Ransomware Reconnaissance: Interrogating Certificates Towards Proactive Threat Mitigation

RUDD, Steph (2024). Ransomware Reconnaissance: Interrogating Certificates Towards Proactive Threat Mitigation. In: KOBUSINSKA, Anna, JACOBSSON, Andreas and CHANG, Victor, (eds.) Proceedings of the 9th International Conference on Internet of Things, Big Data and Security IoTBDS. SCITEPRESS - Science and Technology Publications, 97-106. [Book Section]

Documents
34377:715811
[thumbnail of Rudd-RansomwareReconnaissanceInterrogating(VoR).pdf]
Preview
PDF
Rudd-RansomwareReconnaissanceInterrogating(VoR).pdf - Published Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (193kB) | Preview
Abstract
“Got Root?” Presented herewith is an innovative approach to ransomware defence by interrogating the security certificate chain pertaining to modern website security. It is a proactive strategy to scrutinise the online resources prior to download for assessment of likelihood that ransomware may be present as a result of inconsistencies between the URL and its security certificate. OpenSSL is employed for interrogating certificate attributes, including characteristics such as domain mismatch and revocation status, through the systematic approach of certificate retrieval, parsing and validation. Whilst not a ‘silver bullet solution’ to the wider realm of ransomware attacks, this study presents a nuanced approach to suspicion detected under certificate-related vulnerabilities at a preemptive and reconnaissance stage of hazard - a necessary basis for any subsequent cyber security investigation.
More Information
Statistics

Downloads

Downloads per month over past year

View more statistics

Metrics

Altmetric Badge

Dimensions Badge

Share
Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email

Actions (login required)

View Item View Item