Malware communication and containment in critical infrastructure networks

Critical infrastructures utilize information technology for control functions, which creates additional entry points in vulnerable hard- and software, providing distribution paths for cyber-attacks. In this dissertation we address the issue of cyber-attacks against critical infrastructures in five parts. First, we provide an evaluation of four network architectures suitable for critical infrastructures. Their security by design and their applicability toward real world scenarios are also considered. We summarize the benefits and drawbacks with a focus on the implementation of self-organizing structures within decentralized and centralized network topologies, regarding security. Then, we investigate malware communication in critical infrastructures, proposing a comprehensive generic model for cyber-attack life-cycles and addressing the specific characteristics of the environment. We include the building blocks for many major known malware types as well as different propagation methods, access vectors, scanning techniques, command and control structures, attack methods, triggers, and cleanup mechanisms. Toward this end, we evaluate a variety of malware types as basis for our attack model and introduce three novel superclasses that are particularly suited for attacking critical infrastructures. These synthetic models provide a basis for the detection of malware communication and extrapolates from existing malware technologies in order to predict future developments. Based on these malware models, we conduct discrete-event simulations in the ns3 environment, which are based on our network topologies that use real infrastructure data from our industrial partner. Our investigations show that aggressive malware, although quickly spreading, leaves footprints for defensive mechanisms to effectively counteract them. However, stealthy malware that is less visible and therefore harder to detect, spreads slower but requires more scrutiny on the defenders’ side. We also develop metrics that evaluate the security by design of each network topology and the malware movement inside critical infrastructure networks. We design those metrics to represent malware spreading and consider the importance of critical nodes inside each topology. This allows us to evaluate how different malware types behave from our simulation results and conclude how to defend against them. Finally, we introduce a list of defensive measures, categorized by functionality and attack type.We correlate these categories to the attack stages that occur during a cyber-attack and map them to our generic cyber-attack life-cycle model.21

The Art of Defending Critical Infrastructures

We introduce a list of counter-measures for the de- fense against cyber-attacks and categorize them by functionality. We allocate the categories to stages that occur during a cyber-attack and elaborate on them by means of well documented use-cases. Since several points in this list are already among the features best practice guides suggest, we consider proactive and reactive measures that complement them. This paper is meant for operators of critical nfrastructures, as a checklist, to raise their defensive capabilities

Hyperaktive oder emotionale Verhaltensprobleme in Lernsituationen beachten

Zusammenfassung. In diesem praxisorientierten Beitrag werden die Ergebnisse aus einer Fragebogenerhebung mit dem Verfahren SDQ-Deu in Hinblick auf die Bedeutung für pädagogische Förder- und Therapiemaßnahmen bei lese, rechtschreib- und/oder rechenschwachen Kindern bzw. für das schulische und häusliche Setting diskutiert. Dafür wurden 420 Volksschulkinder aus 39 Salzburger Schulen nach Abschluss der Grundstufe I, also zu Beginn der dritten Klasse, mit einer standardisierten Testbatterie in den Bereichen Lesen, Rechtschreiben und Rechnen untersucht. Zusätzlich wurde mithilfe von Bewertungen der Bezugspersonen der Schüler/innen (Eltern und Lehrer/innen; N = 309) das emotionale und hyperaktive Verhalten der Kinder erfasst. Die Ergebnisse lassen vermuten, dass gerade Kinder mit Schwierigkeiten im Lesen, Rechtschreiben und Rechnen häufig auch Auffälligkeiten im emotionalen und hyperaktiven Verhalten zeigen. </jats:p

Malware propagation in smart grid networks: metrics, simulation and comparison of three malware types

Smart grids utilize communication technologies that make them vulnerable to cyber attacks. The power grid is a critical infrastructure that constitutes a tempting target for sophisticated and well-equipped attackers. In this paper we simulate three malware types capable of attacking smart grid networks in the ns3 simulation environment. First, an aggressive malware type, named the pandemic malware, follows a topological-scan strategy to find and infect all devices on the network in the shortest time possible, via a brute force approach. Next, the more intelligent endemic malware sacrifices speed for stealthiness and operates with a less conspicuous hit-list and permutation-scan strategy. Finally, a highly stealthy malware type called the contagion malware does not scan the network or initiate any connections but rather appends on legitimate communication flows. We define several metrics to express the infection speed, scanning efficiency, stealthiness, and complexity of malware and use those metrics to compare the three malware types. Our simulations provide details on the scanning and propagation behavior of different malware classes. Furthermore, this work allows the assessment of the detectability of different malware types