Threat-based Simulation of Data Exfiltration Towards Mitigating Multiple Ransomware Extortions-Reference-Cited by-同舟云学术

Threat-based Simulation of Data Exfiltration Towards Mitigating Multiple Ransomware Extortions

Published:2022-10-29 Issue: Volume: Page:
ISSN:2692-1626
Container-title:Digital Threats: Research and Practice
language:en
Short-container-title:Digital Threats

Author:

Mundt Michael,Baier Harald¹

Affiliation:

1. Universität der Bundeswehr München, Germany

Abstract

Network-based attacks and their mitigation are of increasing importance in our ever-connected world. Often network-based attacks address valuable data, which the attacker either encrypts to extort ransom or steals to make money reselling, or both. After the infamous WannaCry and NotPetya ransomware attacks in 2017, companies stepped up their cyber defenses. More emphasis was placed on backup and recovery processes so that even when files were destroyed, organizations had copies for quick recovery. However, cyber criminals have also adapted their methods. Instead of simply encrypting files, double extortion ransomware now exfiltrates the data first, before encrypting it. As a consequence the early detection and prevention of data exfiltration is one of today’s major challenges of institutions connected to the Internet. If attempts to illegal data exfiltration are successfully detected, the attacked institution should address a probable subsequent encryption attack step, too. In particular, valuable business assets must be checked for unauthorized access and need to be protected. However, due to the bulk of network traffic and persistent data, automation is a key requirement to successfully defend contemporary threats. The main goal of this article is to present a concept and its initial evaluation to achieve automation of data exfiltration mitigation in a targeted manner. Our concept consists of two main steps. Based on recognized international approaches used in Cyber Threat Intelligence (CTI), an automatic procedure on base of the MITRE ATT&CK framework for deriving current threats with respect to data exfiltration is presented in the first place. In the spirit of the DTRAP forum, a practical approach is chosen in addition to the theory in this manner. Our evaluation reveals that we are able to automatically identify the most relevant recent risks of unauthorized data exfiltration. In our second step we present the design of a simulation gear based on the attacks extracted from the MITRE ATT&CK framework. The aim is to simulate the greatest threats before they actually occur in the operational environment. The strict focus on the threats of data exfiltration characterizes our solution and makes our approach an ideal addition to existing solutions. We provide an evaluation of this initial simulation concept and its underlying technology for the implementation to show that we are on the right track.

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Computer Science Applications,Hardware and Architecture,Safety Research,Information Systems,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3568993

Reference45 articles.

1. Muna Al-Hawawreh; Elena Sitnikova; Neda Aboutorab . [n.d.]. Asynchronous Peer-to-Peer Federated Capability-Based Targeted Ransomware Detection Model for Industrial IoT . IEEE Access (Volume : 9)([n.d.]). https://ieeexplore.ieee.org/abstract/document/9597509 Muna Al-Hawawreh; Elena Sitnikova; Neda Aboutorab. [n.d.]. Asynchronous Peer-to-Peer Federated Capability-Based Targeted Ransomware Detection Model for Industrial IoT. IEEE Access (Volume: 9)([n.d.]). https://ieeexplore.ieee.org/abstract/document/9597509

2. Dargahi Tooska; Conti Mauro; Dehghantanha Ali . 2018. Cyber threat intelligence. Number 9783319739519, 978-3-319-73950-2 . Cham Springer . Dargahi Tooska; Conti Mauro; Dehghantanha Ali. 2018. Cyber threat intelligence. Number 9783319739519, 978-3-319-73950-2. Cham Springer.

3. Ullah Faheem; Edwards Matthew; Ramdhany Rajiv; Chitchyan Ruzanna; Babar M. Ali; Rashid Awais . [n.d.]. Data exfiltration:A review of external attack vectors and countermeasures . University of Bristol : Bristol Reserach([n.d.]). https://eprints.lancs.ac.uk/id/eprint/88549/1/1_s2.0_S1084804517303569_main.pdf Ullah Faheem; Edwards Matthew; Ramdhany Rajiv; Chitchyan Ruzanna; Babar M. Ali; Rashid Awais. [n.d.]. Data exfiltration:A review of external attack vectors and countermeasures. University of Bristol: Bristol Reserach([n.d.]). https://eprints.lancs.ac.uk/id/eprint/88549/1/1_s2.0_S1084804517303569_main.pdf

4. Michael Mundt; Harald Baier . 2021. Digital Forensics and Cyber Crime 12th EAI International Conference , ICDF2C 2021 , Virtual Event, Singapore, December 6-9, 2021, Proceedings, Towards Mitigation of Data Exfiltration Techniques Using the MITRE ATT&CK Framework . https://link.springer.com/chapter/10.1007/978-3-031-06365-7_9 Michael Mundt; Harald Baier. 2021. Digital Forensics and Cyber Crime 12th EAI International Conference, ICDF2C 2021, Virtual Event, Singapore, December 6-9, 2021, Proceedings, Towards Mitigation of Data Exfiltration Techniques Using the MITRE ATT&CK Framework. https://link.springer.com/chapter/10.1007/978-3-031-06365-7_9

5. Philippe Biondi and the Scapy community. 2021. Scapy - Packet crafting for Python2 and Python3. https://scapy.net/ Philippe Biondi and the Scapy community. 2021. Scapy - Packet crafting for Python2 and Python3. https://scapy.net/

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data Exfiltration;ACM Computing Surveys;2024-08-30

2. RansomSheild: Novel Framework for Effective Data Recovery in Ransomware Recovery Process;2024 IEEE International Conference on Big Data & Machine Learning (ICBDML);2024-02-24

3. Detecting lateral movement: A systematic survey;Heliyon;2024-02

4. Enhancing Incident Management by an Improved Understanding of Data Exfiltration: Definition, Evaluation, Review;Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering;2024

5. Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges;Electronics;2023-11-01