{"title":"Evolution of IoT Linux Malware: A MITRE ATT&CK TTP Based Approach","authors":"Veronica Chierzi, Fernando Mercês","doi":"10.1109/eCrime54498.2021.9738756","DOIUrl":null,"url":null,"abstract":"In recent years, attacks against Internet of Things devices have increased by 59% says [1]. In this work, we investigate the evolution of malware that emerged in the last two years by taking advantage of the MITRE ATT&CK framework to deliver an analysis methodology based on this structure. We analyzed 14 distinct malware families that were discovered in the period by major security vendors and our threat intelligence investigations.In this paper, we propose a methodology to keep track of threats capability evolution using the MITRE ATT&CK framework. Our research aims to extend the current knowledge of Linux malware in the IoT domain and deliver a different analysis point of view. The findings presented in this paper about what changed, for example, what techniques are removed from the malware implementation, support the benefit of this analysis and tracking methodology to study the evolution of malware.","PeriodicalId":228129,"journal":{"name":"2021 APWG Symposium on Electronic Crime Research (eCrime)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 APWG Symposium on Electronic Crime Research (eCrime)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/eCrime54498.2021.9738756","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
In recent years, attacks against Internet of Things devices have increased by 59% says [1]. In this work, we investigate the evolution of malware that emerged in the last two years by taking advantage of the MITRE ATT&CK framework to deliver an analysis methodology based on this structure. We analyzed 14 distinct malware families that were discovered in the period by major security vendors and our threat intelligence investigations.In this paper, we propose a methodology to keep track of threats capability evolution using the MITRE ATT&CK framework. Our research aims to extend the current knowledge of Linux malware in the IoT domain and deliver a different analysis point of view. The findings presented in this paper about what changed, for example, what techniques are removed from the malware implementation, support the benefit of this analysis and tracking methodology to study the evolution of malware.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
