for an impurity model corresponding to the half-filled Hubbard model within dynamical mean-field theory. For small values of the interaction almost the entire information encoded in the vertex function corresponds to single-boson exchange processes, which can be represented in terms of the Hedin three-leg vertex and the screened interaction. Also for larger interaction, the single-boson exchange still captures scatterings between electrons and the dominant low-energy fluctuations and provides a unified description of the vertex asymptotics. The proposed decomposition of the vertex does not require the matrix inversion of the Bethe-Salpeter equation. Therefore, it represents a computationally lighter and hence more practical alternative to the parquet decomposition

Fungal infection in plant leaves-A Review

The primary resource of a country is agriculture and crop production. The economic development of the country also resides on the agricultural products which ultimately determines the growth of the citizen. The major crisis in food production is the influence of diseases in plants. This ultimately abolish the economy of the country, as major portion of progress of the nation is dependent on agriculture and its products. The challenges faced by the farmers are the unawareness of the various diseases that affects different parts of the plants. They should be able to identify the early infection caused in plants by different pathogens like bacteria, fungi, virus etc., Main disease-causing agent is found to be the fungus which was the vital factor that produce serious loss in the agriculture. Again, the pesticides and fertilizers used by the agriculturist changes to be hazardous for human beings and wild life species. This problem should be considered as a chief calamity and an alternate measure must be found to support the cultivators. An innovative step adopted by the researchers are prompt detection of the diseases using machine learning and deep learning algorithms. These algorithms use different image processing techniques and computer vision process to classify the disease in plant parts at an earlier stage. This paper provides a detailed review on the fungal infection caused in plant leaves and its identification using deep learning methodology