Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families

Total Page:16

File Type:pdf, Size:1020Kb

Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families Lars Strande Grini Master’s Thesis Master of Science in Information Security 30 ECTS Department of Computer Science and Media Technology Gjøvik University College, 2015 Avdeling for informatikk og medieteknikk Høgskolen i Gjøvik Postboks 191 2802 Gjøvik Department of Computer Science and Media Technology Gjøvik University College Box 191 N-2802 Gjøvik Norway Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families Lars Strande Grini 15/12/2015 Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families Abstract There exist different methods of identifying malware, and widespread method is the one found in almost every antivirus solution on the market today; the signature based ap- proach. This approach uses a one-way cryptographic function to generate a unique hash of each file. Afterwards, each hash is checked against a database of hashes of known mal- ware. This method provides close to none false positives, but this does also mean that this approach can only detect previously known malware, and will in many cases also provide a number of false negatives. Malware authors exploit this weakness in the way that they change a small part of the malicious code, and thereby changes the entire hash of the file, which then leaves the malicious code undetectable until the sample is discovered, analyzed and updated in the vendors database(s). In the light of this relatively easy mit- igation for malware authors, it is clear that we need other ways to identify malware. The other two main approaches for this are static analysis and behavior based/dynamic ana- lysis. The primary goal of such analysis and previous research has been focused around detecting whether a file is malicious or benign (binary classification). There has been comprehensive work in these fields the last few years. In the work we are proposing, we will leverage results from static analysis using machine learning methods, to distin- guish malicious Windows executables. Not just benign/malicious as in many researches, but by malware family affiliation. To do this we will use a database consisting of about of 330.000 malicious executables. A challenge in this work will be the naming of the samples and families as different antivirus vendors labels samples with different names and follows no standard naming scheme. This is exemplified by e.g. the VirusTotal online scanner which scans a hash in 57 malware databases. For the static analysis we will use the VirusTotal scanner as well as an open source tool for analyzing portable executables, PEframe. The work performed in the thesis presents a novel approach to extract and construct features that can be used to make an estimation of which type and family a malicious file is an instance of, which can be useful for analysis and antivirus scanners. This contribution is novel because multinominal classification is applied to distinguish between different types and families. i Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families Acknowledgements I would like to express my greatest appreciation to my supervisors, Katrin Franke and Andrii Shalaginov for the extraordinary guidance and feedback through this project. Fur- ther, I will thank my classmates Espen, Lars, David and Martin for discussions, feedback and company during the entire process. Lastly, I would like to thank my current class- mate Jan William, and my former classmate Simen for valuable discussions, feedback and proof reading of my work. iii Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families Contents Abstract .......................................... i Acknowledgements ................................... iii Contents ......................................... v List of Figures ...................................... ix List of Tables ....................................... xi Abbreviations ...................................... xiii 1 Introduction ..................................... 1 1.1 Topics covered by project . .1 1.2 Keywords . .1 1.3 Problem description . .1 1.4 Justification, motivation and benefits . .2 1.5 Research questions . .2 1.6 Planned contributions . .2 1.7 Thesis outline . .2 2 Malware: Taxonomy, Analysis & Detection .................... 5 2.1 Methods for malware analysis . .5 2.1.1 Detection and Analysis . .5 2.1.2 Dynamic Analysis . .5 2.2 Malware Taxonomy . .6 2.2.1 Virus . .6 2.2.2 Worm . .7 2.2.3 Trojan . .7 2.2.4 Backdoor . .7 2.2.5 Rootkit . .8 2.2.6 Bot . .8 2.3 Malware detection in antivirus scanners . .9 2.3.1 Signature based . .9 2.3.2 Anomaly based . .9 2.3.3 Heuristic based . 10 2.4 Obfuscation Techniques . 10 2.4.1 Encryption . 10 2.4.2 Polymorphism . 10 2.4.3 Metamorphism . 11 2.4.4 Specific obfuscation techniques . 11 2.4.5 Dead-Code Insertion . 11 2.4.6 Register Reassignment . 12 2.4.7 Instruction Substitution . 12 2.4.8 Code Transposition . 12 2.5 Windows Portable Executables . 13 2.6 Naming of malware . 14 v Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families 3 Machine Learning & Pattern Recognition .................... 17 3.1 Preprocessing . 17 3.2 Feature Selection . 18 3.3 Learning . 18 3.4 Challenges . 21 3.4.1 "No free lunch" . 21 3.4.2 "Ugly Duckling" . 21 3.4.3 Overfitting and underfitting . 21 3.4.4 Validation of results . 22 4 Related work ..................................... 25 4.1 Binary classification . 25 4.2 Multi-class Classification . 26 5 Large-scale Malware Analysis ........................... 29 5.1 Choice of methods . 30 5.2 Data acquisition . 30 5.3 Feature construction . 32 5.4 Subset generation . 33 5.5 Machine Learning Methods Used . 37 5.5.1 Feature selection . 37 5.5.2 Classification . 37 6 Experiments, results and discussion ....................... 39 6.1 Experimental Environments . 39 6.2 Data acquisition . 41 6.3 Feature Construction . 41 6.4 Feature selection . 43 6.4.1 10 most frequent families . 43 6.4.2 100 most frequent families . 46 6.4.3 500 most frequent families . 50 6.4.4 10 most frequent types . 52 6.4.5 35 most frequent types (Full feature set) . 53 6.5 Classification . 55 7 Conclusion & future work ............................. 57 7.1 Theoretical Implications . 57 7.2 Practical Considerations . 59 7.3 Further Research . 60 Bibliography ....................................... 63 A RawData database .................................. 69 A.1 Database explanation . 69 A.2 Processed database . 71 B Sample output froom tools ............................. 73 B.1 PEframe . 73 B.2 VirusTotal . 75 B.3 Serialized VirusTotal . 80 C Python Code Example for Feature Construction ................. 83 C.1 rawdata_to_data.py . 83 D Python Code Example for generating .arff file from DB table ......... 87 vi Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families D.1 table_to_arff.py . 87 E Data contents .................................... 89 E.1 Types of malware in data set . 89 E.2 Malware families in data set . 89 E.3 Architecture Distribution in PE headers . 110 vii Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families List of Figures 1 Illustration of boot sector virus [1] . .6 2 Kernel mode rootkit [2] . .9 3 Encrypted malware [3] . 11 4 Example of dead-code insertion [4] . 12 5 Example of instruction substitution [4] . 12 6 Example of code transposition [4] . 13 7 The portable executable format [5] . 14 8 Implementation of the CARO naming scheme [6] . 15 9 The machine learning process [7] . 17 10 Linearly separable data [8] . 18 11 K-Means clustering [9] . 19 12 Modes for multi-class classification [10] . 20 13 Overfitting and underfitting [11] . 21 14 5-fold cross validation [12] . 22 15 Methodology for large-scale static malware analysis and classification . 29 16 10 most frequent families . 34 17 100 most frequent families . ..
Recommended publications
  • Statistical Structures: Fingerprinting Malware for Classification and Analysis
    Statistical Structures: Fingerprinting Malware for Classification and Analysis Daniel Bilar Wellesley College (Wellesley, MA) Colby College (Waterville, ME) bilar <at> alum dot dartmouth dot org Why Structural Fingerprinting? Goal: Identifying and classifying malware Problem: For any single fingerprint, balance between over-fitting (type II error) and under- fitting (type I error) hard to achieve Approach: View binaries simultaneously from different structural perspectives and perform statistical analysis on these ‘structural fingerprints’ Different Perspectives Idea: Multiple perspectives may increase likelihood of correct identification and classification Structural Description Statistical static / Perspective Fingerprint dynamic? Assembly Count different Opcode Primarily instruction instructions frequency static distribution Win 32 API Observe API calls API call vector Primarily call made dynamic System Explore graph- Graph structural Primarily Dependence modeled control and properties static Graph data dependencies Fingerprint: Opcode frequency distribution Synopsis: Statically disassemble the binary, tabulate the opcode frequencies and construct a statistical fingerprint with a subset of said opcodes. Goal: Compare opcode fingerprint across non- malicious software and malware classes for quick identification and classification purposes. Main result: ‘Rare’ opcodes explain more data variation then common ones Goodware: Opcode Distribution 1, 2 ---------.exe Procedure: -------.exe 1. Inventoried PEs (EXE, DLL, ---------.exe etc) on XP box with Advanced Disk Catalog 2. Chose random EXE samples size: 122880 with MS Excel and Index totalopcodes: 10680 3, 4 your Files compiler: MS Visual C++ 6.0 3. Ran IDA with modified class: utility (process) InstructionCounter plugin on sample PEs 0001. 002145 20.08% mov 4. Augmented IDA output files 0002. 001859 17.41% push with PEID results (compiler) 0003. 000760 7.12% call and general ‘functionality 0004.
    [Show full text]
  • A the Hacker
    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
    [Show full text]
  • Undergraduate Report
    UNDERGRADUATE REPORT Attack Evolution: Identifying Attack Evolution Characteristics to Predict Future Attacks by MaryTheresa Monahan-Pendergast Advisor: UG 2006-6 IINSTITUTE FOR SYSTEMSR RESEARCH ISR develops, applies and teaches advanced methodologies of design and analysis to solve complex, hierarchical, heterogeneous and dynamic problems of engineering technology and systems for industry and government. ISR is a permanent institute of the University of Maryland, within the Glenn L. Martin Institute of Technol- ogy/A. James Clark School of Engineering. It is a National Science Foundation Engineering Research Center. Web site http://www.isr.umd.edu Attack Evolution 1 Attack Evolution: Identifying Attack Evolution Characteristics To Predict Future Attacks MaryTheresa Monahan-Pendergast Dr. Michel Cukier Dr. Linda C. Schmidt Dr. Paige Smith Institute of Systems Research University of Maryland Attack Evolution 2 ABSTRACT Several approaches can be considered to predict the evolution of computer security attacks, such as statistical approaches and “Red Teams.” This research proposes a third and completely novel approach for predicting the evolution of an attack threat. Our goal is to move from the destructive nature and malicious intent associated with an attack to the root of what an attack creation is: having successfully solved a complex problem. By approaching attacks from the perspective of the creator, we will chart the way in which attacks are developed over time and attempt to extract evolutionary patterns. These patterns will eventually
    [Show full text]
  • The Botnet Chronicles a Journey to Infamy
    The Botnet Chronicles A Journey to Infamy Trend Micro, Incorporated Rik Ferguson Senior Security Advisor A Trend Micro White Paper I November 2010 The Botnet Chronicles A Journey to Infamy CONTENTS A Prelude to Evolution ....................................................................................................................4 The Botnet Saga Begins .................................................................................................................5 The Birth of Organized Crime .........................................................................................................7 The Security War Rages On ........................................................................................................... 8 Lost in the White Noise................................................................................................................. 10 Where Do We Go from Here? .......................................................................................................... 11 References ...................................................................................................................................... 12 2 WHITE PAPER I THE BOTNET CHRONICLES: A JOURNEY TO INFAMY The Botnet Chronicles A Journey to Infamy The botnet time line below shows a rundown of the botnets discussed in this white paper. Clicking each botnet’s name in blue will bring you to the page where it is described in more detail. To go back to the time line below from each page, click the ~ at the end of the section. 3 WHITE
    [Show full text]
  • Internet Security THREAT REPORT GOVERNMENT 2013 P
    2012 Trends, Volume 18, Published April 2013 INTERNET SECURITY THREAT REPORT GOVERNMENT 2013 p. 2 Symantec Corporation Internet Security Threat Report 2013 :: Volume 18 CONTENTS 03 Introduction 31 Social Networking, Mobile, and the Cloud 04 Executive Summary 32 Introduction 32 Data 06 2012 Security Timeline 35 Analysis 09 2012 in Numbers 35 Spam and Phishing Move to Social Media 37 Mobile Threats 13 Targeted Attacks, Hacktivism, and Data Breaches 38 Cloud Computing Risks 14 Introduction 14 Data 40 Malware, Spam, and Phishing 17 DDoS Used as a Diversion 41 Introduction 17 Data Breaches 42 Data 19 Analysis 42 Spam 19 Cyberwarfare, Cybersabotage, and Industrial Espionage 45 Phishing 20 Advanced Persistent Threats and Targeted Attacks 46 Malware 20 Social Engineering and Indirect Attacks 48 Website Exploits by Type of Website 21 Watering Hole Attacks 49 Analysis 49 Macs Under Attack 23 Vulnerabilities, Exploits, and Toolkits 50 Rise of Ransomware 24 Introduction 51 Long-term Stealthy Malware 24 Data 51 Email Spam Volume Down 26 Analysis 51 Advanced Phishing 26 Web-based Attacks on the Rise 27 The Arms Race to Exploit New Vulnerabilities 53 Looking ahead 27 Malvertising and Website Hacking 56 Endnotes 28 Web Attack Toolkits 57 Appendix 29 Website Malware Scanning and Website Vulnerability Assessment 29 The Growth of Secured Connections 29 Norton Secured Seal and Trust Marks 29 Stolen Key-signing Certificates p. 3 Symantec Corporation Internet Security Threat Report 2013 :: Volume 18 Introduction Symantec has established some of the most In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of comprehensive sources of Internet threat more than 51,644 recorded vulnerabilities (spanning more than data in the world through the Symantec™ two decades) from over 16,687 vendors representing over 43,391 Global Intelligence Network, which is made products.
    [Show full text]
  • Classification of Malware Persistence Mechanisms Using Low-Artifact Disk
    CLASSIFICATION OF MALWARE PERSISTENCE MECHANISMS USING LOW-ARTIFACT DISK INSTRUMENTATION A Dissertation Presented by Jennifer Mankin to The Department of Electrical and Computer Engineering in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Electrical and Computer Engineering in the field of Computer Engineering Northeastern University Boston, Massachusetts September 2013 Abstract The proliferation of malware in recent years has motivated the need for tools to an- alyze, classify, and understand intrusions. Current research in analyzing malware focuses either on labeling malware by its maliciousness (e.g., malicious or benign) or classifying it by the variant it belongs to. We argue that, in addition to provid- ing coarse family labels, it is useful to label malware by the capabilities they em- ploy. Capabilities can include keystroke logging, downloading a file from the internet, modifying the Master Boot Record, and trojanizing a system binary. Unfortunately, labeling malware by capability requires a descriptive, high-integrity trace of malware behavior, which is challenging given the complex stealth techniques that malware employ in order to evade analysis and detection. In this thesis, we present Dione, a flexible rule-based disk I/O monitoring and analysis infrastructure. Dione interposes between a system-under-analysis and its hard disk, intercepting disk accesses and re- constructing high-level file system and registry changes as they occur. We evaluate the accuracy and performance of Dione, and show that it can achieve 100% accuracy in reconstructing file system operations, with a performance penalty less than 2% in many cases. ii Given the trustworthy behavioral traces obtained by Dione, we convert file system- level events to high-level capabilities.
    [Show full text]
  • The Flame: Questions and Answers 1.8
    The Flame: Questions and Answers 1.8 Aleks Kaspersky Lab Expert Posted May 28, 13:00 GMT Tags: Targeted Attacks, Wiper, Cyber weapon, Cyber espionage, Flame Duqu and Stuxnet raised the stakes in the cyber battles being fought in the Middle East – but now we’ve found what might be the most sophisticated cyber weapon yet unleashed. The ‘Flame’ cyber espionage worm came to the attention of our experts at Kaspersky Lab after the UN’s International Telecommunication Union came to us for help in finding an unknown piece of malware which was deleting sensitive information across the Middle East. While searching for that code – nicknamed Wiper – we discovered a new malware codenamed Worm.Win32.Flame. Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar ‘super­weapons’ currently deployed in the Middle East by unknown perpetrators. Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage. For the full low­down on this advanced threat, read on… General Questions What exactly is Flame? A worm? A backdoor? What does it do? Flame is a sophisticated attack toolkit, which is a lot more complex than Duqu. It is a backdoor, a Trojan, and it has worm­like features, allowing it to replicate in a local network and on removable media if it is commanded so by its master.
    [Show full text]
  • Wannacry Ransomware
    KNOW THE UNKNOWN® Success Story: WannaCry Ransomware WHITE PAPER Challenge Stopping a Worm & Saving Millions Worms like WannaCry and Petya operate as essentially Even the most recent of these attacks like WannaCry and zero-day attacks: they can lie dormant on our networks Petya still echo the basic principles of past-worms, and as and then rapidly spread between devices upon waking up. such, they are both preventable and stoppable. During The consequences of being hit by one is dramatic: precious the Code Red, Nimda, and ILOVEYOU attacks of the early- data is either ransom-locked or wiped and thus often 2000s, businesses that had invested in a NIKSUN-like irrecoverable. This means millions in lost data, restoration solution were able to run a rapid report to get a list of fees, public relations, and stock-holder confidence. all infected devices and cut them off from their network. Instead of thousands of machines being affected, they When FedEx was hit by Petya, for example, their subsidiary were able to resolve the incident with minor losses of TNT Express experienced “widespread service delays” and hundreds or less. This process takes a mere few minutes were unable to “fully restore all of the affected systems and thus could have saved Reckitt Benckiser from their and recover all of the critical business data that was hour-long attack. encrypted by the virus.”1 Shares in the company dropped 3.4% in the wake of the attack.2 Total, 100% visibility is simply the only way to stop these worms from becoming too damaging.
    [Show full text]
  • Potential Human Cost of Cyber Operations
    ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS REPORT ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Report prepared and edited by Laurent Gisel, senior legal adviser, and Lukasz Olejnik, scientific adviser on cyber, ICRC THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Table of Contents Foreword............................................................................................................................................. 3 Acknowledgements ............................................................................................................................. 4 Executive summary ............................................................................................................................. 5 Introduction....................................................................................................................................... 10 Session 1: Cyber operations in practice .………………………………………………………………………….….11 A. Understanding cyber operations with the cyber kill chain model ...................................................... 11 B. Operational purpose ................................................................................................................. 11 C. Trusted systems and software supply chain attacks ...................................................................... 13 D. Cyber capabilities and exploits ..................................................................................................
    [Show full text]
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
    [Show full text]
  • Common Threats to Cyber Security Part 1 of 2
    Common Threats to Cyber Security Part 1 of 2 Table of Contents Malware .......................................................................................................................................... 2 Viruses ............................................................................................................................................. 3 Worms ............................................................................................................................................. 4 Downloaders ................................................................................................................................... 6 Attack Scripts .................................................................................................................................. 8 Botnet ........................................................................................................................................... 10 IRCBotnet Example ....................................................................................................................... 12 Trojans (Backdoor) ........................................................................................................................ 14 Denial of Service ........................................................................................................................... 18 Rootkits ......................................................................................................................................... 20 Notices .........................................................................................................................................
    [Show full text]
  • Digital Transformation: Cure-All, Placebo Or Poison Pill? Leonidas Tougiannidis Country Manager, Greece & Cyprus
    Digital Transformation: Cure-all, Placebo or Poison Pill? Leonidas Tougiannidis Country Manager, Greece & Cyprus © Copyright Fortinet Inc. All rights reserved. IT Trends increase the ATTACK SURFACE & LIABILITIES ▪ Digital Transformation entails sharing data ▪ IoT brings 20 Billion new Devices Online ▪ Cloud breaks the Borders ▪ Mobility Disperses Users and Data ▪ SD-WAN stretchers enterprise networks ▪ Regulations (ie GDPR, PCI-DSS, PSD2) 2 [Digital Transformation] is the integration of digital technology into all areas of a business, resulting in fundamental changes to how businesses operate and how they deliver value to customers 3 Digital Transformation Digital Transformation Engage Your Empower Your Optimize Your Transform Your Customers Employees Business Products Digital Technology 4 Real Life Digital Transformation From 140-year old manufacturing company: Digital Transformation Goals – 2020: Top 10 Global Energy, Transportation, Healthcare Software Company – $15B Digital Revenue 5 Obstacles to Digital Transformation Security is the largest factor standing in the way of enterprise digital transformation efforts. More than half (55%) of companies said that security was the No. 1 challenge they face when implementing digital enablement technologies Source: SoftServe 2017 Cybersecurity one of Top 10 “Security nearly always tops the list of obstacles to Digital Transformation digital transformation obstacles”. Source:Harvard Business Review 2017 Marc Cecere, Forrester, ZD Net, 2017 The biggest disruptive technologies Some 57% of businesses reported cited by global respondents are the major issues finding and recruiting cloud (58%), mobility and talented IT security staff—a problem collaboration (54%), big data as digital transformation efforts (52%)...IoT (43%) move more data and systems to the cloud, and cyber attacks grow more Source: BT CIO Report 2016 sophisticated.
    [Show full text]