Thesis for a degree 【 display / non-display 】

Thesis for a degree 【 display / non-display 】

• Defense Against Cyber Attacks Based on Analysis of Relationship Between Attackers' Motivation and Activities

  Takayuki Sasaki

  2021.3

  Doctoral Thesis   Single Work  

Papers 【 display / non-display 】

Papers 【 display / non-display 】

• Exposed Infrastructures: Discovery, Attacks and Remediation of Insecure ICS Remote Management Devices

  Takayuki Sasaki, Akira Fujita, Carlos Hernandez Ganan, Michel van Eeten, Katsunari Yoshioka, Tsutom … Show more authors

  IEEE Symposium on Security and Privacy (IEEE S&P)   2022  [Reviewed]

  　More details

  Authorship：Lead author   Language：English   Publishing type：Research paper (international conference proceedings)   Joint Work  

• Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic Network

  Takayuki Sasaki, Takaya Noma, Yudai Morii, Toshiya Shimura, Michel van Eeten, Katsunari Yoshioka, T … Show more authors

  IEEE Symposium on Security and Privacy (IEEE S&P)   2024.5  [Reviewed]

  　More details

  Authorship：Lead author   Language：English   Publishing type：Research paper (international conference proceedings)   Single Work  

• Observation of Human-Operated Accesses Using Remote Management Device Honeypot

  SASAKI Takayuki, KAWAGUCHI Mami, KUMAGAI Takuhiro, YOSHIOKA Katsunari, MATSUMOTO Tsutomu

  IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences   E107.A ( 3 )   291 - 305   2024.3

  DOI Web of Science CiNii Research

  　More details

  Language：English   Publishing type：Research paper (scientific journal)   Publisher：一般社団法人 電子情報通信学会   Joint Work  

  <p>In recent years, cyber attacks against infrastructure have become more serious. Unfortunately, infrastructures with vulnerable remote management devices, which allow attackers to control the infrastructure, have been reported. Targeted attacks against infrastructure are conducted manually by human attackers rather than automated scripts. Here, open questions are how often the attacks against such infrastructure happen and what attackers do after intrusions. In this empirical study, we observe the accesses, including attacks and security investigation activities, using the customized infrastructure honeypot. The proposed honeypot comprises (1) a platform that easily deploys real devices as honeypots, (2) a mechanism to increase the number of fictional facilities by changing the displayed facility names on the WebUI for each honeypot instance, (3) an interaction mechanism with visitors to infer their purpose, and (4) tracking mechanisms to identify visitors for long-term activities. We implemented and deployed the honeypot for 31 months. Our honeypot observed critical operations, such as changing configurations of a remote management device. We also observed long-term access to WebUI and Telnet service of the honeypot.</p>

• SPOT: In-depth Analysis of IoT Ransomware Attacks Using Bare Metal NAS Devices

  Yasui Hiroki, Inoue Takahiro, Sasaki Takayuki, Tanabe Rui, Yoshioka Katsunari, Matsumoto Tsutomu

  Journal of Information Processing   32 ( 0 )   23 - 34   2024

  DOI CiNii Research

  　More details

  Language：English   Publishing type：Research paper (scientific journal)   Publisher：一般社団法人 情報処理学会   Joint Work  

  <p>Ransomware attacks targeting Network Attached Storage (NAS) devices have occurred steadily in the threat landscape since 2019. Early research has analyzed the functionality of IoT ransomware binaries but failed to reveal its operation and attack infrastructure. In this paper, we propose an attack observation system named SPOT, which uses popular bare metal NAS devices, QNAP, as the honeypot and the malware sandbox to conduct an in-depth analysis of IoT ransomware attacks. During the six-month observation from September 2021 to March 2022, we observed on average, 130 hosts per day accessing from the Internet to compromise the NAS devices. Moreover, we executed 48 ransomware samples downloaded from VirusTotal in the SPOT sandbox. We identified seven remote Onion proxy servers used for C&C connection and successfully observed three samples infecting the NAS device to connect them to the C&C server behind the TOR network. The ransom notes gave two kinds of contact points; instruction web pages and email addresses. Though the email addresses were not reachable, we could access the instruction website. We kept monitoring the website and observed a “30% discount campaign” for ransom payments. We also interacted with the threat actor via online support chat on the website, but we were banned from the channel because we asked about their organization. We observe that the degree of automation in the attack operation is much higher compared to the carefully tailored and targeted ransomware attacks. While each case of successful ransom payment is limited to 0.03 BTC, the automated nature of the attacks would maximize the frequency of such successful cases.</p>

• Mitigate: Toward Comprehensive Research and Development for Analyzing and Combating IoT Malware

  NAKAO Koji, YOSHIOKA Katsunari, SASAKI Takayuki, TANABE Rui, HUANG Xuping, TAKAHASHI Takeshi, FUJIT … Show more authors

  IEICE Transactions on Information and Systems   E106.D ( 9 )   1302 - 1315   2023.9

  DOI Web of Science CiNii Research

  　More details

  Language：English   Publishing type：Research paper (scientific journal)   Publisher：一般社団法人 電子情報通信学会   Joint Work  

  <p>In this paper, we developed the latest IoT honeypots to capture IoT malware currently on the loose, analyzed IoT malware with new features such as persistent infection, developed malware removal methods to be provided to IoT device users. Furthermore, as attack behaviors using IoT devices become more diverse and sophisticated every year, we conducted research related to various factors involved in understanding the overall picture of attack behaviors from the perspective of incident responders. As the final stage of countermeasures, we also conducted research and development of IoT malware disabling technology to stop only IoT malware activities in IoT devices and IoT system disabling technology to remotely control (including stopping) IoT devices themselves.</p>

display all >>

Industrial Property Rights 【 display / non-display 】

Industrial Property Rights 【 display / non-display 】

• COMMUNICATION SYSTEM, CONTROL APPARATUS, COMMUNICATION APPARATUS, COMMUNICATION CONTROL METHOD, AND PROGRAM

  Kentaro SONODA, Hideyuki SHIMONISHI, Toshio KOIDE, Yoichi HATANO, Masayuki NAKAE, Masaya YAMAGATA, Yoichiro MORITA, Takayuki SASAKI, Yuki ASHINO, Takeo OHNO

  　More details

  Application no：15909087 

• ファームウェア書き換え装置、ファームウェア書き換え方法、及び、プログラムが格納された非一時的なコンピュータ可読媒体

  小林　俊輝, 森田　佑亮, 佐々木　貴之

  　More details

  Application no：PCT/JP2019/011174 

• 半導体装置、制御フロー検査方法、非一時的なコンピュータ可読媒体及び電子機器

  JADA Astha, 小林　俊輝i, 佐々木　貴之, ASONI Daniele Enrico, PERRIG Adria

  　More details

  Application no：PCT/JP2019/025133 

• 半導体装置、制御フロー検査方法、非一時的なコンピュータ可読媒体及び電子機器

  JADA Astha, 小林　俊輝i, 佐々木　貴之, ASONI Daniele Enrico, PERRIG Adria

  　More details

  Application no：PCT/JP2019/025100 

• セキュリティ管理装置、セキュリティ管理方法、及び非一時的なコンピュータ可読媒体

  森田　佑亮, 佐々木　貴之, 小林　俊輝

  　More details

  Application no：PCT/JP2019/028680 

display all >>

Awards 【 display / non-display 】

Awards 【 display / non-display 】

• 情報通信システムセキュリティ研究賞

  2022   電子情報通信学会情報システムセキュリティ研究会   重要施設に設置されたIoT機器のインターネット全域探索

  Individual or group name of awards：平工瑞希, 佐々木貴之, 吉岡克成, 松本勉

• CSS優秀論文賞

  2021   情報処理学会   コネクテッドカーはインターネット上から発見可能か？

  Individual or group name of awards：植田 岳洋, 佐々木 貴之, 吉岡 克成, 松本 勉,