• Title/Summary/Keyword: Malware Forensics

Search Result 14, Processing Time 0.017 seconds

Intrusion Artifact Acquisition Method based on IoT Botnet Malware (IoT 봇넷 악성코드 기반 침해사고 흔적 수집 방법)

  • Lee, Hyung-Woo
    • Journal of Internet of Things and Convergence
    • /
    • v.7 no.3
    • /
    • pp.1-8
    • /
    • 2021
  • With the rapid increase in the use of IoT and mobile devices, cyber criminals targeting IoT devices are also on the rise. Among IoT devices, when using a wireless access point (AP), problems such as packets being exposed to the outside due to their own security vulnerabilities or easily infected with malicious codes such as bots, causing DDoS attack traffic, are being discovered. Therefore, in this study, in order to actively respond to cyber attacks targeting IoT devices that are rapidly increasing in recent years, we proposed a method to collect traces of intrusion incidents artifacts from IoT devices, and to improve the validity of intrusion analysis data. Specifically, we presented a method to acquire and analyze digital forensics artifacts in the compromised system after identifying the causes of vulnerabilities by reproducing the behavior of the sample IoT malware. Accordingly, it is expected that it will be possible to establish a system that can efficiently detect intrusion incidents on targeting large-scale IoT devices.

Forgery Detection Mechanism with Abnormal Structure Analysis on Office Open XML based MS-Word File

  • Lee, HanSeong;Lee, Hyung-Woo
    • International journal of advanced smart convergence
    • /
    • v.8 no.4
    • /
    • pp.47-57
    • /
    • 2019
  • We examine the weaknesses of the existing OOXML-based MS-Word file structure, and analyze how data concealment and forgery are performed in MS-Word digital documents. In case of forgery by including hidden information in MS-Word digital document, there is no difference in opening the file with the MS-Word Processor. However, the computer system may be malfunctioned by malware or shell code hidden in the digital document. If a malicious image file or ZIP file is hidden in the document by using the structural vulnerability of the MS-Word document, it may be infected by ransomware that encrypts the entire file on the disk even if the MS-Word file is normally executed. Therefore, it is necessary to analyze forgery and alteration of digital document through internal structure analysis of MS-Word file. In this paper, we designed and implemented a mechanism to detect this efficiently and automatic detection software, and presented a method to proactively respond to attacks such as ransomware exploiting MS-Word security vulnerabilities.

Analysis and Detection of Malicious Data Hidden in Slack Space on OOXML-based Corrupted MS-Office Digital Files

  • Sangwon Na;Hyung-Woo Lee
    • International journal of advanced smart convergence
    • /
    • v.12 no.1
    • /
    • pp.149-156
    • /
    • 2023
  • OOXML-based MS-Office digital files are extensively utilized by businesses and organizations worldwide. However, OOXML-based MS-Office digital files are vulnerable to forgery and corruption attack by including hidden suspicious information, which can lead to activating malware or shell code being hidden in the file. Such malicious code can cause a computer system to malfunction or become infected with ransomware. To prevent such attacks, it is necessary to analyze and detect the corruption of OOXML-based MS-Office files. In this paper, we examine the weaknesses of the existing OOXML-based MS-Office file structure and analyzes how concealment and forgery are performed on MS-Office digital files. As a result, we propose a system to detect hidden data effectively and proactively respond to ransomware attacks exploiting MS-Office security vulnerabilities. Proposed system is designed to provide reliable and efficient detection of hidden data in OOXML-based MS-Office files, which can help organizations protect against potential security threats.

Threat analysis and response plan suggested through analysis of Notion program artifacts (노션프로그램 아티팩트 분석을 통한 위협 분석 및 대응방안 제시)

  • Juhyeon Han;Taeshik Shon
    • Journal of Platform Technology
    • /
    • v.12 no.3
    • /
    • pp.27-40
    • /
    • 2024
  • Collaborative programs are tools designed to support multiple people working together, enhancing collaboration and communication efficiency, improving productivity, and overcoming the constraints of time and place. In the endemic era, many companies and individuals prefer using collaborative programs. These programs often handle sensitive information, such as work content, documents, and user data, which can cause significant damage if leaked. Exploiting this, various attack scenarios have emerged, including malware attacks disguised as collaborative programs, exploiting vulnerabilities within these programs, and stealing internal tokens. To prevent such attacks, it is essential to analyze and respond to potential threats proactively. This paper focuses on Notion, a widely used collaborative program, to collect and analyze artifacts related to user information and activities in both PC and Android environments. Based on the collected data, we categorize critical information, discuss potential threats, and propose countermeasures.

  • PDF