Our November edition is dedicated to malware attacks, and inside you will find various articles that will dive into this topic. We prepared a batch of articles, tutorials, and case studies that we hope will interest you. Let’s see what’s inside!
We start with the tutorial on creating malware with Excel and using Azure as a C2 server. The author demonstrates an attack by using a malicious document with a Macro VBA that installs a C2 Agent using Trevorc2 to create a botnet on Azure. Sounds interesting, right?
There is one more article about Azure, which we highly recommend checking out - Azure Defender for SQL. The author presents how to protect your database workload with two plans: vulnerability assessment and ATP.
Back to malware! In CryptoLocker - Origin and Analysis you will learn all about this attack, it’s a very in-depth tutorial.
We have an amazing article with the detailed history of honeypots that’s combined with the tutorial about their usage. Honey in the Clouds is a great piece that will catch your attention from the very beginning.
In another article, we will take a closer look at the deep learning algorithms that can be used for malware detection. It’s definitely a defensive approach as we learn how to detect this deadly attack before it causes damage.
The last article dedicated to malware is focused on the human factor. The article has some elements of social engineering techniques, although it’s mostly focused on our reactions during the attack, and how we make things better or worse depending on the behavior.
We recommend checking out the article Hunting the Hunters-Detection and Efficiency Testing of Endpoint Security Sensors, especially if you are interested in real case scenarios. The author here simply presents his findings after checking one company's security.
Moving forward, you will learn about the advantages of Zero Trust Architecture, as our next article shows a very compelling argument and explains the topic in great detail.
Last but not least, we have a write-up about artificial intelligence and its influence on the digital space. And at the very end, an article about ransomware and various defensive techniques that can help you prevent its attack.
We hope that you will enjoy this edition and find something that will catch your interest. As always, we would like to send our gratitude to all our contributors, reviewers, and proofreaders.
As the holiday time approaches, we would like to send you a big thank you for being part of our magazine! Stay safe during this time, enjoy the holidays with your loved ones, and take a breather from all the craziness that surrounds us. Make sure to make time for self-care and have fun hacking ;-)
Thank you and happy holidays!
Enjoy the reading,
Hakin9 Editorial Team
TABLE OF CONTENTS
Creating malware with Excel and using Azure as a C2 server
In this article, I will demonstrate an attack using a malicious document with a Macro VBA that installs a C2 Agent using Trevorc2 to create a botnet on Azure. "First of all, I am using Azure to demonstrate how a C2 works externally in practice, many criminals use this type of service, but of course Microsoft is always watching, so it is always good to have your own server or use a VPS."
Azure Defender for SQL
Numerous applications use databases as their storage for data, authentication information and many others. When it comes to PaaS database service in Azure, the most common choice would be Azure SQL Database, which is based on SQL Server code. When the database is being deployed in Microsoft Azure, you’re required to use a SQL Server (logical server) for the deployment. This server is used for accessing the database and comes with an FQDN of x.database.windows.net. While knowing the name you can implement a dictionary-based DNS attack against the URLs with the same format to get a list of available SQL Servers.
CryptoLocker - Origin and Analysis
Now let's better understand how this famous ransomware acted before and after it came into contact with your computer target. To begin, it is important to remember that CryptoLocker was disseminated mainly via email, as well as in the example given, but there were also records that other versions were distributed through advertisements that contained malicious attachments. Well, and speaking of versions, this ransomware persisted with several different ways of acting.
Honey in the clouds
Honeypots are specially crafted vulnerable machines exposed to the public eyes and fingertips. They are advanced traps used to discover techniques, protocols and tools used by malicious actors trying to probe them.
A deep learning approach for detecting zero-day malware attacks
Shaik Moin Sharukh
To counter-measure, the cyber-attacks, machine learning algorithms (MLAs) have come into the picture. The feature learning technique used by MLAs to detect novel malware signatures turns out to be time-consuming. To bypass the feature engineering phase, we introduce deep learning methodologies such as long short-term memory (LSTM) and convolutional neural networks (CNN). We made use of the binary malware datasets to train the algorithms, and once the malwares are detected they are classified and categorized into their respective malware families by means of deep image processing techniques.
Exploitation of Human Trust, and Ignorance by Malware
With hundreds of Malware variants discovered every day, organizations and users experience enormous financial losses as cybercriminals steal financial and user data. This article surveys the human characteristics that are key to the defense chain against Malware.
Hunting the Hunters-Detection and Efficiency Testing of Endpoint Security Sensors
The purpose of this document was to execute several efficiency and detection tests in our endpoint solution, provided by Sophos. This document presents the result of the defensive security analysis with an offensive mindset performed in the execution of 27 folders downloaded with Malwares by The Zoo repository in our environment.
Demystifying Zero Trust Architecture
A more and more raging buzz word in the world of information security, Zero Trust Architecture refers to the “defense in depth” approach of implementing security concepts removing the process of automatically trusting actors and devices integrated in a network. Zero Trust Architecture provides a thorough end to end approach to enterprise resource and data security controls interwoven around identity (person and nonperson entities), credentials, access management, operations, endpoints, hosting environments, and the interconnecting infrastructure.
A Secure and Smart Framework for Preventing Ransomware Attack
In this paper, we propose a framework that prevents the ransomware attack more appropriately using various techniques, such as blockchain, honeypot, cloud & edge computing. This framework is analyzed mainly through the IoT devices and generalized to any malware attack.
How Artificial Intelligence Is Transforming Digital Space
AI has been deemed the future of technology, but now it has arrived. It is revolutionizing the entire IT space. There’s so much that AI technology can provide to digital businesses. It has unbreakable potential. And what separates AI from other innovations is its intelligence that analyzes, decides, and makes precise predictions. Without doubt, AI technology can transform any industry, but online business owners can’t do without it right now.