QR Code Fraud Detection or authorized secured QR code certificate.
QR (Quick Response) codes are two-dimensional barcodes with the ability to encode different types of information. Because of their high information density and robustness, QR codes have gained popularity in various fields of application. Even though they offer a broad range of advantages, QR codes pose significant security risks. Attackers can encode malicious links that lead e.g., to phishing sites. Some of the possible attack scenarios as follows:
- Making a payment—If the QR code is malicious, making a payment may allow hackers to capture a user’s personal financial information.
- Following social media accounts—If a user’s social media accounts come in contact with a malicious account, their personal information and contacts may be exposed.
- Revealing the user’s location—Malicious actors can use the QR code to send a user’s geolocation information to an application (app) or website.
- Adding a contact listing—Hackers can use a QR code to automatically add a new contact listing to a user’s phone, triggering spear phishing and other attacks.
More than 60% of respondents feared that hackers can target them using a QR code. But, at the end of the day, people consider QR codes to be an easy way to make payments and interact in a touchless world.
Simple way to attack using qr code:
There should be any detection mechanism that the scanned url is free from the phishing, malware, and other possible attacks and the qr code should authorize that it is secure qr code.
Students should Develop a detection system when a qr code is not redirecting to another site which is not actually scanned and check the link against a database of known malicious links.
It is not rendering to http, or ip so it must block the redirection.
Block the download or any mechanism to authorize the download.
Guarding organization from Ransomware attacks:
Ransomware has been a persistent threat for organizations across industries for many years now. As more businesses embrace digital transformation, the likelihood of being targeted in a ransomware attack has grown considerably. This is because the methods cybercriminals employ to carry out attacks are becoming more difficult to identify and manage.
One of the most successful families of ransomware has returned once again, with a new email spam campaign designed to infect victims with the file-encrypting malware.
Locky was one of the first major forms of ransomware to become globally successful and at one point was one of the most common forms of malware in its own right.
Locky was released in 2016 and is spread primarily through emails containing an infected Microsoft Word document. When a user opens the document, they will see unintelligible data and the phrase “Enable macro if data encoding is incorrect.” If they enable macros, then the ransomware will be downloaded and begin encrypting files. After the encryption is complete, victims receive a message on how to pay the ransom and get their files back.
- Develop a mechanism or tool on how you will stop ransomware without encrypting the files?
- How will you determine the attack pattern of the ransomware?
- What are the artifacts that will you collect for analysis?
- Is there any possibility to stop ransomware using YARA signatures? If yes, what is your approach?
Guarding Organization from Browser based Attacks
According to a recent study, approximately 45% of people surfing the Internet are not utilizing the most secure version of their web browser like other software, without the appropriate security patches applied, web browsers are vulnerable to attack or exploit. A fully patched web browser can still be vulnerable to attack or exploit if the browser plug-ins are not fully patched. Traditionally, browser-based attacks originated from bad websites. However, due to poor security coding of web applications or vulnerabilities in the software supporting web sites, attackers have recently been successful in compromising large numbers of trusted web sites to deliver malicious payloads to unsuspecting visitors.
A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll, and other sensitive functions.
Google said it removed more than 70% of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month.
- Develop a browser artifact collector and mention why it is unique from other tools which are available in the market?
- What are the artifacts that you will collect for the analysis?
- What is your approach for doing browser forensics?
- How to secure our web browser and what are the steps that are necessary to take to prevent attacks?
The use of videos and audios as definitive evidence of events has begun to be challenged by high-quality fake videos and audios made by AI-algorithms (the deep fakes). Deep neural networks (DNNs) provide a new spin on the perplexing subject of online deception. Although digital image and video modification is not new, the rapid development of DNNs in recent years has made the process increasingly faster and seamless.
Deep Fake videos that are well-crafted can generate illusions of a person’s presence and actions that do not exist and can result in severe political, social, financial, and legal consequences.
1.Identify the current deepfake detection methods/techniques.
2. Identify what are the current limitations and come up with new ideas that can counter them
Challenge 5: The Public Core of the Internet
Incidents such as those affecting the Internet domain name system, forging a widely used software validation certificate, and corrupting certificate authorities provide examples of the potential disruptions that could generate widespread consequences for Internet users around the world. On November, 21, 2017, at the Global Conference on Cyberspace in New Delhi, India, the Global Commission on the Stability of Cyberspace issued a “Call to Protect the Public Core of the Internet”. The declaration urges state and non-state actors to avoid activity that would intentionally and substantially damage the general availability or integrity of the “public core” of the Internet.
(a) What, according to you, constitutes the public core of the Internet? In other words: what ultra critical Internetinfrastructure (assets and services) ought to beprotected from harmful state and non-state activity?
(b)How do you advise to protect the public core of the Internet from harmful state and non-state activity? Please explain why you choose these particular means in contrast to others and also explain their shortcomings. [Examples how you go about protecting it: restrictive measures, such as laws, norms, standards, etc., and positive measures, such as funding, support, enhanced responsibility, etc.]
•On the Public Core: GCSC Call to Protect: https://cyberstability.org/research/call-to-protect/
•On the Public Core: WRR Report https://english.wrr.nl/publications/reports/2015/10/01/the-public-core-of-the-internetOther literature:
•Public Core: GCSC text https://www.intgovforum.org/multilingual/index.php?q=filedepot_download/5065/757
•Public Core: Briefings from the GCSC Research Advisory Group https://cyberstability.org/research/briefings-and-memos-of-the-research-advisory-group/
•On norms and laws for states: UN GGE Reports http://www.un.org/ga/search/view_doc.asp?symbol=A/70/174
Challenge 6: 21st Century Instruments for Accountability
In this era of the Global Digital Revolution, digital technologies provide the world with a wealth of positive accomplishments. Societies and individuals can benefit in all manner of ways through access to knowledge, people and organizations on a local and global level. More than that, digital has become a must-have, for people, society and the economy. Indeed, digital technology fosters innovation. Online platforms, e commerce, social media, artificial intelligence, data analytics, robotics and the internet of things (IoT) are further expediting this process by hyper-connecting individuals, organizations, communities, societies and data, with tens of billions of objects and entities.
Unfortunately, the Internet is not immune to evil. Breaches of norms and values are also occurring in the online and cyber worlds, ranging from fraud, identity theft, bullying and other forms of personal harassment or exploitation through to malign social engineering,phishing and hacking attacks which can threaten key networks and even entire nations. A number of prerequisites have to be met to maintain democratic principles i.e. privacy, security, transparency, safety, wellbeing, and accountability. I4ADA will focus on developing instruments for accountability in the Digital Age. Instruments can be traditional, such as new international legislation or international government lead institutes. Or instruments can be more modern such as the creation of an Accountability Index or other digital instruments to measure, track, and/or manage accountability variables.
Develop a framework of both measures/indicators as well as metrics for the assessment of accountability on country and/or organization level and provide sources for open and free to use sources that provide the data that are required to make it executable.
Questions that might guide your thinking:
•Are there standards, frameworks or metrics in other domains like in physical security, health environment or safety that might guide us?
•Do you know of initiatives that could be used as a kernel to further develop this framework?
Sources for inspiration and guidance: