Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems

Aaron Zimba; Zhaoshun Wang; Hongsong Chen

ICT Express (Mar 2018)

Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems

Aaron Zimba,
Zhaoshun Wang,
Hongsong Chen

Affiliations

Aaron Zimba: Corresponding author.; Department of Computer Science and Technology, University of Science and Technology Beijing, Beijing, China
Zhaoshun Wang: Department of Computer Science and Technology, University of Science and Technology Beijing, Beijing, China
Hongsong Chen: Department of Computer Science and Technology, University of Science and Technology Beijing, Beijing, China

Journal volume & issue: Vol. 4, no. 1
pp. 14 – 18

Abstract

Read online

The inevitable integration of critical infrastructure to public networks has exposed the underlying industrial control systems to various attack vectors. In this paper, we model multi-stage crypto ransomware attacks, which are today an emerging cyber threat to critical infrastructure. We evaluate our modeling approach using multi-stage attacks by the infamous WannaCry ransomware. The static malware analysis results uncover the techniques employed by the ransomware to discover vulnerable nodes in different SCADA and production subnets, and for the subsequent network propagation. Based on the uncovered artifacts, we recommend a cascaded network segmentation approach, which prioritizes the security of production network devices. Keywords: Critical infrastructure, Cyber-attack, Industrial control system, Crypto ransomware, Vulnerability

Published in ICT Express

ISSN: 2405-9595 (Online)
Publisher: Elsevier
Country of publisher: Netherlands
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology
Website: http://www.journals.elsevier.com/ict-express/

About the journal