Evaluating an Effective Ransomware Infection Vector in Low Earth Orbit Satellites

• URL: http://arxiv.org/abs/2412.04601v1
• Date: Thu, 05 Dec 2024 20:30:26 GMT
• Title: Evaluating an Effective Ransomware Infection Vector in Low Earth Orbit Satellites
• Authors: Marin Donchev, Dylan Smyth,
• Abstract summary: In this paper, we outline a scenario in which an attacker can infect an in-orbit NASA Core Flight System (cFS) based satellite with ransomware and communicate the infection back to a satellite operator.<n>This paper is the first to demonstrate an end-to-end exploit path that results in a ransomware infection without the need for a supply chain attack or compromised credentials.
• Score: 0.0
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Non-Terrestrial Networks (NTNs) and satellite systems have become an important component of modern data communication systems in recent years. Despite their importance, the security of these systems is often limited, leaving them vulnerable to determined attackers. In this paper, we outline a scenario in which an attacker can infect an in-orbit NASA Core Flight System (cFS) based satellite with ransomware and communicate the infection back to a satellite operator. This paper is the first to demonstrate an end-to-end exploit path that results in a ransomware infection without the need for a supply chain attack or compromised credentials. Novel ransomware is delivered to an emulated satellite system using custom shellcode that exploits a weakness in the considered scenario. The scenario considered by this initial piece of work achieves a success rate of 33.3\% for a complete successful infection.

Related papers

• INFA-Guard: Mitigating Malicious Propagation via Infection-Aware Safeguarding in LLM-Based Multi-Agent Systems [70.37731999972785]
  In this paper, we propose Infection-Aware Guard, INFA-Guard, a novel defense framework that explicitly identifies and addresses infected agents as a distinct threat category.<n>During remediation, INFA-Guard replaces attackers and rehabilitates infected ones, avoiding malicious propagation while preserving topological integrity.
  arXiv  Detail & Related papers  (2026-01-21T05:27:08Z)
• Multi-Agent-Driven Cognitive Secure Communications in Satellite-Terrestrial Networks [58.70163955407538]
  Malicious eavesdroppers pose a serious threat to private information via satellite-terrestrial networks (STNs)<n>We propose a cognitive secure communication framework driven by multiple agents that coordinates spectrum scheduling and protection through real-time sensing.<n>We exploit generative adversarial networks to produce adversarial matrices, and employ learning-aided power control to set real and adversarial signal powers for protection layer.
  arXiv  Detail & Related papers  (2026-01-06T10:30:41Z)
• SpyChain: Multi-Vector Supply Chain Attacks on Small Satellite Systems [0.6524460254566903]
  Small satellites are integral to scientific, commercial, and defense missions, but reliance on commercial off-the-shelf (COTS) hardware broadens their attack surface.<n>We present SpyChain, the first end-to-end design and implementation of independent and colluding hardware supply chain threats targeting small satellites.<n>Using NASA's satellite simulation (NOS3), we demonstrate that SpyChain can evade testing, exfiltrate telemetry, disrupt operations, and launch Denial of Service (DoS) attacks.
  arXiv  Detail & Related papers  (2025-10-08T00:21:40Z)
• SATversary: Adversarial Attacks on Satellite Fingerprinting [14.683336638975762]
  transmitter fingerprinting provides mechanisms by which communication can be authenticated.<n>We show that an optimized jamming signal can cause a 50% error rate with attacker-to-victim ratios as low as -30dB.<n>We also present a data poisoning attack, enabling persistent message spoofing by altering the data used to authenticate incoming messages to include the attacker's transmitter.
  arXiv  Detail & Related papers  (2025-06-06T14:27:19Z)
• Model Supply Chain Poisoning: Backdooring Pre-trained Models via Embedding Indistinguishability [61.549465258257115]
  We propose a novel and severer backdoor attack, TransTroj, which enables the backdoors embedded in PTMs to efficiently transfer in the model supply chain. Experimental results show that our method significantly outperforms SOTA task-agnostic backdoor attacks.
  arXiv  Detail & Related papers  (2024-01-29T04:35:48Z)
• FreeEagle: Detecting Complex Neural Trojans in Data-Free Cases [50.065022493142116]
  Trojan attack on deep neural networks, also known as backdoor attack, is a typical threat to artificial intelligence. FreeEagle is the first data-free backdoor detection method that can effectively detect complex backdoor attacks.
  arXiv  Detail & Related papers  (2023-02-28T11:31:29Z)
• Zero-day DDoS Attack Detection [0.0]
  This project aims to solve the task of detecting zero-day DDoS attacks by utilizing network traffic that is captured before entering a private network. Modern feature extraction techniques are used in conjunction with neural networks to determine if a network packet is either benign or malicious.
  arXiv  Detail & Related papers  (2022-08-31T17:14:43Z)
• Early Detection of Network Attacks Using Deep Learning [0.0]
  A network intrusion detection system (IDS) is a tool used for identifying unauthorized and malicious behavior by observing the network traffic. We propose an end-to-end early intrusion detection system to prevent network attacks before they could cause any more damage to the system under attack.
  arXiv  Detail & Related papers  (2022-01-27T16:35:37Z)
• Certifiers Make Neural Networks Vulnerable to Availability Attacks [70.69104148250614]
  We show for the first time that fallback strategies can be deliberately triggered by an adversary. In addition to naturally occurring abstains for some inputs and perturbations, the adversary can use training-time attacks to deliberately trigger the fallback. We design two novel availability attacks, which show the practical relevance of these threats.
  arXiv  Detail & Related papers  (2021-08-25T15:49:10Z)
• Intermittent Jamming against Telemetry and Telecommand of Satellite Systems and A Learning-driven Detection Strategy [1.4620086904601468]
  A security deficiency in the physical layer is addressed with a conceptual framework, considering the cyber-physical nature of the satellite systems. A learning-driven detection scheme is proposed, and the lightweight convolutional neural network (CNN) is designed. The results show that deficiency attacks against the satellite systems can be detected by employing the proposed scheme.
  arXiv  Detail & Related papers  (2021-07-10T17:04:22Z)
• TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
  We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack. Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets. TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
  arXiv  Detail & Related papers  (2021-03-10T19:03:38Z)
• A Targeted Attack on Black-Box Neural Machine Translation with Parallel Data Poisoning [60.826628282900955]
  We show that targeted attacks on black-box NMT systems are feasible, based on poisoning a small fraction of their parallel training data. We show that this attack can be realised practically via targeted corruption of web documents crawled to form the system's training data. Our results are alarming: even on the state-of-the-art systems trained with massive parallel data, the attacks are still successful (over 50% success rate) under surprisingly low poisoning budgets.
  arXiv  Detail & Related papers  (2020-11-02T01:52:46Z)
• Practical Detection of Trojan Neural Networks: Data-Limited and Data-Free Cases [87.69818690239627]
  We study the problem of the Trojan network (TrojanNet) detection in the data-scarce regime. We propose a data-limited TrojanNet detector (TND), when only a few data samples are available for TrojanNet detection. In addition, we propose a data-free TND, which can detect a TrojanNet without accessing any data samples.
  arXiv  Detail & Related papers  (2020-07-31T02:00:38Z)
• Securing of Unmanned Aerial Systems (UAS) against security threats using human immune system [1.2691047660244335]
  An Intrusion Detection System (IDS) has been proposed to protect against the security problems using the human immune system (HIS) The IDSs are used to detect and respond to attempts to compromise the target system.
  arXiv  Detail & Related papers  (2020-03-01T19:05:16Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.