Analyzing pieces of evidence found in a digital device is a laborious task. The challenges of which are further augmented by the ever-changing methods and technologies adopted by threat actors. Digital forensics applies scientific methods to analyze and recreate the sequence of events that occurred either during the security breach in a corporate firm or during a criminal investigation for the law and enforcement body. This process of procuring artifacts, analyzing, documenting, and reporting is accompanied by many challenges and aided by useful tools and technology that this article aims to describe in brief.
By Anis Pankhania CISO Cloud Infrastructure Services, Capgemini India
Trends in Cybercrime
As stated earlier, the ever-changing threat landscape and the development of technology being used maliciously pose a variety of challenges for the digital forensic investigator. Organizations are under constant threat of attack as there is no shortage of factors that induce disruption, which range from substantial information breaches to malware and botnet assaults. Some of the current trends in cyberattacks could be listed as:
- Malware: The spreading of malware today has turned into a sort of continuous campaign, with the majority of recent incidents involving the use of ransomware or some other form of malware. Spyware and ransomware are the most dangerous malware that poses a serious threat to information security, as they tend to encrypt or exfiltrate sensitive information. To make matters worse, this malware is increasingly equipped with sophisticated anti-forensic techniques that tend to increase the amount of time required for the investigators to retrieve any artifact or evidence. Encryption of data itself is an anti-forensic technique wherein if the threat actor gains a greater privilege, then not only the sensitive information (which is to be held for ransom) but also their digital footprints could be encrypted, never to be decrypted again. Ransomware typically targets all types of file extensions without any barriers, as such files that are of some importance to the victim. Even if the targeted organization pays the ransom, which by the way is now illegal, according
to the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), there is very little probability of getting back the encrypted data.
- Botnets: Botnets are compromised systems that are controlled by the threat actors through a remote network of command and control without the knowledge of their owners/users. Botnets are generally used to conduct a DDoS attack, cryptojacking, click fraud, phishing, spam, and multiple other malicious operations. The threat actor could issue the command for the attack to the bots at any moment through the command-and-control network. A high level of internet privacy and security knowledge is required on the part of the network administrator and forensic analyst to identify and stop the botnet attack.
- Cryptojacking: This is the advanced application of the botnet network, where the bots are installed with crypto mining programs to mine cryptocurrency. This cryptojacking malware is designed to hijack the processor of the device to run crypto-mining programs effectively, which will, in turn, overheat the power source, hence, damaging the device. Though crypto mining is not illegal, it is a legitimate method used by blockchain experts to mine and generate digital currency, but this process requires high and fast performance on the part of the systems, which is generally expensive. Where legitimate miners use their high-end systems and tools, malicious attackers use their botnet network to mine digital currency.
Importance of Cyber Forensics
Though it may seem that cyber forensics exists due to the existence and implementation of cybersecurity programs, and a failed information security framework feeds the digital forensics operations. But in reality, both are co-dependent and go hand-in-hand. Digital forensics provides the information that feeds the developments in cybersecurity. The cumulative information about the state of security is obtained through numerous cases investigated through cyber forensics. Understanding this delicate balance between the two will help cybersecurity professionals to create a better security architecture…To read the full story, subscribe to CISO MAG
This story first appeared in the June 2021 issue of CISO MAG.
About the Author
Anis Pankhania is a technology leader, with a thorough understanding of adapting technology expertise to “business vision.” He is an award-winning information security leader with 23 years of experience in leading the complete information security, infrastructure management, digitalization, application development and management, program/ project management, IT network and data center operations, telecom circle/ corporate/business operations, etc. The majority of his tenure has been spent with large telecom and IT companies in India (Bharti Airtel, Aircel, IBM, and Vodafone). Pankhania established IT divisions from scratch, involving the design of strategy & execution roadmap, objectives, operating procedures, multi-site facilities, end-user workspace for 30k+ end users.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.