605 research outputs found
A Ransomware Case for Use in the Classroom
Given the global growth in ransomware attacks, employees need to understand the risks of ransomware and how to protect against it. This paper presents a teaching case based on an actual ransomware attack on a hospital that undergraduate or graduate course can use to teach students. The case introduces students to Wildcat Hospital, a fictitious 450-bed acute-care facility in a suburban location in the Northeastern United States. A ransomware attack hit Wildcat Hospital as the workday began. Malware infected the hospital\u27s computers and demanded one bitcoin, a virtual currency that affords anonymity, as ransom to restore functionality of the information systems. The chief executive officer and the chief information officer led the organizational response to the attack. We include links to two videos, a demo of a Locky ransomware attack in action, and a National Broadcasting Company (NBC) TV network news report about a similar ransomware incident at another hospital (Hollywood Presbyterian Medical Center in California) to engage students
Studying Ransomware Attacks Using Web Search Logs
Cyber attacks are increasingly becoming prevalent and causing significant
damage to individuals, businesses and even countries. In particular, ransomware
attacks have grown significantly over the last decade. We do the first study on
mining insights about ransomware attacks by analyzing query logs from Bing web
search engine. We first extract ransomware related queries and then build a
machine learning model to identify queries where users are seeking support for
ransomware attacks. We show that user search behavior and characteristics are
correlated with ransomware attacks. We also analyse trends in the temporal and
geographical space and validate our findings against publicly available
information. Lastly, we do a case study on 'Nemty', a popular ransomware, to
show that it is possible to derive accurate insights about cyber attacks by
query log analysis.Comment: To appear in the proceedings of SIGIR 202
Recommended from our members
INVESTIGATING THE RANSOMWARE INFECTION RATE OF K12 SCHOOL DISTRICTS DURING THE COVID PANDEMIC
Ransomware attacks have become part of the normal vernacular, as more organizations get attacked and must deal with the outcome in the media. School districts are in a unique position because of COVID and the sudden shift to online or hybrid learning. Over the past few years, ransomware attacks on K12 school districts have been widely reported in the news, leading to questions on whether K12 school districts are more vulnerable to these attacks. This project focused on: the prevalence of ransomware attacks in K12 School Districts in the USA in general and in the Inland Empire in particular, examining what value attackers gain by attacking a school district as well as looking at the costs incurred to the district because of an attack, whether K12 School districts in the Inland Empire are following cybersecurity best practices to protect in case of a ransomware attack. The findings are: that school districts are at a higher risk of ransomware attacks because they are soft targets with understaffed under budgeted IT departments, school districts do not pay ransoms and are left with the higher cost or remediation, there is a lack of security focus in the job descriptions for IT managers working in K12 in the Inland Empire, temporary school shutdowns due to ransomware are shown to negatively affect the GDP in the long term. The recommendations are: school districts should use COVID relief funds to hire/contract a CISO and figure out a way to keep the position funded into the future, [1] [2] school districts in the Inland Empire should hire more IT staff and focus on security awareness training for its users including students, schools should move away from passwords and replace it with 2FA using badge and pins. For future study the issues of long term funding for CISO positions and the creation of security awareness for K12 students needs to be addressed
Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions
Current threat models typically consider all possible ways an attacker can
penetrate a system and assign probabilities to each path according to some
metric (e.g. time-to-compromise). In this paper we discuss how this view
hinders the realness of both technical (e.g. attack graphs) and strategic (e.g.
game theory) approaches of current threat modeling, and propose to steer away
by looking more carefully at attack characteristics and attacker environment.
We use a toy threat model for ICS attacks to show how a realistic view of
attack instances can emerge from a simple analysis of attack phases and
attacker limitations.Comment: Proceedings of the 2017 Workshop on Automated Decision Making for
Active Cyber Defens
When artificial intelligence meets educational leaders’ data-informed decision-making: A cautionary tale
Artificial intelligence (AI) refers to a type of algorithms or computerized systems that resemble human mental processes of decision making. Drawing upon multidisciplinary literature that intersects AI, decision making, educational leadership, and policymaking, this position paper aims to examine promising applications and potential perils of AI in educational leaders’ data-informed decision making (DIDM). Endowed with ever-growing computational power and real-time data, highly scalable AI can increase efficiency and accuracy in leaders’ DIDM. However, misusing AI can have perilous effects on education stakeholders. Many lurking biases in current AI could be amplified. Of more concern, the moral values (e.g., fairness, equity, honesty, and doing no harm) we uphold might clash with using AI to make data-informed decisions. Further, missteps on the issues about data security and privacy could have a life-long impact on stakeholders. The article concludes with recommendations for educational leaders to leverage AI potential and minimize its negative consequences
The Paradox of Choice: Investigating Selection Strategies for Android Malware Datasets Using a Machine-learning Approach
The increase in the number of mobile devices that use the Android operating system has attracted the attention of cybercriminals who want to disrupt or gain unauthorized access to them through malware infections. To prevent such malware, cybersecurity experts and researchers require datasets of malware samples that most available antivirus software programs cannot detect. However, researchers have infrequently discussed how to identify evolving Android malware characteristics from different sources. In this paper, we analyze a wide variety of Android malware datasets to determine more discriminative features such as permissions and intents. We then apply machine-learning techniques on collected samples of different datasets based on the acquired features’ similarity. We perform random sampling on each cluster of collected datasets to check the antivirus software’s capability to detect the sample. We also discuss some common pitfalls in selecting datasets. Our findings benefit firms by acting as an exhaustive source of information about leading Android malware datasets
Using Case Studies To Teach Cybersecurity Courses
This paper introduces a holistic and case-analysis teaching model by integrating case studies into cybersecurity courses. The proposed model starts by analyzing real-world cyber breaches. Students look into the details of these attacks and learn how these attacks took place from the beginning to the end. During the process of case analysis, a list of security topics reflecting different aspects of these breaches is introduced. Through guided in-class discussion and hands-on lab assignments, student learning in lecture will be reinforced. Overall, the entire cybersecurity course is driven by case studies. The proposed model is great for teaching cybersecurity. First, the new model can easily draw students’ interests with real-world cases. Second, the new model can help to teach human and business factors in cybersecurity. Third, the new model can improve student learning outcomes, particularly helping students gain a holistic view of security
A Mobile Game for Learning Cyber-Attacks and Their Prevention
This paper's primary goal is to use Bloom's Revised Taxonomy educational objectives in creating Cyber Air-Attack. It's a game that teaches fundamental concepts about cybersecurity. Because it simplifies and makes learning simple, the course material was designed with Bloom's Revised Taxonomy. This taxonomy divides the course material into increasing levels of complexity, with the basics being the most basic and the advanced being the most complex. We reviewed all literature to understand the area of research and identify any gaps in previous research.
Cyber Air-Attack targets amateur computer users. They will be taught about cybersecurity basics, cyber threats, and countermeasures. This paper will teach you how to identify and prevent cyberattacks
Cybersecurity in the digital classroom:implications for emerging policy, pedagogy and practice
Recent cybersecurity education literature has focused on developments in cybersecurity curricula, qualifications and accreditation, pedagogy and practice to increase the number of cybersecurity professionals, in both the UK and internationally. There has been little research published to date on the online learning, teaching and assessment environment as a cyber target in its own right. This chapter appraised and discussed the dangers in, and emerging threats to, using online environments. It proposes a set of steps and mitigation measures that can be taken to make it more difficult for cybercriminals to attack educational institutions
- …