-
A Technical Look into Flotera Ransomware
Ransomware has been wreaking havoc since the mid-2000s. Improved ransomware variants continue to be seen since then, often with devastating results. This report will cover one of the samples of Flotera, which was available through HybridAnalysis. We present the static and dynamic behavior analysis of the Flotera ransomware.
-
An Analysis of the Recent Ransomware Families
The notorious crypto-ransomware infections in the past, such as CryptoLocker and WannaCry, can immediately disrupt the access to files or systems after ransomware deployment. With no backups of the compromised systems, the victim has no choice but to pay the ransom and hope the attackers will restore the systems. Additionally, the threat actors pressure victims to pay the ransom demand by stealing the data and threatening to release the stolen data publicly. In the last year, ransomware is still the major malware threat, with 60% of managed service providers seeing attacks in the first half of 2020. The ransomware industry has continued to evolve with more sophisticated new ransomware families and more effective threat actors. We investigate the three most active ransomware families reported by Group–IB in 2020 (Maze, REvil and Ryuk). They stand out to other ransomware families with massive impact by leveraging sophisticated techniques. It is important to recognize the extensive analysis that has been done on these ransomware families by the security companies. Although each ransomware has different source codes, they show some common behaviors when they strike. We summary the behavioral patterns of the chosen ransomware families and present the characteristics of each ransomware family.
-
Implementation and Design of Modbus over QUIC Protocol for ICS Networks
We designed and implemented a full-blown Modbus protocol running over QUIC. QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides lower-latency connection establishment than TCP/TLS. Our implementation is based on pymodbus and aioquic. We evaluated the connection latency for QUIC and TCP/TLS on a mininet virtual network, where we can easily change the network conditions (delay, percentages of packet loss).
-
Is JWT token really secure?
If you are familiar with OAuth 2.0, you probaly have heard of json web token many times (jwt token). In general, the access token in OAuth 2.0 protocol can have different formats and be protected by different crypotographic primitives. In this blog post, we will only discuss the jwt token in depth. JWT token is popular because it is powerful and authenticated. You can specify any assertions when creating the token to make it more expressive. The token is signed by the issuer (mostly not encrpted) so that no one can forge an token if he or she does not have the secret key. Sounds so far so good right? Until recently, I read some interesting attacks on the JWT token. So I decide to write a blog post about it. It is particulaly important to be aware of these attacks so that you can choose a secure implementatiion of jwt token library or if you want to implement secure jwt token from scratch. Let's dive in!
-
Understanding Linux Random Number Generator
The Linux random number generator (LRNG) produces random data for many security related applications and protocols. The generator is part of the Linux kernel open source project which has different versions since the original one. The survey describes the generator of Linux kernel version 2.6.30.7. The study provides a comprehensive analysis of all functions in LRNG as well as a security analysis against cryptographic attacks.