Search for: All records

In light of the numerous peculiar events that persistently challenge the world, it is paramount to possess the capacity to thoroughly analyze the realm of cyberspace and cyber threats in the context of these circumstances. As such, adequately integrating data-driven intelligence in cyber analytics can help strengthen security postures and enable effective decision making. In this paper, we introduce a multifaceted Internet-scale, data-driven framework to enable the consistent measurement, identification and characterization of cyber threat dynamics amid real-world events. Particularly, our proposed framework scrutinizes Internet-wide security data feeds from multiple sources, including, (i) a large network telescope to infer illicit activities at large, (ii) a cluster of globally distributed sensor and honeypot to quantify reflective amplification attempts, and (iii) a set of BGP collectors to analyze Remotely Triggered Black Hole (RTBH) events. Specifically, we employ our framework to shed light on the 2022 Russo-Ukrainian cyber threat activities by drawing upon Terabytes of real network and security data feeds. We infer DDoS and UDP reflective attacks targeting federal agencies in Russia, and media entities in Ukraine. We further perceive an upsurge of Russian and Ukrainian RTBH techniques employed to block attacks targeting. ru domains and media companies. Additionally, we uncover an escalation of reconnaissance events, some of which are generated by the IoT-centric Mirai malware and others which target critical infrastructure. We report our findings objectively while postulating thoughts on intriguing observations on that particular event. Our Internet-scale data-driven framework offers a robust approach for empirical analysis of cyber threats in the face of real-world challenges; enabling effective and well-informed decision making. 

Electric Vehicle Charging Stations (EVCSs) have been shown to be susceptible to remote exploitation due to manufacturer-induced vulnerabilities, demonstrated by recent attacks on this ecosystem. What is more alarming is that compromising these high-wattage IoT systems can be leveraged to perform coordinated oscillatory load attacks against the power grid which could lead to the instability of this critical infrastructure. In this paper, we investigate a previously sidelined aspect of EVCS security. We analyze the deployment security of EVCSs and highlight operator-induced vulnerabilities rendering the ecosystem exposed to remote intrusions. We create an advanced discovery technique that leverages Web interface artifacts to dynamically discover new charging station vendors. As a result, we uncover 33,320 charging station management systems in the wild. Consequently, we study the deployment security of the charging stations and identify that 28,046 EVCSs were found to be vulnerable to eavesdropping, and around 24% of the studied EVCSs are deployed with default configurations exposing the ecosystem to a Mirai-like attack vector. Aligned with this finding, we discover that the EVCS ecosystem has been targeted by nefarious IoT malware such as Mirai and its variants. This demonstrates that further security measures should be implemented by vendors and operators to ensure the security of this vital ecosystem. Consequently, we provide a comprehensive recommendation for securing the deployment of EVCSs. 

Ransomware is a form of malware that uses encryption methods to prevent legitimate users from accessing their data files. To date, many ransomware families have been released, causing immense damage and financial losses for private users, corporations, and governments. As a result, researchers have proposed a range of ransomware detection schemes using various machine learning (ML) methods to analyze binary files and action sequences. However as this threat continues to proliferate, it is becoming increasingly difficult to collect and analyze massive amounts of ransomware executables and trace data at a common site (due to data privacy and scalability concerns). Hence this paper presents a novel distributed ransomware analysis (DRA) solution for detection and attribution using the decentralized federated learning (FL) framework. Detailed performance evaluation is then conducted for the case of static analysis with rapid/lightweight feature extraction using an up-to-date ransomware repository. Overall results confirm the effectiveness the FL-based solution. 

The transportation industry is a vital component of the global economy, responsible for the movement of goods between different locations. The intermodal freight transportation system involves the use of different modes of transportation, such as trucks, trains, and ships, to move freight containers. However, this system is loaded with inefficiencies due to the poor availability of real-time coordination and disruptions, causing delays, increased costs, and thus, higher carbon emissions. AI has the potential to improve the intermodal freight transportation system's efficiency by optimizing operations in real-time and self-evolving the models to make better/faster decisions. While both policymaking and business operations would benefit from using real-time optimization models, the implications and applications of these models are different in each context. In policymaking, real-time optimization models are used to improve public services, reduce overall network costs, and setting regulations for sustainable management of the network. The system can consider real-time traffic conditions, weather, and other factors to optimize the routing of the trucks, reducing transportation costs, improving delivery times, maintaining resiliency, and managing emissions. This work aims to contribute with a better understanding on how these information systems can be protected from cyberthreats, while performing the optimization of freight synchromodal transportation operations in real-time in terms of efficiency, cost-effectiveness, and carbon emissions reduction, considering the dynamic nature and heterogeneity of the intermodal freight system.