A YARA-based approach for detecting cyber security attack types

Technological advancements have recently propelled individuals, institutions, and organizations to conduct their business processes on information systems. However, keeping personal and corporate data on information systems has given rise to issues related to data security. The accessibility of data on information systems has made it vulnerable to theft and exploitation by malicious groups or individuals, thus posing a significant risk to data security. Consequently, the demand for data security has led to a new business sector offering various cybersecurity solutions to protect organizations' systems. This paper presents an analysis of the prevalent types of cyber attacks worldwide. The study aims to create a virtual environment with Windows and Linux systems in Forensic Informatics and Incident Response processes to apply frequently used cyber attack methods, develop defense mechanisms against these methods, and contribute to revealing the root cause by solving the incident pattern. Furthermore, this application demonstrates how manual techniques and open-source solutions, such as YARA, can be used to detect malware derivatives commonly found in Windows systems.