Ransomware Attacks Threat Modeling Using Bayesian Network
Pemodelan Ancaman Serangan Ransomware Menggunakan Bayesian Network
Abstract
Ransomware is a dangerous malware that blocks access to data through encryption, and it exploits device vulnerabilities to perform chain attacks from one system to another. This study results in modeling the threat of ransomware attacks using Bayesian Network. The structure of the model is created using device vulnerabilities that can be exploited. As the basis for calculating the probability of the model, the EPSS vulnerability score is used. The risk exposure rating is calculated through the joint probability distribution formulation based on attack scenarios. Our model shows that ransomware attacks are most likely to exploit the chain of vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-36942, and CVE-2017-0144 which has a probability value of 0.046534. In addition, the use of the EPSS also makes the risk assessment more factual, accurate, and effective. The threat modeling method can help in identifying ransomware attacks through a chain of vulnerabilities, making risk assessment more precise.
Downloads
References
BSSN, “Lanskap Keamanan Siber Indonesia 2022,” 2022. [Online]. Available: https://cloud.bssn.go.id/s/3S5B2ToddAFsiXs
I. Nadir and T. Bakhshi, “Contemporary cybercrime: A taxonomy of ransomware threats & mitigation techniques,” in 2018 International Conference on Computing, Mathematics and Engineering Technologies (iCoMET), 2018, pp. 1–7. doi: 10.1109/ICOMET.2018.8346329.
A. B. Turner, S. McCombie, and A. J. Uhlmann, “A target-centric intelligence approach to WannaCry 2.0,” Journal of Money Laundering Control, vol. 22, no. 4, pp. 646–665, 2019, doi: 10.1108/JMLC-01-2019-0005.
U. Tatar, B. Nussbaum, Y. Gokce, and O. F. Keskin, “Digital force majeure: The Mondelez case, insurance, and the (un)certainty of attribution in cyberattacks,” Bus Horiz, vol. 64, no. 6, pp. 775–785, 2021, doi: https://doi.org/10.1016/j.bushor.2021.07.013.
FBI, “Conti Ransomware Attacks Impact Healthcare and First Responder Networks,” 2021. [Online]. Available: https://www.ic3.gov/Media/News/2021/210521.pdf
N. Kshetri and J. Voas, “Ransomware: Pay to Play?,” Computer (Long Beach Calif), vol. 55, no. 3, pp. 11–13, 2022, doi: 10.1109/MC.2021.3126529.
NCSC, “Alert: Targeted ransomware attacks on the UK education sector by cyber criminals,” 2020. [Online]. Available: https://www.ncsc.gov.uk/files/20200917-Alert-Academia-Ransomware.pdf
Z. Wang et al., “Automatically Traceback RDP-Based Targeted Ransomware Attacks,” Wirel. Commun. Mob. Comput., vol. 2018, 2018, doi: 10.1155/2018/7943586.
T. Lam and H. Kettani, “PhAttApp: A Phishing Attack Detection Application,” in Proceedings of the 2019 3rd International Conference on Information System and Data Mining, in ICISDM 2019. New York, NY, USA: Association for Computing Machinery, 2019, pp. 154–158. doi: 10.1145/3325917.3325927.
P. O’kane, S. Sezer, and D. Carlin, “Evolution of ransomware,” 2018, doi: 10.1049/iet-net.2017.0207.
ENISA, “MICROSOFT EXCHANGE VULNERABILITIES: Situation update and mitigation,” 2021. [Online]. Available: https://www.enisa.europa.eu/publications/situational-report-on-microsoft-exchange-vulnerabilities
S. G. Abbas et al., “Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach,” Sensors, vol. 21, no. 14, 2021, doi: 10.3390/s21144816.
L. Zhang, A. Taal, R. Cushing, C. de Laat, and P. Grosso, “A risk-level assessment system based on the STRIDE/DREAD model for digital data marketplaces,” Int J Inf Secur, vol. 21, no. 3, pp. 509–525, 2022, doi: 10.1007/s10207-021-00566-3.
A. Zulfia, E. L. Ruskan, and P. Putra, “Penilaian Risiko Aset Informasi dengan Metode OCTAVE Allegro: Studi Kasus ICT Fakultas Ilmu Komputer Universitas Sriwijaya,” JOINS (Journal of Information System), vol. 6, no. 1, pp. 40–47, 2021, doi: 10.33633/joins.v6i1.4088.
A. Khamparia and B. Pandey, “Threat driven modeling framework using petri nets for e-learning system,” Springerplus, vol. 5, no. 1, p. 446, 2016, doi: 10.1186/s40064-016-2101-0.
A. Zimba, H. Chen, and Z. Wang, “Bayesian network based weighted APT attack paths modeling in cloud computing,” Future Generation Computer Systems, vol. 96, pp. 525–537, 2019, doi: 10.1016/j.future.2019.02.045.
J. Jacobs, S. Romanosky, B. Edwards, I. Adjerid, and M. Roytman, “Exploit Prediction Scoring System (EPSS),” Digital Threats, vol. 2, no. 3, 2021, doi: 10.1145/3436242.
Z. Tian et al., “Real-Time Lateral Movement Detection Based on Evidence Reasoning Network for Edge Computing Environment,” IEEE Trans Industr Inform, vol. 15, no. 7, pp. 4285–4294, 2019, doi: 10.1109/TII.2019.2907754.
G. McDonald, P. Papadopoulos, N. Pitropakis, J. Ahmad, and W. J. Buchanan, “Ransomware: Analysing the Impact on Windows Active Directory Domain Services,” Sensors, vol. 22, no. 3, 2022, doi: 10.3390/s22030953.
N. Ullah et al., “Metrics for Assessing Overall Performance of Inland Waterway Ports: A Bayesian Network Based Approach,” 2019, doi: 10.1155/2019/3518705.
R. Duan and J. Fan, “Reliability Evaluation of Data Communication System Based on Dynamic Fault Tree under Epistemic Uncertainty,” Math Probl Eng, vol. 2014, p. 674804, 2014, doi: 10.1155/2014/674804.
Copyright (c) 2023 Digital Zone: Jurnal Teknologi Informasi dan Komunikasi
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Jurnal Digital Zone is licensed under aCreative Commons Attribution-ShareAlike 4.0 International License.
