Analysis of online gambling trojan backdoor attacks to aid web server strengthening, a case study insights on Southeast Minahasa Regency

Solang, Marthen (2024) Analysis of online gambling trojan backdoor attacks to aid web server strengthening, a case study insights on Southeast Minahasa Regency. Masters thesis, Universitas Pelita Harapan.

Preview	Text (Title) Title.pdf Available under License Creative Commons Attribution Non-commercial Share Alike. Download (66kB) | Preview
Preview	Text (Abstract) Abstract.pdf Available under License Creative Commons Attribution Non-commercial Share Alike. Download (60kB) | Preview
Preview	Text (ToC) ToC.pdf Available under License Creative Commons Attribution Non-commercial Share Alike. Download (253kB) | Preview
Preview	Text (Chapter1) Chapter1.pdf Available under License Creative Commons Attribution Non-commercial Share Alike. Download (442kB) | Preview
	Text (Chapter2) Chapter2.pdf Restricted to Registered users only Available under License Creative Commons Attribution Non-commercial Share Alike. Download (326kB)
	Text (Chapter3) Chapter3.pdf Restricted to Registered users only Available under License Creative Commons Attribution Non-commercial Share Alike. Download (840kB)
	Text (Chapter4) Chapter4.pdf Restricted to Registered users only Available under License Creative Commons Attribution Non-commercial Share Alike. Download (4MB)
	Text (Chapter5) Chapter5.pdf Restricted to Registered users only Available under License Creative Commons Attribution Non-commercial Share Alike. Download (36kB)
Preview	Text (Bibliography) Bibliography.pdf Available under License Creative Commons Attribution Non-commercial Share Alike. Download (142kB) | Preview
	Text (Appendices) Appendices.pdf Restricted to Repository staff only Available under License Creative Commons Attribution Non-commercial Share Alike. Download (707kB)

Abstract

From 2017 to 2022, Indonesia recorded 157 million online gambling transactions valued at Rp190 trillion. In response, the Indonesian Ministry of Communication and Information Technology blocked nearly 800,000 gambling sites by the end of 2023. However, this countermeasure led to an escalation of cybersecurity threats, with hackers increasingly targeting government and academic domains. They exploited government (.go.id) and academic (ac.id) domains, which were not blocked by the ministry's policies, to disseminate online gambling content. Consequently, over 3 million government websites and 1.2 million academic sites were compromised with gambling content. The government website of Southeast Minahasa Regency was also affected, with gambling content spreading through trojan backdoor web shell malware attacks. Hackers exploited website vulnerabilities using methods such as cross-site scripting (XSS), SQL Injection, Directory Traversal, and malicious URLs to attack the target applications. Once successful, they inserted a trojan into the server, taking control as if they were the server administrators. This research focuses on handling online gambling defacement incidents using the National Institute of Standards and Technology (NIST) SP 800-61 Rev 2 standard. Particular emphasis is given to the detection and analysis phase, involving server log retrieval, malware scanning with Thor Lite Scanner, and malware sample analysis using static, dynamic, hybrid, code, and function analysis, as well as entropy analysis methods. The eradication step includes lessons learned from the incident to prevent similar occurrences in the future, implementing the Apache Web Application Firewall. This research provides evidence that the Apache Web Application Firewall (WAF) is highly effective in blocking penetration attempts, demonstrating its significant capability in reducing anomalies and filtering dangerous traffic. Furthermore, Apache WAF proves to be effective in preventing the majority of infiltration attacks, solidifying its position as a reliable web security solution. Overall, these findings affirm the effectiveness of Apache WAF as a robust and efficient tool for web security.

Actions (login required)

View Item