A Ransomware Case for Use in the Classroom

Given the global growth in ransomware attacks, employees need to understand the risks of ransomware and how to protect against it. This paper presents a teaching case based on an actual ransomware attack on a hospital that undergraduate or graduate course can use to teach students. The case introduces students to Wildcat Hospital, a fictitious 450-bed acute-care facility in a suburban location in the Northeastern United States. A ransomware attack hit Wildcat Hospital as the workday began. Malware infected the hospital\u27s computers and demanded one bitcoin, a virtual currency that affords anonymity, as ransom to restore functionality of the information systems. The chief executive officer and the chief information officer led the organizational response to the attack. We include links to two videos, a demo of a Locky ransomware attack in action, and a National Broadcasting Company (NBC) TV network news report about a similar ransomware incident at another hospital (Hollywood Presbyterian Medical Center in California) to engage students

Studying Ransomware Attacks Using Web Search Logs

Cyber attacks are increasingly becoming prevalent and causing significant damage to individuals, businesses and even countries. In particular, ransomware attacks have grown significantly over the last decade. We do the first study on mining insights about ransomware attacks by analyzing query logs from Bing web search engine. We first extract ransomware related queries and then build a machine learning model to identify queries where users are seeking support for ransomware attacks. We show that user search behavior and characteristics are correlated with ransomware attacks. We also analyse trends in the temporal and geographical space and validate our findings against publicly available information. Lastly, we do a case study on 'Nemty', a popular ransomware, to show that it is possible to derive accurate insights about cyber attacks by query log analysis.Comment: To appear in the proceedings of SIGIR 202

INVESTIGATING THE RANSOMWARE INFECTION RATE OF K12 SCHOOL DISTRICTS DURING THE COVID PANDEMIC

Ransomware attacks have become part of the normal vernacular, as more organizations get attacked and must deal with the outcome in the media. School districts are in a unique position because of COVID and the sudden shift to online or hybrid learning. Over the past few years, ransomware attacks on K12 school districts have been widely reported in the news, leading to questions on whether K12 school districts are more vulnerable to these attacks. This project focused on: the prevalence of ransomware attacks in K12 School Districts in the USA in general and in the Inland Empire in particular, examining what value attackers gain by attacking a school district as well as looking at the costs incurred to the district because of an attack, whether K12 School districts in the Inland Empire are following cybersecurity best practices to protect in case of a ransomware attack. The findings are: that school districts are at a higher risk of ransomware attacks because they are soft targets with understaffed under budgeted IT departments, school districts do not pay ransoms and are left with the higher cost or remediation, there is a lack of security focus in the job descriptions for IT managers working in K12 in the Inland Empire, temporary school shutdowns due to ransomware are shown to negatively affect the GDP in the long term. The recommendations are: school districts should use COVID relief funds to hire/contract a CISO and figure out a way to keep the position funded into the future, [1] [2] school districts in the Inland Empire should hire more IT staff and focus on security awareness training for its users including students, schools should move away from passwords and replace it with 2FA using badge and pins. For future study the issues of long term funding for CISO positions and the creation of security awareness for K12 students needs to be addressed

Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions

Current threat models typically consider all possible ways an attacker can penetrate a system and assign probabilities to each path according to some metric (e.g. time-to-compromise). In this paper we discuss how this view hinders the realness of both technical (e.g. attack graphs) and strategic (e.g. game theory) approaches of current threat modeling, and propose to steer away by looking more carefully at attack characteristics and attacker environment. We use a toy threat model for ICS attacks to show how a realistic view of attack instances can emerge from a simple analysis of attack phases and attacker limitations.Comment: Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defens

When artificial intelligence meets educational leaders’ data-informed decision-making: A cautionary tale

Artificial intelligence (AI) refers to a type of algorithms or computerized systems that resemble human mental processes of decision making. Drawing upon multidisciplinary literature that intersects AI, decision making, educational leadership, and policymaking, this position paper aims to examine promising applications and potential perils of AI in educational leaders’ data-informed decision making (DIDM). Endowed with ever-growing computational power and real-time data, highly scalable AI can increase efficiency and accuracy in leaders’ DIDM. However, misusing AI can have perilous effects on education stakeholders. Many lurking biases in current AI could be amplified. Of more concern, the moral values (e.g., fairness, equity, honesty, and doing no harm) we uphold might clash with using AI to make data-informed decisions. Further, missteps on the issues about data security and privacy could have a life-long impact on stakeholders. The article concludes with recommendations for educational leaders to leverage AI potential and minimize its negative consequences

The Paradox of Choice: Investigating Selection Strategies for Android Malware Datasets Using a Machine-learning Approach

The increase in the number of mobile devices that use the Android operating system has attracted the attention of cybercriminals who want to disrupt or gain unauthorized access to them through malware infections. To prevent such malware, cybersecurity experts and researchers require datasets of malware samples that most available antivirus software programs cannot detect. However, researchers have infrequently discussed how to identify evolving Android malware characteristics from different sources. In this paper, we analyze a wide variety of Android malware datasets to determine more discriminative features such as permissions and intents. We then apply machine-learning techniques on collected samples of different datasets based on the acquired features’ similarity. We perform random sampling on each cluster of collected datasets to check the antivirus software’s capability to detect the sample. We also discuss some common pitfalls in selecting datasets. Our findings benefit firms by acting as an exhaustive source of information about leading Android malware datasets

Using Case Studies To Teach Cybersecurity Courses

This paper introduces a holistic and case-analysis teaching model by integrating case studies into cybersecurity courses. The proposed model starts by analyzing real-world cyber breaches. Students look into the details of these attacks and learn how these attacks took place from the beginning to the end. During the process of case analysis, a list of security topics reflecting different aspects of these breaches is introduced. Through guided in-class discussion and hands-on lab assignments, student learning in lecture will be reinforced. Overall, the entire cybersecurity course is driven by case studies. The proposed model is great for teaching cybersecurity. First, the new model can easily draw students’ interests with real-world cases. Second, the new model can help to teach human and business factors in cybersecurity. Third, the new model can improve student learning outcomes, particularly helping students gain a holistic view of security

A Mobile Game for Learning Cyber-Attacks and Their Prevention

This paper's primary goal is to use Bloom's Revised Taxonomy educational objectives in creating Cyber Air-Attack. It's a game that teaches fundamental concepts about cybersecurity. Because it simplifies and makes learning simple, the course material was designed with Bloom's Revised Taxonomy. This taxonomy divides the course material into increasing levels of complexity, with the basics being the most basic and the advanced being the most complex. We reviewed all literature to understand the area of research and identify any gaps in previous research. Cyber Air-Attack targets amateur computer users. They will be taught about cybersecurity basics, cyber threats, and countermeasures. This paper will teach you how to identify and prevent cyberattacks

Cybersecurity in the digital classroom:implications for emerging policy, pedagogy and practice

Recent cybersecurity education literature has focused on developments in cybersecurity curricula, qualifications and accreditation, pedagogy and practice to increase the number of cybersecurity professionals, in both the UK and internationally. There has been little research published to date on the online learning, teaching and assessment environment as a cyber target in its own right. This chapter appraised and discussed the dangers in, and emerging threats to, using online environments. It proposes a set of steps and mitigation measures that can be taken to make it more difficult for cybercriminals to attack educational institutions