Selections by dgoff
Pub Crawl summarizes sets of publications that have been peer-reviewed and presented at Science of Security (SoS) conferences or referenced in current work. The topics are chosen for their usefulness for current researchers. Select the topic name to view the corresponding list of publications. Submissions and suggestions are welcome.
According to researchers at Lloyds Bank, romance scam victims surged by more than a fifth (22%) in 2023 compared to 2022. The average amount lost per incident was $8847 last year, which is lower than in 2022 when the average loss was $10,505. The researchers noted that romance scams have exploded in prominence in recent years, with attackers leveraging fake profiles on social media and online dating apps to lure in potential victims. They are also commonly used as a gateway to other types of fraud and malicious cyber activity.
According to security researchers at ReliaQuest, a hyper-active LockBit group led to a surge in ransomware campaigns in the last quarter of 2023. The researchers found that ransomware activity was up 80% between October and December 2023 compared with the same period in 2022. Over this period, a total of 1262 victims were listed on data leak sites, with victims ranging from several industries, including manufacturing, construction, professional, scientific, and technical services.
Duke University engineers have demonstrated a system called "MadRadar" that can deceive automotive radar sensors. The technology can hide an approaching car, create a phantom car where none exists, or even mislead the radar into believing a real car has quickly deviated from its course. It can do this without having prior knowledge regarding the specific settings of the victim's radar, thus making it a significant threat to radar security.
Two more individuals have recently been indicted for their role in a credential stuffing attack resulting in unauthorized access to thousands of user accounts at a fantasy sports and betting website. According to the Department of Justice (DoJ), the individuals, Nathan Austad, 19, of Farmington, Minnesota, and Kamerin Stokes, 21, of Memphis, Tennessee, allegedly participated in compromising the accounts using usernames and passwords obtained from other data breaches and attempted to sell access to the accounts.
A threat actor who uses USB devices for initial infection has been discovered abusing legitimate online platforms such as GitHub, Vimeo, and Ars Technica to host encoded payloads hidden in content that appears to be harmless. The attackers put these payloads in forum user profiles on technology news websites or video descriptions on media hosting platforms. The payloads pose no risk to those visiting these web pages because they are just text strings. However, they still play a major role in downloading and executing malware.
International law enforcement has detained 31 suspected cybercriminals and discovered 1,300 malicious servers used to conduct phishing attacks and distribute malware. Interpol's Operation Synergia ran from September to November 2023. It was launched in response to the growth and escalation of transnational cybercrime, as well as the need for coordinated action against new cyber threats. The operation involved nearly 60 law enforcement agencies and a few private companies.
A comprehensive code security audit focusing on several components of the Tor anonymity network conducted by researchers at Radically Open Security discovered more than a dozen vulnerabilities, including an issue classified as "high risk." The researchers conducted that audit between April and August 2023, covering the Tor browser, exit relays, exposed services, infrastructure, and testing and profiling tools. The audit, a crystal box penetration test (where the tester has access to the source code), uncovered a total of 17 security issues.
The Computer Emergency Response Team in Ukraine (CERT-UA) recently warned about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The CERT-UA noted that the exact impact of this widespread infection and whether it has affected state organizations or regular people's computers hasn't been determined. PurpleFox (or "DirtyMoe") is a modular Windows botnet malware first spotted in 2018 that comes with a rootkit module allowing it to hide and persist between device reboots.
This project proposes transformative research approaches to provide a significant leap toward genuine autonomous cyber defense by enabling playbooks to be dynamically adaptive, predictive, adversary-aware, and trustworthy. Our proposed techniques address the above challenges and enable advancing the science and engineering of the state-of-the-art of intrusion response automation by ambitiously seeking to develop autonomous cyber defense systems that require no or minimal human involvement in the decision-making loop while maximizing effectiveness (i.e., system convergence to a good state) and minimizing the time-to-respond or mitigate. We propose to make cybersecurity autonomous by designing formal models and techniques that can automatically observe, reason, predict, adapt, and act to respond to attacks proactively, providing provable guarantees of safety and convergence.
Dr. Al-Shaer is a Distinguished Research Fellow at Software and Societal Systems Department in the School of Computer Science, and Faculty Member of CyLab at Carnegie Mellon University. Prof. Al-Shaer was also a Distinguished Career Professor at School of College of Engineering at Carnegie Mellon University. Before joining CMU, Dr. Al-Shaer was a Professor and the Founding Director of NSF Cybersecurity Analytics and Automation (CCAA) center in the University of North Carolina Charlotte from 20011-2020.
Dr. Al-Shaer's primary research areas are AI-enabled cybersecurity including automated adaptive response, domain-specific language models for cybersecurity, formal methods for configuration verification and synthesis, active cyber deception, cyber deterrence and network resilience. He published 10 books and more than 250 refereed publications in his area of expertise. Dr. Al-Shaer was designated by the Department of Defense (DoD) as a Subject Matter Expert (SME) on security analytics and automation in 2011. He was also awarded the IBM Faculty Award in 2012, and the UNC Charlotte Faculty Research Award in 2013.
Dr. Al-Shaer was the ARO Autonomous Cyber Deception Workshop in 2018, General Chair of ACM Computer and Communication in 2009 and 2010, NSF Workshop in Assurable and Usable Security Configuration in 2008. Dr. Al-Shaer was also the Program Committee Chair for many conferences and workshops including ACM/IEEE SafeConfig 2013 and 2015, IEEE Integrated Management (IM) 2007, IEEE POLICY 2008. Al-Shaer has two accepted patents and several submitted ones. He also has lead several technology transfer projects. He is also an advisory board member for leading companies in cybersecurity automation.