No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Phishing, Watering Holes, and Scareware
Abstract
As victim organizations and users have become more cautious and aware of certain cyber attacks, cyber threat actors have developed new, creative methods to circumvent technical countermeasures and user vigilance. This chapter explores how attackers use deception strategies and techniques to skillfully circumvent human defenses. The chapter first looks at spear phishing, particularly through the lens of conjuring methods of misdirection and attention control. Later in the chapter the discussion turns to a burgeoning attack method—watering hole attacks, or strategic web compromises—which shifts the attack vector away from targeting victim communication platforms, particularly email, to compromising web servers. This section introduces the watering hole attack deception chain and examines attackers’ implementation of passive misdirection techniques and persuasive technology principles to deceive victims. The final section revisits and summarizes how certain deception techniques are used to initiate and perpetuate psychologically vectored cyber attacks.
... It often says that threats have been found on the victim's computer and wants money to get rid of them. Even though it isn't as bad as some other types of malware, it can still be annoying and can sometimes let other types of malware in [11]. ...
This paper provides a comprehensive examination of ransomware behavior on Windows endpoints, exploring the intrusion mechanisms, proliferation methods, and the mitigating strategies that can be employed. It provides a comparative analysis of several ransomware families and their effects on Windows systems, culminating with suggestions for future research directions in enhancing endpoint security against ransomware attacks. In the wake of a rising number of ransomware attacks worldwide, epitomized by the damaging disruptions to the Colonial Pipeline and the Irish Health Service Executive, the persistent threat of ransomware to critical infrastructure has never been more apparent. While Windows endpoints remain primary targets, these attacks have also highlighted a less explored but crucial aspect of ransomware behavior: the exploitation of Application Programming Interface (API) calls integral to the Windows operating system. This comprehensive study provides an exhaustive investigation into the interplay between ransomware and Windows APIs, emphasizing the patterns of invocation and manipulative misuse by various ransomware families. By investigating specific API calls, such as the CryptEncrypt function in the Cryptography API for encryption, and the CreateFile and WriteFile functions in the File API for file system interaction, we illuminate the mechanisms by which ransomware carry out their damaging actions. Further, using the real-world examples drawn from the Colonial Pipeline and Irish Health Service Executive incidents, among others, the study shows how these API calls were manipulated during actual ransomware attacks. In these cases, ransomware like DarkSide and Conti used Windows APIs not just for the primary tasks of encryption and file system manipulation, but also for achieving network communication, maintaining persistence, and even thwarting detection. By presenting a comparative analysis of API call sequences in both benign and ransomware-infected Windows environments, this study serves as a critical exploration into the behavior of these malicious entities. The different patterns observed provide us with valuable insights into their operational strategies and offer opportunities for the development of detection heuristics. The insights derived from this research contribute significantly to our understanding of the behavior patterns of recent, high-profile ransomware attacks. In turn, this work aims to guide the evolution of more sophisticated, behavior-based detection mechanisms, thus strengthening the security posture of Windows endpoints. Ultimately, this study underscores the need for continuous research into API call patterns, as the cybersecurity landscape continues to face dynamic and increasingly sophisticated threats.
... Scareware can be defined as a type of SE attack that is based on human emotions, i.e., anxiety, shock, manipulation, etc. [28] . The attack uses human emotions to manipulate the user into installing malicious software. ...
As cybersecurity strategies become more robust and challenging, cybercriminals are mutating cyberattacks to be more evasive. Recent studies have highlighted the use of social engineering by criminals to exploit the human factor in an organization’s security architecture. Social engineering attacks exploit specific human attributes and psychology to bypass technical security measures for malicious acts. Social engineering is becoming a pervasive approach used for compromising individuals and organizations (is relatively more convenient to compromise a human compared to discovering a vulnerability in the security system). Social engineering-based cyberattacks are extremely difficult to counter as they do not follow specific patterns or approaches for conducting an attack, making them highly effective, efficient, easy, and obscure approaches for compromising any organization. To counter such attacks, a better understanding of the attack tactics is highly essential. Hence, this paper provides an in-depth analysis of the approaches used to conduct social engineering-based cyberattacks. This study discusses human vulnerabilities employed by criminals in recent security breaches. Further, the paper highlights the existing approaches, including machine learning-based methods, to counter social engineering-based cyberattacks.
... The various attacks that the e-governance sites are susceptible to are watering hole attack (Malin et al. 2017), Sybil attack (Vasudeva and Sood 2018), Replay attack (Farha and Chen 2018), Zero day (Tran et al. 2016), Black hole attack, grey hole attack (Tripathi et al. 2013), etc. E-Governance systems need ICT based network for executing the system properly, however, it is different from other online systems especially in-terms of security since legal information has to be protected from the users who are not eligible. If the system is stable, then it may also be used for a wide range of business transactions. ...
Different nations are striving to implement e-governance on a full scale. The major issue is the problem of secure transactions with high privacy. In order to make sure that the government is functioning properly, there must be a high level of transparency in the system with high accountability, integrity and confidentiality. The risks and challenges that arises by implementing the e-governance are chiefly because of the poor security in free WiFi networks which are given for accessing the e-services. Hence, researchers must develop methods and tools which can react to the attacks and defend themselves autonomously. This paper helps in analysis of few categories of cyber attacks using machine learning algorithms.
The social engineering attack is one of the most common forms of cyber-attacks. Attackers are using psychological tricks and more covert tactics to coerce victims into disclosing private information that belongs to them or that has been approved by authorities. Social skills are commonly employed to manipulate people by tricking, revealing, and acting upon them. This chapter discuss many types of social engineering assaults, the methodology for analyzing these attacks and data gathering methods utilized as case studies. This chapter also encompass the consequences, implications, legal and regulatory concerns, as well as strategies to mitigate them, such as awareness initiatives, security protocols, and technology remedies with contingency measures that are regularly utilized. The chapter finishes by providing insights and recommendations for organizations to enhance their security measures against social engineering assaults. It highlights the importance of maintaining constant awareness and adjusting cyber security defenses as necessary.
Ransomware attacks are currently one of cybersecurity's greatest and most alluring threats. Antivirus software is frequently ineffective against zero-day malware and ransomware attacks; consequently, significant network infections could result in substantial data loss. Such attacks are also becoming more dynamic and capable of altering their signatures, resulting in a race to the bottom regarding weaponry. Cryptographic ransomware exploits crypto-viral extortion techniques. The malware encrypts the victim's data and demands payment in exchange. The attacker would release the data decryption key after accepting payment. After data encryption, the user has two options: pay the ransom or lose the data. Cryptographic ransomware causes damage that is nearly impossible to undo. Detection at an early stage of a ransomware attack's lifecycle is vital for preventing unintended consequences for the victim. Most ransomware detection technologies concentrate on detection during encryption and post-attack stages. Due to the absence of early behaviour signs, it is challenging to detect ransomware before it begins the unwanted process of mass file encryption. This study examines the relationship between API calls pattern and their nature to determine whether it is ransomware early behaviour. The purpose of this paper is to determine whether this technique can be used to early detect the presence of ransomware activity on a Windows endpoint. 582 ransomware samples that consist of ten ransomware families and 942 benign software samples were analysed. This study proposed RENTAKA, a novel framework for the early detection of cryptographic ransomware. It makes use of characteristics acquired from ransomware behaviour and machine learning. This study presented an algorithm to generate a ransomware pre-encryption dataset. This study, which includes six machine-learning models, gives satisfactory results in detecting cryptographic ransomware. The features used in this research were among the 232 features identified in Windows API calls. Five standard machine learning classifiers were employed in this experiment: Naive Bayes, k-nearest neighbours (kNN), Support Vector Machines (SVM), Random Forest, and J48. In our tests, SVM fared the best, with an accuracy rate of 93.8% and an area under the curve (AUC) of 0.979, respectively. The results indicate that we can distinguish ransomware from benign applications with low false-positive and false-negative rates.
Conducting banking transactions via Online Banking is well established in today’s society. It is therefore not surprising that it is subject to frequent criminal attacks which lead to high economic damage. The so-called phishing attacks, which have been occurring in Germany since about 2005 are a particular example of this. The investigation of phishing cases is interesting from both a technical and a legal perspective. This article gives a basic overview of the development of phishing in recent years, different attack methods and various Online Banking procedures with which attempts are made to protect against phishing attacks. Furthermore, this contribution explains the basic European and German legal rules which apply in case of a phishing attack. Since the attacker cannot usually be identified and held accountable, it must be determined who is liable for the damage caused by the phishing attack. Phishing in Online Banking has received very specific legal regulation, initially European and subsequently at German level. This paper will therefore examine the apportionment of risk under German law and according to the currently applicable European standards introduced by the First and Second Payment Services Directives. In addition, the most important innovations introduced by the Second Payment Services Directive are considered, in particular the so-called Two-Factor authentication.
ResearchGate has not been able to resolve any references for this publication.