TITLE:
On Threat Models for Information-Stealing Malware (ISM) Targeting Password Managers
AUTHORS:
Vedika Sunil Bang, Vijay Madisetti
KEYWORDS:
Malware (ISM), Malware-As-A-Service (MaaS), Password Manager Vulnerabilities, MITRE ATT&CK Framework, Ttp-Based Threat Modeling, Adaptive Cybersecurity, Real-Time Threat Defenses, Phishing-Resistant Mechanisms, Usability-Security Trade-Offs, Malware Evasion Techniques, Cryptographic Weaknesses, Next-Generation Malware Defenses
JOURNAL NAME:
Journal of Information Security,
Vol.16 No.2,
April
17,
2025
ABSTRACT: Information-stealing malware (ISM) is redefining the cybersecurity threat landscape, particularly through its integration into the malware-as-a-service (MaaS) ecosystem. Traditional threat models, while effective against generic vulnerabilities, struggle to keep pace with the sophisticated and evolving tactics of ISMs. These advanced threats exploit software vulnerabilities, bypass conventional defenses, and thrive on usability-security trade-offs, leaving critical systems exposed. This research delves into the intricate attack vectors of ISMs, uncovering gaps in existing frameworks. By leveraging the MITRE ATT&CK framework and focusing on Tactics, Techniques, and Procedures (TTPs), we introduce a refined threat model designed to outmaneuver these challenges. The proposed approach offers precise, actionable strategies to combat ISM threats, setting a new standard for resilience in a world of ever-advancing cyber adversaries.