ICT Express (Mar 2018)
Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems
Abstract
The inevitable integration of critical infrastructure to public networks has exposed the underlying industrial control systems to various attack vectors. In this paper, we model multi-stage crypto ransomware attacks, which are today an emerging cyber threat to critical infrastructure. We evaluate our modeling approach using multi-stage attacks by the infamous WannaCry ransomware. The static malware analysis results uncover the techniques employed by the ransomware to discover vulnerable nodes in different SCADA and production subnets, and for the subsequent network propagation. Based on the uncovered artifacts, we recommend a cascaded network segmentation approach, which prioritizes the security of production network devices. Keywords: Critical infrastructure, Cyber-attack, Industrial control system, Crypto ransomware, Vulnerability