CYB1: Understanding and Mitigating Malware Campaigns and their Underlying Cybercriminal Operations

About

Full course name - CYB1: Understanding and Mitigating Malware Campaigns and their Underlying Cybercriminal Operations, Complemented with a Preliminary Dive into Digital Forensics and IoT Device Firmware Hardening against Exploitation

 Malware is increasingly becoming a key problem for organizations and Internet users. Cybercriminals infect computers with malware and use them for their own gain, for example by stealing sensitive financial information or corporate data. This ecosystem has become so profitable that an entire underground economy has emerged around it, in which specialized actors provide services to each other and collaborate towards the success of these criminal endeavors. In this course, we will cover malware and cybercriminal operations in detail, focusing on both the engineering and the social and economic aspects of malware operations. We will then introduce mitigation techniques against malware operations and illustrate what an effective mitigation strategy against malware operations looks like.  Additionally, we will delve deeper into the field of memory forensics, exploring how to detect and analyze malware artifacts in system memory. We will also cover using the Volatility tool to perform memory analysis, including mining and analyzing volatile data to uncover hidden malware and its operational footprints.

Target group

Bachelor-level degree in Computer Science, Information technology, or comparable.

Advanced Bachelor’s students, Master’s students, PhD students and post-docs.

Course aim

The module aims to provide students with the skills needed to understand cybercrime in a global context and the role of a malware analyst. During this course, students will learn how cybercriminals operate, and how to develop better mitigations against this threat. Students will learn advanced methods used by malware developers to produce stealthy malware and how cybersecurity professionals analyze malware. Specifically, the module has the following learning objectives:

Understand core concepts and nomenclature of malware and cybercriminal operations.
Understand the technical, economic, and social aspects of malware operations. These aspects will allow the participant to understand how a single malware infection factors into the complex cybercriminal ecosystem.
Understand the process carried out by malware analysts to reverse malware. Be able to analyze malware analysis traces to understand the nature of a malware infection on an affected computer.
Understand the first line of defense against malware and strategic mitigations. Devise effective mitigation techniques against malware operations. These mitigation will be not only technical, but will also factor in economic, social, and legal aspects.
Gain both theoretical foundations and, increasingly importantly, hands-on experience in memory/malware/digital forensics. Learn how to use tools like Volatility to analyze system memory, uncover traces of malware, and understand its behavior in volatile memory.