{"661889":{"#nid":"661889","#data":{"type":"event","title":"SCP Security Seminar ","body":[{"value":"\u003Cp\u003E\u003Cstrong\u003ESpeaker\u003C\/strong\u003E: Mingxuan Yao, Ph.D. student\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003ETitle\u003C\/strong\u003E: C\u0026amp;C On-Demand: An Empirical Study of Web Application Abuse for Malware Command and Control\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003EAbstract\u003C\/strong\u003E:\u0026nbsp;Web applications (apps) provide a wide array of utilities that are being abused by malware authors as a\u0026nbsp;replacement for attacker-deployed C\u0026amp;C servers. Stopping this Web App-based Command and Control\u0026nbsp;(WACC) requires collaboration between Incident Responders (IRs) and web app providers. However, little\u0026nbsp;research has been done to prove that WACC malware are prevalent enough to warrant such an investment.\u0026nbsp;To this end, we designed Marcea, a malware analysis pipeline to study the prevalence of WACC. Marcea\u0026nbsp;revealed 487 WACC malware in 72 families abusing 30 web apps over the last 15 years. Our research\u0026nbsp;uncovered the number of WACC malware increased by 5.5 times since 2020 and that 86% did not need to\u0026nbsp;connect to an attacker-deployed C\u0026amp;C server. Our study uncovered patterns indicating how specific web apps\u0026nbsp;attract or disincentivize WACC malware. Moreover, web app engagement data collected by Marcea suggests\u0026nbsp;that these malware are active enough to produce up to 5,844,144 access points. To date, we have used Marcea to collaborate with the web\u0026nbsp;app providers to take down 70% of the active WACC malware.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003EBiography\u003C\/strong\u003E: Mingxuan Yao is a fourth year Ph.D. student in the\u0026nbsp;School of Electrical \u0026amp; Computer Engineering(ECE) at\u0026nbsp;\u0026nbsp;Georgia Institute of Technology, under the guidance of Professor\u0026nbsp;Brendan\u0026nbsp;Saltaformaggio\u0026nbsp;in the Cyber Forensics Innovation (CyFI) Lab. He finished his Master\u0026nbsp;Degree in\u0026nbsp;Cybersecurity\u0026nbsp;before that. His research interests lie in cyber attack\u0026nbsp;forensics, and binary analysis techniques. His current research focuses on cyber-threats abusing prestigious web services, aiming to adopt different novel strategies to\u0026nbsp;boost the analysis process.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"Join us for a student led seminar series about today\u0027s security issues"}],"uid":"36253","created_gmt":"2022-10-06 15:45:37","changed_gmt":"2022-10-06 15:45:37","author":"John Popham","boilerplate_text":"","field_publication":"","field_article_url":"","field_event_time":{"event_time_start":"2022-10-26T13:00:00-04:00","event_time_end":"2022-10-26T14:00:00-04:00","event_time_end_last":"2022-10-26T14:00:00-04:00","gmt_time_start":"2022-10-26 17:00:00","gmt_time_end":"2022-10-26 18:00:00","gmt_time_end_last":"2022-10-26 18:00:00","rrule":null,"timezone":"America\/New_York"},"extras":["free_food"],"hg_media":{"661730":{"id":"661730","type":"image","title":"SCP Title Card","body":null,"created":"1664557007","gmt_created":"2022-09-30 16:56:47","changed":"1664557007","gmt_changed":"2022-09-30 16:56:47","alt":"","file":{"fid":"250652","name":"SCP newsletter logo3.jpg","image_path":"\/sites\/default\/files\/images\/SCP%20newsletter%20logo3.jpg","image_full_path":"http:\/\/hg.gatech.edu\/\/sites\/default\/files\/images\/SCP%20newsletter%20logo3.jpg","mime":"image\/jpeg","size":1174968,"path_740":"http:\/\/hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/SCP%20newsletter%20logo3.jpg?itok=-U6xzVLs"}}},"media_ids":["661730"],"related_links":[{"url":"https:\/\/gatech.zoom.us\/j\/93110228192?pwd=amhYdzVkLzhOb3NHdVN5eTBKaDc0Zz09","title":"Attend Virtually on Zoom"},{"url":"http:\/\/mingxuan.ece.gatech.edu\/","title":"Mingxuan\u0027s Website"}],"groups":[{"id":"47223","name":"College of Computing"}],"categories":[],"keywords":[{"id":"1404","name":"Cybersecurity"},{"id":"3221","name":"privacy"},{"id":"2437","name":"lecture"},{"id":"166896","name":"seminar"},{"id":"167058","name":"Student"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[{"id":"1795","name":"Seminar\/Lecture\/Colloquium"}],"invited_audience":[{"id":"78761","name":"Faculty\/Staff"},{"id":"78771","name":"Public"},{"id":"174045","name":"Graduate students"}],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003EPradyumna\u0026nbsp;Shome, Ph.D. Student\u003C\/p\u003E\r\n\r\n\u003Cp\u003Epradyumna.shome@gatech.edu\u003C\/p\u003E\r\n","format":"limited_html"}],"email":[],"slides":[],"orientation":[],"userdata":""}}}