|
|
Cybercrime in the EU
Molnárová, Martina ; Loutocký, Pavel (referee) ; Stupka, Václav (advisor)
This bachelor thesis deals with cybercrime in the European Union at present time. It begins with a description of the most well-known historical cybercrimes, which has helped to create cybercrime as a separate branch of crime. Subsequently, the work describes the changes that have occurred in the development of cybercrime, describes the practical problems in prosecuting cybercrime and its current trends. At the same time, it outlines the problems that arise in producing adequate statistics. The practical part of the work then describes the basic function of the application, which was created to work for the purpose of providing information on cybercrime and clear mediation of available statistical information.
|
|
|
Ransomware Traffic Analysis
Šrubař, Michal ; Grégr, Matěj (referee) ; Ryšavý, Ondřej (advisor)
The focus of this work is crypto-ransomware; a variant of malware, an analysis of this malware’s network communication, and the identification of means by which it may be detected in the network. The thesis describes the methodology and environment in which the malware’s network communications were studied. The first part of the thesis provides a network traffic analysis of this type of malware with a focus on HTTP and DNS communication, including anomalies that can be observed in the network during this malware’s activity. The thesis also includes a discussion of the user behavior of devices infected by this type of malware. The resulting data was used to identify and describe four detection methods that are able to recognize the malware from its network communication using the HTTP protocol. Finally, a description of several signatures that can be used as indicators of a possible infection by this malware are provided.
|
|
|
Analysis of malware
Bláha, Michael ; Caha, Tomáš (referee) ; Člupek, Vlastimil (advisor)
The aim of my bachelor thesis is to design a safe environment for the analysis of malicious software. In the theoretical part of the work, I deal with the basic division of computer viruses. Next, I describe two main procedures for malware analysis, namely static and dynamic analysis. I describe why they are used and what tools fall into these categories. I also present my methodology for secure malware analysis. In the practical part of the work, I focus on creating an analytical environment on Windows 10 and Fedora platforms. I use a graphical environment and a command line to create virtual machines. For the analysis of network traffic, I create the so-called "Fake Internet" program with the INetSim program. In the last part of the work, I deal with a sample analysis of selected types of computer viruses. I follow the described methodology. For each analysis, I describe a brief summary and results. At the end of the work, I describe a possible defense against malicious software.
|
|
|
Ransomware Obfuscation Techniques
Jacko, Jerguš ; Barabas, Maroš (referee) ; Kačic, Matej (advisor)
This master's thesis seeks to design, implement, and point out new techniques for obfuscation of ransomware activity using the entropy principles of data that do not fall within the detection capabilities of known anti-ransomware and anti-virus tools. The proposed techniques are aimed at changing the ransomware activity in the downgrading phase (encryption or obfuscation) of files on the infected system.
|
|
|
Methods of Ransomware Analysis and Detection
Vojtáš, Samuel ; Kolář, Dušan (referee) ; Zobal, Lukáš (advisor)
The purpose of this thesis is to demonstrate the threat of malware and to describe its forms. Special focus is put on ransomware - its historical evolution, method of analysis, detection, and recovery from it. Various techniques of reverse engineering are also introduced alongside concepts related to it, such as static and dynamic analysis or sandboxing. Paper centers around creating detection mechanisms and malware classification. Company Avast provided samples of several ransomware families for the analysis to create detection YARA rules and to describe samples' behavior. The process of development of detection mechanisms for ransomware threats is shown alongside the method to decrypt files encrypted by various ransomware families that contained cryptography errors. The end of the thesis sums up the resulting data regarding the efficiency of defense mechanisms.
|
|
|
Automatic Detection of Cryptography Used in Code
Mička, Richard ; Šilhavý, Pavel (referee) ; Hajný, Jan (advisor)
This thesis covers the topic of automatic detection of cryptography used in application code, which currently requires a lot of manual effort to analyze for a given unknown program sample. In this thesis, a possibility of implementing an automated tool for analysing the usage of Microsoft CryptoAPI cryptographic library by analysed programs is researched. This library is distributed with Microsoft Windows and can be misused by an attacker to cause significant harm to a victim. By recognizing cryptographic operations used and by presenting the summary of their use, it is in certain situations possible to distinguish malicious programs just based on the presented analysis summary. Main objective of this thesis was creation of such automatic analyser module integrated into Cuckoo sandbox. Along with the design proposal of such analyser, this thesis includes CryptoAPI library and Cuckoo sandbox functionality exploration and description. Proposed automatic analyser was successfully created, deployed and tested in production environment and the achieved results were discussed.
|
|
|
Analysis of the GlobeImposter ransomware
Procházka, Ivo ; Komosný, Dan (referee) ; Martinásek, Zdeněk (advisor)
The aim of this diploma thesis is to analyze an instance of the GlobeImposter ransomware extracted from an affected device. The first part outlines various types of malware and ransomware and includes a description of encryption mechanisms and key distribution systems. It also discusses possible approaches of static and dynamic analysis of malware samples and requirements for test environments. The practical part describes the source of the malware sample, the physical and virtual test environment and the results of the static and dynamic analysis of the GlobeImposter ransomware. The final part discusses the results and the possibility of implementing a decryptor for the analyzed GlobeImposter ransomware.
|
|
|
Application displaying the course of cyber attacks
Safonov, Yehor ; Gerlich, Tomáš (referee) ; Martinásek, Zdeněk (advisor)
Nowadays, the safety of end stations is a topical issue. The complexity of the programming equipment of the computing systems brings about a greater probability of creating vulnerabilities, which could be used as a new anchor point for possible attacks aimed at endpoint computers or the whole company infrastructure. One of the main goals of this bachelor thesis is to create an instrument that would allow system administrators to perform more effective analysis and countermeasures directed to prevent the emergence of negative threats. From a theoretical point of view, the bachelor thesis will focus on the most common attacks on modern operating systems with an emphasis on Windows. It will then deal with the problematics of malicious code, especially with the principles of its operation, specific features and current trends. In the practical part, focus will be placed on the implementation of a robust application that will become a part of the project that is currnetly being developed in TrustPort company. In the beginning, the bachelor thesis is going to analyze different use cases of the application. Further it will make comparisons between different graphical representations, which could be displayed. Subsequently, the thesis is going to define the sets of functional, non-functional and critical requirements for the implementation as to create a concept of future application, specifically its architecture and user interface. During the next step a plan of the implementation of the proposed application is going to be presented. This plan is logically divided into several stages for better understanding. According to the implemented parts, the functionality of the application will be tested on the most commonly detected user attacks. At the end of the work, possible expansion, improvements and a concise conclusion will be stated.
|
|
|
The Impacts of a Ransomware Attack: Risk Management and Implementation of the Minimal Security Standard
Syrovátková, Lucie ; Alena,, Rybáková (referee) ; Sedlák, Petr (advisor)
The aim of the thesis is to implement cyber security in a small company as a result of a suffered ransomware attack based on the requirements of the Minimal Security Standard, which is a support material for entities that are not regulated by the Cyber Security Act in the Czech Republic. The main goal is achieved through the three main parts into which the thesis is divided. The introductory part is a theoretical support for the remainder of the thesis and contains the main concepts and areas that are used in the thesis. The analytical part focuses on the description of a possible vector of a ransomware attack and its consequences. In the second part of the analytical chapter, the current situation of the company is assessed in comparison to the requirements of the Minimal Security Standard. The last part proposes specific security measures, creation of security policies adapted to the company's capabilities and an economic evaluation.
|
|
|
Criminological and criminal law aspects of the ransomware spread
Lédl, Kryštof ; Gřivna, Tomáš (advisor) ; Richter, Martin (referee)
67 Criminal-law aspects and criminological aspects of ransomware spread Abstract The thesis deals with the ransomware spread and its exploration from the perspective of criminology and substantive criminal law. This theme is still relevant as ransomware is still a highly used form of cybercrime, whose method of execution is being constantly improved by the perpetrators. The theme is further relevant because this form of cybercrime is also used as a form of waging war against another state, as may be seen e.g. in the increasing number of cyber-attacks incurring in connection with the current war between Ukraine and Russia. The first part of this thesis defines the term ransomware and then briefly describes the history of this type of cybercrime. This part further describes the different types of ransomware currently recognized by the professional community. Current trends in the ransomware spread are also outlined. The second part discusses the criminological aspects of ransomware, focusing primarily on explaining the ransomware spread by the criminological theories, examining the personality of the perpetrator and the victim from a criminological perspective, and exploring other criminological aspects of ransomware. The third part of the thesis concerns the assessment of ransomware spread under substantive...
|
guest ::
