Watch out! Doxware on the way...

摘要

Malware remains the number one threat for individuals, enterprises, and governments. Malware's aftermath can cause irreversible casualties if the requirements of the attackers are not met in time. Security researchers' primary objective is protecting the assets that a person/company possesses. They are in a constant battle in this cyberware facing attackers' malicious intent. To compete in this arms race against security breaches, we propose an insight into plausible attacks, especially Doxware (also called leakware). We present a quantification model that explores the Windows file system in search of valuable data. It is based on the Term Frequency-Inverse Document Frequency (TF-IDF) solution provided in the literature for information retrieval. The highest-ranked files will be then exfiltrated over the Internet to the attacker's server. Then, we studied possible countermeasures including deception-based techniques. Amongst the existent ones, we implemented and tested one based on honeypot files and folders to protect users' assets. We conclude by presenting future perspectives in this area with the possible counter-countermeasures that can be used by an attacker to bypass current detection mechanisms. Our approach delivers an observation of the evolution of malware throughout the last years. It enables users to prevent their sensitive information from being exposed to potential risks.