Litcius/Paper detail

Digital Forensic Analysis of Ransomware Attacks on Industrial Control Systems: A Case Study in Factories

Phitaya Nakhonthai, Krishna Chimmanee

202215 citationsDOI

Abstract

In the era of Industry 4.0, the Industrial Control Systems (ICS) are generally connected via a variety of network interfaces for real-time monitoring. As a result, ICS has become one of the main targets to be attacked by several threat actors by discovering the vulnerability in the system encrypting the data, and demanding ransom. Thus, protecting the network has become a major task for many organizations. Although several cybersecurity frameworks and best practices for ransomware are published, a research article case study on the ICS ransomware protection is rarely proposed. Thus, there is a need for actual case studies to increase cyber security experiences. Thus, this paper introduces three case studies based on qualitative research and a real case study. For the actual case study, the network diagram, event log, digital evidence, and digital forensic timeline are presented. For attack analysis, Microsoft ransomware attack framework and MITRE code are used since computer-controlling machines are Windows 10. Case analyses are compared for the understanding of cyber security vulnerabilities.

Topics & Concepts

RansomwareTimelineComputer securityComputer scienceDigital forensicsVulnerability (computing)RansomMalwareSCADAIndustrial control systemControl (management)EngineeringArtificial intelligenceElectrical engineeringArchaeologyPolitical scienceLawHistoryAdvanced Malware Detection TechniquesDigital and Cyber ForensicsInformation and Cyber Security