publication . Article . Other literature type . 2018

Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems

Aaron Zimba; Zhaoshun Wang; Hongsong Chen;
Open Access
  • Published: 01 Mar 2018 Journal: ICT Express, volume 4, pages 14-18 (issn: 2405-9595, Copyright policy)
  • Publisher: Elsevier BV
The inevitable integration of critical infrastructure to public networks has exposed the underlying industrial control systems to various attack vectors. In this paper, we model multi-stage crypto ransomware attacks, which are today an emerging cyber threat to critical infrastructure. We evaluate our modeling approach using multi-stage attacks by the infamous WannaCry ransomware. The static malware analysis results uncover the techniques employed by the ransomware to discover vulnerable nodes in different SCADA and production subnets, and for the subsequent network propagation. Based on the uncovered artifacts, we recommend a cascaded network segmentation approa...
Persistent Identifiers
free text keywords: Cyber threat, Malware analysis, Critical infrastructure, Network segmentation, SCADA, Industrial control system, Ransomware, Computer science, Computer security, computer.software_genre, computer, Networking hardware, lcsh:Information technology, lcsh:T58.5-58.64
Related Organizations

[1] E. Byres, J. Lowe, The myths and facts behind cyber security risks for industrial control systems, in: Proc. of the VDE Kongress, vol. 116, 2004, pp. 213-218.

[2] L. Obregon, Secure architecture for industrial control systems, SANS Institute InfoSec Reading Room, 2015.

[3] E.D. Knapp, J.T. Langill, Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems, Syngress, 2014.

[4] H. Ghani, A. Khelil, N. Suri, G. Csertán, L. Gönczy, G. Urbanics, J. Clarke, Assessing the security of internet-connected critical infrastructures, Secur. Commun. Netw. 7 (12) (2014) 2713-2725.

[5] S. Marrone, Towards a unified definition of cyber and physical vulnerability in critical infrastructures, in: Security and Privacy Workshops (EuroS&PW), 2017 IEEE European Symposium on, IEEE, 2017, pp. 167- 173.

[6] K. Ganame, M.A. Allaire, G. Zagdene, O. Boudar, Network behavioral analysis for zero-day malware detection-A case study, in: International Conference on Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments, Springer, Cham, 2017, pp. 169-181.

[7] D. Gonzales, J.M. Kaplan, E. Saltzman, Z. Winkelman, D. Woods, Cloudtrust-A security assessment model for infrastructure as a service (IaaS) clouds, IEEE Trans. Cloud Comput. 5 (3) (2017) 523-536.

[8] R. Brewer, Ransomware attacks: detection, prevention and cure, Netw. Secur. 2016 (9) (2016) 5-9.

[9] G. Swenson, Bolstering Government Cybersecurity Lessons Learned from WannaCry, NIST, 2017.

[10] S. Lüders, Why Control System Cyber-Security, BlackHat Conference, August 2014. [Online] Available: materials/us-14-Luders-Why-Control-System-Cyber-Security-Sucks.pdf.

[11] S. Shao, C. Tunc, P. Satam, S. Hariri, Real-time IRC threat detection framework, in: Foundations and Applications of Self* Systems (FAS* W), 2017 IEEE 2nd International Workshops on, IEEE, 2017, pp. 318-323.

[12] CVE-2017-0144 Detail, October 2017. [Online] Available:

[13] A. Al Hasib, A.A.M.M. Haque, A comparative study of the performance and security issues of AES and RSA cryptography, in: Convergence and Hybrid Information Technology, 2008 ICCIT'08 Third International Conference on, vol. 2, IEEE, 2008, pp. 505-510.

[14] T.A. Mattei, Privacy, Confidentiality, and Security of Health Care Information: Lessons from the Recent WannaCry Cyberattack, in: World Neurosurgery, vol. 104, Elsevier, 2017, pp. 972-974. [OpenAIRE]

[15] N. Huq, R. Vosseler, Morton Swimmer, Cyberattacks against intelligent transportation systems, TrendMicro TrendsLabs, 2017. [Online] Available: acks-against-intelligent-transportation-systems.pdf.

Any information missing or wrong?Report an Issue