*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Pradyumna Shome, Ph.D. Student
pradyumna.shome@gatech.edu
Summary Sentence: Join us for a student led seminar series about today's security issues
Full Summary: No summary paragraph submitted.
SCP Title CardSpeaker: Mingxuan Yao, Ph.D. student
Title: C&C On-Demand: An Empirical Study of Web Application Abuse for Malware Command and Control
Abstract: Web applications (apps) provide a wide array of utilities that are being abused by malware authors as a replacement for attacker-deployed C&C servers. Stopping this Web App-based Command and Control (WACC) requires collaboration between Incident Responders (IRs) and web app providers. However, little research has been done to prove that WACC malware are prevalent enough to warrant such an investment. To this end, we designed Marcea, a malware analysis pipeline to study the prevalence of WACC. Marcea revealed 487 WACC malware in 72 families abusing 30 web apps over the last 15 years. Our research uncovered the number of WACC malware increased by 5.5 times since 2020 and that 86% did not need to connect to an attacker-deployed C&C server. Our study uncovered patterns indicating how specific web apps attract or disincentivize WACC malware. Moreover, web app engagement data collected by Marcea suggests that these malware are active enough to produce up to 5,844,144 access points. To date, we have used Marcea to collaborate with the web app providers to take down 70% of the active WACC malware.
Biography: Mingxuan Yao is a fourth year Ph.D. student in the School of Electrical & Computer Engineering(ECE) at Georgia Institute of Technology, under the guidance of Professor Brendan Saltaformaggio in the Cyber Forensics Innovation (CyFI) Lab. He finished his Master Degree in Cybersecurity before that. His research interests lie in cyber attack forensics, and binary analysis techniques. His current research focuses on cyber-threats abusing prestigious web services, aiming to adopt different novel strategies to boost the analysis process.
