DOCSLIB.ORG

Challenges and Pitfalls in Malware Research

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Challenges and Pitfalls in Malware Research Challenges and Pitfalls in Malware Research Marcus Botacin1 Fabricio Ceschin1 Ruimin Sun2 Daniela Oliveira2 Andr´eGr´egio1 1Federal University of Paran´a(UFPR) { fmfbotacin,fjoceschin,[email protected] 2University of Florida { gracesrm@ufl.edu { [email protected]fl.edu Abstract 1 Introduction As the malware research field became more established As the malware research field has grown and became over the last two decades, new research questions arose, more established over the last two decades, many re- such as how to make malware research reproducible, how search questions have arisen about challenges not yet to bring scientific rigor to attack papers, or what is an ap- completely overcome by the malware research commu- propriate malware dataset for relevant experimental re- nity. For example, How to make malware research re- sults. The challenges these questions pose also brings pit- producible?; Does papers based on attacks strictly require falls that affect the multiple malware research stakehold- scientific rigor?; What constitutes a well-balanced and ers. To help answering those questions and to highlight appropriate dataset of malware and goodware to evalu- potential research pitfalls to be avoided, in this paper, we ate detection solutions?; How to define a relevant, ap- present a systematic literature review of 491 papers on propriated ground-truth for malware experiments?; and malware research published in major security conferences What criteria should be used to evaluate offline and on- between 2000 and 2018. We identified the most common line defense solutions? are important questions for cur- pitfalls present in past literature and propose a method rent and future research that cannot be left unanswered for assessing current (and future) malware research. Our in further papers on the field. Failing in answering those goal is towards integrating science and engineering best questions may lead to pitfalls that cause delays in anti- practices to develop further, improved research by learn- malware advances, such as: (i) offensive research are not ing from issues present in the published body of work. scientific enough to be published; (ii) the development As far as we know, this is the largest literature review of offline and online engineering solutions being devel- of its kind and the first to summarize research pitfalls oped and evaluated under the same assumptions; (iii) in a research methodology that avoids them. In total, the adoption of unrealistic and biased datasets; (iv) con- we discovered 20 pitfalls that limit current research im- sidering any AV labeled samples as ground-truth without pact and reproducibility. The identified pitfalls range measuring their distribution and relevance, among oth- from (i) the lack of a proper threat model, that compli- ers. cates paper's evaluation, to (ii) the use of closed-source As pointed out by Herley and P. C. van Oorschot [82] in solutions and private datasets, that limit reproducibility. their survey of the security research field: \The science We also report yet-to-be-overcome challenges that are in- seems under-developed in reporting experimental results, herent to the malware nature, such as non-deterministic and consequently in the ability to use them. The research analysis results. Based on our findings, we propose a set community does not seem to have developed a generally of actions to be taken by the malware research and de- accepted way of reporting empirical studies so that peo- velopment community for future work: (i) Consolidation ple could reproduce the work". In this blurry scenario, all of malware research as a field constituted of diverse re- stakeholders are affected: beginners are often not aware search approaches (e.g., engineering solutions, offensive of the challenges that they will face while developing their research, landscapes/observational studies, and network research projects, being discouraged after the first unex- traffic/system traces analysis); (ii) design of engineering pected obstacles; researchers facing those challenges may solutions with clearer, direct assumptions (e.g., position- not be completely aware that they are falling for a pitfall; ing solutions as proofs-of-concept vs. deployable); (iii) industry experts often do not understand the role of aca- design of experiments that reflects (and emphasizes) the demic research in security solutions development; paper target scenario for the proposed solution (e.g., corpora- reviewers end up with no guidelines about which project tion, user, country-wide); (iv) clearer exposition and dis- decisions are acceptable regarding the faced challenges, cussion of limitations of used technologies and exercised making it difficult to decide what type of work is good norms/standards for research (e.g., the use of closed- work. source antiviruses as ground-truth). Although understanding malware research challenges 1 and pitfalls is crucial for the advancement of the field and others may have different understandings. Thus, we in- the development of the next generation of sound anti- tend to stimulate the security community to discuss each malware security solutions, a few work have focused on pitfall and how they should be approached. attempting to answer those questions and shedding some From the lessons learned, we proposed a set of recom- light on these pitfalls. Previous works have only consid- mendations for different stakeholders (researchers, re- ered isolated malware research aspects, such as informa- viewers, conference/workshop organizers, and industry), tion flow [34] or sandbox limitations [127]. Therefore, aiming at the next generation of research in the field in this paper, we decided to investigate such phenomena and to discuss open challenges that the community has scientifically: we conducted a systematic review of the yet to tackle. For example, we propose for researchers: malware literature over a period of 18 years (2000-2018), clearly state their assumptions about malware and good- which encompasses 491 papers from the major security ware repositories to allow for bias identification and re- conferences. Based on this systematization, we discuss search reproducibility; for reviewers: be mindful of the practices that we deemed scientific, thus reproducible, Anchor bias [64] when evaluating the appropriateness of and that should be included in the gold standard of mal- a dataset, since the representativeness of the environ- ware research. ment in which an engineering tool is supposed to oper- Overall, malware research integrates science and engi- ate (corporate, home, lab) might be the most important neering aspects. Therefore, we describe \malware re- evaluation criteria, despite the dataset size; for con- search" in terms of a malware research method, accord- ferences/workshop organizers: increase support for ing to the following steps (see Figure 2): (i) Common the publication of more research on threat landscape, as Core (from the Scientific Method); (ii) Research Ob- they establish a foundation for new defense tools; and for jective Definition; (ii) Background Research; (iii) Hy- AV companies: disclose the detection engines and/or pothesis/Research Requirements; (iv) Experiment De- methods leveraged for detecting samples as part of the sign; (v) Test of Hypothesis/Evaluation of Solution; and AV labels. We do not expect that all of our proposed (vi) Analysis of Results. Based on this framework, we guidelines be fully addressed in all papers, since it can reviewed the selected literature and identified 20 falla- be almost impossible in some circumstances due to re- cies about malware research, which were described and search/experiment limitations. However, our goal is to organized according to their occurrence in the Malware position them as a statement of good research practices Research Method. The identified pitfalls range from the: to be pursued. (Reasoning Phase) unbalanced development of research To the best of our knowledge, this is the first comprehen- work, which is currently concentrated on engineering so- sive systematization of pitfalls and challenges in almost lution proposals, with a scarcity of research on threat two decades of malware research, and in which the pitfalls panoramas, which should provide the basis for support- and challenges have been placed in the context of differ- ing work on engineering solutions; (Development Phase) ent phases of a proposed Malware Research Method, with the lack of proper threat model definitions for many so- a concrete actionable roadmap for the field. We limited lutions, which makes their positioning and evaluation our critical evaluation to the malware field, because it is harder; and (Evaluation Phase) the use of private and/or the field we have experience as authors, reviewers and PC non-representative datasets, that do not streamline re- members. However, we believe that many of the points producibility or their application in real scenarios. here discussed might be extrapolated for other security domains (along with the proper reasoning and adapta- In addition to pitfalls, we also identified challenges that tions), also providing a certain level of contribution to researchers face regarding practical considerations, a step their scientific enhancement. we modeled in our proposed Malware Research Method. In summary, the contributions of our paper are threefold: For example, when developing a malware detection so- lution, researchers soon realize that many stakeholders, 1. We propose a Malware Research method that inte- such as AV companies, do not disclose
Load more

Recommended publications
  • USBESAFE: an End-Point Solution to Protect Against USB-Based Attacks
    USBESAFE: An End-Point Solution to Protect Against USB-Based Attacks Amin Kharraz†‡ Brandon L. Daley ‡ Graham Z. Baker William Robertson‡ Engin Kirda‡ MIT Lincoln Laboratory †University of Illinois at Urbana-Champaign ‡Northeastern University Abstract automatically scans removable devices including USB sticks, memory cards, external hard drives, and even cameras after Targeted attacks via transient devices are not new. How- being plugged into a machine. Unfortunately, bypassing such ever, the introduction of BadUSB attacks has shifted the attack checks is often not very difficult as the firmware of USB de- paradigm tremendously. Such attacks embed malicious code vices cannot be scanned by the host. In fact, the introduction in device firmware and exploit the lack of access control in of BadUSB attacks has shifted the attack paradigm tremen- the USB protocol. In this paper, we propose USBESAFE as a dously as adversaries can easily hide their malicious code mediator of the USB communication mechanism. By lever- in the firmware, allowing the device to take covert actions aging the insights from millions of USB packets, we propose on the host [9]. A USB flash drive could register itself as techniques to generate a protection model that can identify both a storage device and a Human Interface Device (HID) covert USB attacks by distinguishing BadUSB devices as a such as a keyboard, enabling the ability to inject surreptitious set of novel observations. Our results show that USBESAFE keystrokes to carry out malice. works well in practice by achieving a true positive [TP] rate of 95.7% with 0.21% false positives [FP] with latency as low Existing defenses against malicious USB devices have re- as three malicious USB packets on USB traffic.
    [Show full text]
  • America Exposed Who’S Watching You Through Your Computer’S
    America Exposed Who’s Watching You Through Your Computer’s Camera? May 2017 By: James Scott, Senior Fellow, The Institute for Critical Infrastructure Technology 1 America Exposed Who’s Watching You Through Your Computer’s Camera May 2017 Authored by: James Scott, Sr. Fellow, ICIT Except for (1) brief quotations used in media coverage of this publication, (2) links to the www.icitech.org website, and (3) certain other noncommercial uses permitted as fair use under United States copyright law, no part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher. For permission requests, contact the Institute for Critical Infrastructure Technology. Copyright © 2017 Institute for Critical Infrastructure Technology – All Rights Reserved ` 2 Support ICIT & Increase Webcam Privacy CamPatch®, the world’s leading manufacturer of webcam covers, is proud to donate 100% of net proceeds to ICIT. Custom Branded Webcam Covers are a powerful tool for security training initiatives, and are a valuable and impactful promotional giveaway item. Visit www.CamPatch.com or contact [email protected] to learn more. Upcoming Events The Annual ICIT Forum June 7, 2017, The Four Seasons Washington D.C. www.icitforum.org ` 3 Contents Are You Being Watched? .............................................................................................................................. 4 Computing Devices
    [Show full text]
  • Conference Reports
    ConferenceREPORTS Reports 23rd USENIX Security Symposium AT&T was a US government regulated monopoly, with over August 20–22, 2014, San Diego 90% of the telephone market in the US. They owned everything, Summarized by David Adrian, Qi Alfred Chen, Andrei Costin, Lucas Davi, including the phones on desktops and in homes, and, as a monop- Kevin P. Dyer, Rik Farrow, Grant Ho, Shouling Ji, Alexandros Kapravelos, oly, could and did charge as much as $5 per minute (in 1950) for a Zhigong Li, Brendan Saltaformaggio, Ben Stock, Janos Szurdi, Johanna cross-country call. In 2014 dollars, that’s nearly $50 per minute. Ullrich, Venkatanathan Varadarajan, and Michael Zohner In the beginning, the system relied on women, sitting in front Opening Remarks of switchboards with patch cables in hand, to connect calls. Summarized by Rik Farrow ([email protected]) Just like Google today, AT&T realized that this model, relying on human labor, cannot scale with the growth in the use of the Kevin Fu, chair of the symposium, started off with the numbers: telephone: They would have needed one million operators by a 26% increase in the number of submissions for a total of 350, 1970. Faced with this issue, company researchers and engineers and 67 papers accepted, a rate of 19%. The large PC was perhaps developed electro-mechanical switches to replace operators. not large enough, even with over 70 members, and included out- side reviewers as well. There were 1340 paper reviews, with 1627 The crossbar switch, first used only for local calls, used the pulse follow-up comments, and Fu had over 8,269 emails involving the of the old rotary telephone to manipulate a Strowger switch, symposium.
    [Show full text]
  • Sok: “Plug & Pray” Today – Understanding USB Insecurity In
    SoK: “Plug & Pray” Today – Understanding USB Insecurity in Versions 1 through C Dave (Jing) Tian∗, Nolen Scaife∗, Deepak Kumary, Michael Baileyy, Adam Batesy, Kevin R. B. Butler∗ ∗University of Florida fdaveti, scaife, butlerg@ufl.edu yUniversity of Illinois at Urbana-Champaign fdkumar11, mdbailey, [email protected] Abstract—USB-based attacks have increased in complexity in systematizing the defenses present in the USB ecosystem, we recent years. Modern attacks now incorporate a wide range of find that most defenses often focus on protecting a single layer, attack vectors, from social engineering to signal injection. To which proves ineffective against a suite of attacks that appear address these challenges, the security community has responded with a growing set of fragmented defenses. In this work, at many communication layers. In addition, misaligned goals we survey and categorize USB attacks and defenses, unifying between industry and academia further fragment the defense observations from both peer-reviewed research and industry. space. Commercial solutions focus on the prevention of data Our systematization extracts offensive and defensive primitives loss and anti-malware without regard for emerging attack that operate across layers of communication within the USB vectors, while research prototypes vary and are hamstrung by ecosystem. Based on our taxonomy, we discover that USB attacks often abuse the trust-by-default nature of the ecosystem, and the lack of built-in security building blocks in the existing transcend different layers within a software stack; none of USB specifications. As a result, research solutions often rely the existing defenses provide a complete solution, and solutions on new host and peripheral architectures that are unlikely to expanding multiple layers are most effective.
    [Show full text]
  • Backdoor Detection Systems for Embedded Devices By
    Backdoor Detection Systems for Embedded Devices by Sam Lloyd Thomas A thesis submitted to University of Birmingham for the degree of Doctor of Philosophy School of Computer Science College of Engineering & Physical Sciences University of Birmingham April 2018 Abstract A system is said to contain a backdoor when it intentionally includes a means to trigger the execution of functionality that serves to subvert its expected security. Unfortunately, such constructs are pervasive in software and systems today, particularly in the firmware of commodity embedded systems and \Internet of Things" devices. The work presented in this thesis concerns itself with the problem of detecting backdoor- like constructs, specifically those present in embedded device firmware, which, as weshow, presents additional challenges in devising detection methodologies. The term \backdoor", while used throughout the academic literature, by industry, and in the media, lacks a rig- orous definition, which exacerbates the challenges in their detection. To this end,we present such a definition, as well as a framework, which serves as a basis for their discov- ery, devising new detection techniques and evaluating the current state-of-the-art. Further, we present two backdoor detection methodologies, as well as corresponding tools which implement those approaches. Both of these methods serve to automate many of the currently manual aspects of backdoor identification and discovery. And, in both cases, we demonstrate that our approaches are capable of analysing device firmware at scale and can be used to discover previously undocumented real-world backdoors. Acknowledgements Numerous people have contributed in one way or another to my \PhD experience", and the words written here do not reflect the true thanks owed to each of them.
    [Show full text]
  • The Most Dangerous Cyber Nightmares in Recent Years Halloween Is the Time of Year for Dressing Up, Watching Scary Movies, and Telling Hair-Raising Tales
    The most dangerous cyber nightmares in recent years Halloween is the time of year for dressing up, watching scary movies, and telling hair-raising tales. Events in recent years have kept companies on high alert. Every day we are seeing an increase in cyberattacks carried out by organized hacker organizations. In a matter of seconds, these threats can destabilize large corporations, stealing large quantities of money and personal data, as well shake the very foundations of entire world powers. Have a look at some of the most terrifying attacks of recent years. 2010 2011 2012 Operation Aurora RSA SecurID Stratfor A series of cyberattacks carried out RSA suffered a security breach as a Publication and dissemination of worldwide, targeting 34 companies, result of a cyberattack that sought internal emails exchanged between including Google. The attack was details about its SecureID system. personnel of the private intelligence perpetrated by a group of Chinese espionage agency Stratfor, as well as hackers. PlayStation Network emails exchanged with clients of the firm. 77 million accounts were Australian Government compromised and blocked PS3 and DDoS attacks, carried out by the PlayStation Portable users from Linkedin online community Anonymous, accessing the service for 23 hours. The passwords of nearly 6.5 million against the Australian Government. user accounts were stolen by Russian cybercriminals. Operation Payback An attack coordinated jointly against opponents of Internet piracy. 2013 2014 Cyberattack in South Korea Celebrity photos Cyber networks of major South 500 private photographs of several Korean banks and television celebrities, mostly women, were networks were shut down in an placed on 4chan and subsequently alleged act of cyber warfare.
    [Show full text]
  • Software Conflicts and User Autonomy
    The Ohio State Technology Law Journal SPYWARE VS. SPYWARE: SOFTWARE CONFLICTS AND USER AUTONOMY JAMES GRIMMELMANN* CONTENTS I. INTRODUCTION ............................................................... 26 II. SOFTWARE CONFLICTS .................................................. 34 III. USER AUTONOMY ........................................................... 49 IV. CONCLUSION .................................................................... 65 * Professor of Law, Cornell Tech and Cornell Law School. This Essay is a revised version of a Distinguished Lecture given for the Ohio State Technology Law Journal on September 20, 2019. My thanks to the participants there and in the Digital Life Seminar at Cornell Tech, and to Aislinn Black, Mary Anne Franks, Bryan Choi, Efthimos Parasidis, Guy Rub, Tom Dougherty, MC Forelle, Fred von Lohmann, Germán Ricardo Macías, Arvind Narayanan, Helen Nissenbaum, Frank PasQuale, C.E. Petit, and Christopher Thorpe. This essay may be freely reused under the terms of the Creative Commons Attribution 4.0 International license, https://creativecommons.org/licenses/by/4.0. 26 THE OHIO STATE TECHNOLOGY LAW JOURNAL [Vol. 16.1 I. Introduction This is the story of the time that Apple broke Zoom, and everybody was surprisingly okay with it. The short version is that Zoom provides one of the most widely used video-conferencing systems in the world. One reason for Zoom’s popularity is its ease of use; one reason Zoom was easy to use was that it had a feature that let users join calls with a single click. On macOS,
    [Show full text]
  • Large Scale Security Analysis of Embedded Devices' Firmware
    2015-ENST-0055 EDITE - ED 130 Doctorat ParisTech THÈSE pour obtenir le grade de docteur délivré par TELECOM ParisTech Spécialité « Informatique et Réseaux » présentée et soutenue publiquement par Andrei COSTIN le 23 Septembre 2015 Analyse à large échelle de la sécurité du logiciel dans les systèmes embarqués Directeur de thèse : Aurélien FRANCILLON Co-encadrement de la thèse : Davide BALZAROTTI Jury M. Srdan¯ CAPKUNˇ , Professeur, ETH, Zürich, Suisse Rapporteur M. Claude CASTELLUCCIA, Senior Research Scientist, INRIA, Grenoble, France Rapporteur M. Renaud PACALET, Directeur d’Études, Télécom ParisTech, Sophia-Antipolis, France Examinateur Mme. Nathalie MESSINA, SW Architect, Magneti Marelli, Sophia-Antipolis, France Examinateur TELECOM ParisTech école de l’Institut Télécom - membre de ParisTech Large Scale Security Analysis of Embedded Devices’ Firmware Thesis Andrei Costin [email protected] École Doctorale Informatique, Télécommunication et Électronique, Paris ED 130 Publicly defended on: September 23rd, 2015 Advisor: Co-Advisor: Assistant Prof. Aurélien Francillon Assistant Prof. Davide Balzarotti EURECOM, Sophia-Antipolis EURECOM, Sophia-Antipolis Reviewers: Examiners: Prof. Srđan Čapkun, Dr. Renaud Pacalet, ETH, Zurich Télécom ParisTech, Sophia-Antipolis Dr. Claude Castelluccia, Dr. Nathalie Messina, INRIA, Grenoble Magneti Marelli, Villeneuve-Loubet This thesis is dedicated to my wife and my parents. For their love, support and encouragement. Acknowledgements I want to start by thanking my supervisors, Aurélien and Davide. They were a true inspiration and strong motivators throughout the uneasy road towards a PhD thesis and title. They were always there when I was looking for an advise, and they knew how to help when apparently there was nothing more to be done. I was very fortunate and blessed that I chose them and, more importantly, that they chose me for this PhD.
    [Show full text]
  • Survey and Taxonomy Ofadversarial Reconnaissance Techniques
    Survey and Taxonomy of Adversarial Reconnaissance Techniques SHANTO ROY, University of Houston NAZIA SHARMIN, University of Texas at El Paso JAMIE C. ACOSTA, CCDC Army Research Laboratory CHRISTOPHER KIEKINTVELD, University of Texas at El Paso ARON LASZKA, University of Houston Adversaries are often able to penetrate networks and compromise systems by exploiting vulnerabilities in people and systems. The key to the success of these attacks is information that adversaries collect throughout the phases of the cyber kill chain. We summarize and analyze the methods, tactics, and tools that adversaries use to conduct reconnaissance activities throughout the attack process. First, we discuss what types of information adversaries seek, and how and when they can obtain this information. Then, we provide a taxonomy and detailed overview of adversarial reconnaissance techniques. The taxonomy introduces a categorization of reconnaissance techniques based on the technical approach, including target footprinting, social engineering, network scanning, and local discovery. This paper provides a comprehensive view of adversarial reconnaissance that can help in understanding and modeling this complex but vital aspect of cyber attacks as well as insights that can improve defensive strategies, such as cyber deception. CCS Concepts: • Security and privacy; Additional Key Words and Phrases: Cybersecurity, Adversarial Reconnaissance, Footprinting, Social Engineer- ing, Network Scanning, Local Discovery, Cyber Deception 1 INTRODUCTION Businesses and governments must develop novel capabilities and technologies to stay competi- tive, but this innovation also leads to new cybersecurity challenges. As new security measures are developed and implemented, adversaries continuously evolve new tactics and identify new vulnerabilities to conduct attacks. A 2018 Gartner report estimated that security expenses would grow up to $124 billion in total in 2019 [8].
    [Show full text]
  • Vetting USB Device Firmware Using Domain Informed Symbolic Execution
    FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution Grant Hernandez∗ Farhaan Fowze∗ Dave (Jing) Tian University of Florida University of Florida University of Florida Gainesville, FL, USA Gainesville, FL, USA Gainesville, FL, USA [email protected] [email protected] [email protected] Tuba Yavuz Kevin R. B. Butler University of Florida University of Florida Gainesville, FL, USA Gainesville, FL, USA [email protected] [email protected] ABSTRACT 1 INTRODUCTION The USB protocol has become ubiquitous, supporting devices from The Universal Serial Bus (USB) protocol enables devices to com- high-powered computing devices to small embedded devices and municate with each other across a common physical medium. USB control systems. USB’s greatest feature, its openness and expand- has become ubiquitous and is supported by a vast array of devices, ability, is also its weakness, and attacks such as BadUSB exploit the from smartphones to desktop PCs, small peripherals, such as flash unconstrained functionality afforded to these devices as a vector drives, webcams, or keyboards, and even control systems and other for compromise. Fundamentally, it is virtually impossible to know devices that do not present themselves as traditional computing whether a USB device is benign or malicious. This work introduces platforms. This ubiquity allows for easy connecting of devices to FirmUSB, a USB-specific firmware analysis framework that uses data and power. However, attacks that exploit USB have become domain knowledge of the USB protocol to examine firmware im- increasingly common and serious. As an example the BadUSB at- ages and determine the activity that they can produce.
    [Show full text]
  • Defending Operating Systems from Malicious Peripherals
    DEFENDING OPERATING SYSTEMS FROM MALICIOUS PERIPHERALS By JING TIAN A DISSERTATION PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY UNIVERSITY OF FLORIDA 2019 c 2019 Jing Tian For my mom, who gave up her chance to go to a college for her family but firmly believes \Knowledge is power". For my dad, who knows nothing about computer but bought me one in 1998. ACKNOWLEDGMENTS I am extremely grateful to my family, who always love and support me unconditionally; my advisor Dr. Kevin Butler, who inspires me to a faculty career and keeps inspiring me; and Xie and Fubao, who accompanied me in the past five years. I am also indebted to Dr. Patrick Traynor, who provide guidance and support all along the way. I am also grateful to Dr. Adam Bates, Dr. Bradley Reaves, Dr. Benjamin Mood, and Dr. Nolen Scaife { it is my honor to work with you guys. I would like to thank Dr. Adam Bates, Dr. Patrick McDaniel, Dr. Michael Bailey, Dr. Prabhat Mishra, Dr. Raju Rangaswami, Dr. Tom Shrimpton, and Dr. Vincent Bindschaedler, who gave strong support during my job hunting. Special thanks to Dr. Emily Rine Butler, who taught me how to write an academic paper. I had great pleasure of working with all the talented and motivated students of the FICS research. Many thanks to Grant Hernandez and Joseph Choi for their consistent support whenever my paper is on fire. I would like to thank all my co-authors on the projects described in this work { these projects would not happen without your contribution.
    [Show full text]
  • The Most Terrifying Incidents Hackers and Organized Groups Diabolic Malware Spookiest Vulnerabilities
    The scariest cyber nightmares in recent years The most terrifying incidents 2010 2011 2012 Operation Aurora RSA SecurID Stratfor Leak Attacks on the Australian Playstation Network outage LinkedIn Hack government Operation Payback 2013 2014 2015 Cyberattack Celebgate Anthem Medical data leak on South Korea Sony Pictures attack US Office of Personnel Snapchat Attack Management incident Russian Hackers Yahoo! security breach password theft Hacking Team Ashley Madison VTech Attack SWIFT banking leak 2016 2017 Bank of Bangladesh heist WannaCry ransomware attack Hollywood Presbyterian Hospital incident Westminster cyberattack Attack on the DNC Petya cyberattack Dyn cyberattack Equifax security breach Russian hacking in US elections Hackers and Organized Groups Organized Groups Hackers Anonymous New World Hackers George Hotz Bureau 121 NullCrew Guccifer Cozy Bear NSO Group Hector Monsegur CyberBerkut PayPal 14 Jeremy Hammond Derp PLA Unit 61398 Junaid Hussain Equation Group PLATINUM Kristoffer von Hassel Fancy Bear Pranknet Mustafa Al-Bassam Ilustración TW GNAA RedHack M LT Goatse Security Rocket Kitten Ryan Ackroyd Guccifer 2.0 The Shadow Brokers Topiary Hacking Team Syrian Electronic Army The Jesterweev Iranian Cyber TeaMp0isoN Army Tailored Access Operations Lizard Squad UGNazi LulzRaft Yemen Cyber Army LulzSec Spookiest Vulnerabilities 2010 2013 2014 2015 2016 2017 Evercookie iSeeYou Heartbleed JASBUG DROWN Cloudbleed Shellshock Stagefright Badlock Broadcom Wi-Fi POODLE Dirty COW EternalBlue Rootpipe DoublePulsar Row hammer Silent Bob is Silent Diabolic Malware The Mask Duqu 2.0 Mahdi NSA ANT Shamoon Vault 7 CryptoLocker FinFisher Metulji botnet Pegasus Stars virus WannaCry Dexter Flame Mirai R2D2 Stuxnet X-Agent Duqu Gameover ZeuS LIMITLESS VISIBILITY, ABSOLUTE CONTROL.
    [Show full text]