Ransomware Attacks and Detection

Dear readers

In this month’s edition, we decided to focus on Ransomware, so you will read about various examples of ransomware attacks that happened in the past (WannaCry, for example), and how to protect your system by detecting this threat. Let’s see what’s inside! 

To better understand ransomware, we recommend reading the Ransomware Campaign article, where you will see how those deadly attacks are performed, how encryption and decryption are used by attackers. For a more practical approach, Case Study of Ransomware Detection will be perfect reading for you. In this article, authors present how Machine Learning is used to uncover ransomware, what’s the best methodology for ransomware detection, and how to secure your system against potential threats. 

A different approach is offered by Android Applications: Ransomware Detection, where the focus is on mobile phones and the Android system. It’s a very detailed research paper, which shows how vulnerable your device can be. We also have a small publication dedicated to using Python for ransomware creation. 

As always, we also prepared articles about other topics! We start with BARBARUS Pi Raspberry Pi: Attacking Robot, which is a great tutorial for hardware fans. In the article Advanced research and use of modules with Metasploit the author’s main goal is to automate penetration testing tools in Python. As you can guess, their focus is on Metasploit. 

While on the topic of penetration testing, you will take a closer look at Gathers - a tool that enhances information gathering. Gathers is a fairly new project, it features a user-friendly graphic interface allowing easy approach, even for less experienced users.

While reading this edition you will also explore vulnerabilities in Register files and see how hardware trojans can inject faults during reading or retention mode. Spring Security Framework and OAuth2 To Protect Microservice Architecture API and Packet Sniffing: Introduction close this edition.

We would like to send a big thank you to all contributors that joined this edition! Without you, this amazing issue wouldn’t be possible. Special thanks to all the reviewers and proofreaders involved in the process of creating this issue.

Summertime is slowly approaching and despite the still active threat from COVID-19, we hope that you will have a chance to relax and enjoy your free time. Stay safe and positive!

Enjoy the reading,

Hakin9 Editorial Team

TABLE OF CONTENTS

BARBARUS Pi Raspberry Pi: Attacking Robot 

Massinissa Immoun,  Alexandre Bereski

In this article, we will take you through the different steps to perpetrate one of these attacks by putting ourselves into the position of an employee being fired who wants to harm his ex-company. To reach our objective, we have programmed a software framework for an attacking robot to trigger payback and revenge operations through automated actions triggered by a Python-based Raspberry Pi piggybacked by a smart car.

Ransomware Campaign

Oualid Bouchenak, Ahmed Bencheikh

For the creation of our ransomware, we took an example of the well known “WannaCry” that encrypts data on a computer that has been infected and then tells the user that their files have been locked and displays information on how much is to be paid and when payment is taken through Bitcoin (a payment medium). That is how most ransomware works.

Leaking Kernel Data Using Register File Trojan

Mohammad Nasim Imtiaz Khan, Asmit De, Swaroop Ghosh

Register Files (RFs) are the most frequently accessed memories in a microprocessor for fast and efficient computation and control logic. Segment registers and control registers are especially critical for maintaining the CPU mode of execution that determines the access privileges. In this work, we explore the vulnerabilities in RF and propose a class of hardware Trojans that can inject faults during read or retention mode. The Trojan trigger is activated if one pre-selected address of L1 data-cache is hammered a certain number of times.

Case Study of Ransomware Detection

Chih-Yuan Yang, Ravi Sahita

The damage caused by crypto-ransomware, due to encryption, is difficult to revert and causes data losses. In this article, a machine learning (ML) classifier was built to early detect ransomware (called crypto-ransomware) that uses cryptography by program behavior. If a signature-based detection was missed, a behavior-based detector can be the last line of defense to detect and contain the damages. 

Advanced research and use of modules with Metasploit

Florian Hoff, Adrien Rogliano, Cassiopée Vannier 

In this article, our aim is to automate penetration testing tools in Python. We will focus on improving one of those tools - Metasploit - in order to use autopwn, which fires all penetration testing tools at once. Those tools are called modules. They can be offensive ones, such as exploits and payloads, or supportive, like auxiliaries.

Using Python for Ransomware Creation Part 1 

Nima Dabbaghi

Ransomware uses asymmetric encryption. This is cryptography that uses a pair of keys to encrypt and decrypt a file. The public-private pair of keys is uniquely generated by the attacker for the victim, with the private key to decrypt the files stored on the attacker’s server. The attacker makes the private key available to the victim only after the ransom is paid, though as seen in recent ransomware campaigns, that is not always the case. Without access to the private key, it is nearly impossible to decrypt the files that are being held for ransom.

Automated Pentesting Tool 

Tassadit Ait Ramdane, Krystian Luczyszyn

This article will discuss a new Python tool that we have implemented to perform information gathering more efficiently. Whatever type of hack you plan, the first step is always to collect information, the quality of which will be decisive to achieve your goal. In fact, it involves gathering publicly available information about the target, network scanning and vulnerability assessments. Now, how about a tool designed to automate pentesting steps? Gathers is a new Python tool that can be used by a cybersecurity beginner or an expert to perform recon and scanning of IT systems.

Android Applications: Ransomware Detection 

Dr. Iman Almomani, Samah Alsoghyer

Android ransomware is one of the most threatening attacks nowadays. Ransomware in general encrypts or locks the files on the victim’s device and requests a payment in order to recover them. The available technologies are not enough as new ransomware employ a combination of techniques to evade antivirus detection. Moreover, the literature counts only a few studies that have proposed static and/or dynamic approaches to detect Android ransomware in particular. Additionally, there are plenty of open-source malware datasets; however, the research community is still lacking ransomware datasets. In this paper, the state-of-the-art of Android ransomware detection approaches were investigated.

Applying Spring Security Framework and OAuth2 To Protect Microservice Architecture API

Quy Nguyen, Oras F. Baker

This research examines the possibility of applying Spring Security Framework and OAuth2 to secure microservice APIs that are built on top of Spring Framework. By developing a Proof of Concept (POC) of an Inventory Management System using MSA on top of Spring Framework, Spring Security Framework and OAuth2, we have conducted security tests over the POC using unit testing and manual testing techniques to examine if there are any vulnerabilities and we were able to show and confirm the effectiveness of the Spring Security Framework and OAuth2 in securing Spring-based APIs.

Packet Sniffing: Introduction

Ismail Ahmed

Sniffing in general terms refers to investigating something covertly in order to find confidential information. From an information security perspective, sniffing refers to tapping the traffic or routing the traffic to a target (shown in fig.1) where it can be captured, analyzed, and monitored. Sniffing is usually performed to analyze the network usage, troubleshooting network issues, monitoring the session for development and testing purposes.