A prudent based approach for compromised user credentials detection

© Springer Science+Business Media New York 2018. Compromised user credential (CUC) is an activity in which someone, such as a thief, cyber-criminal or attacker gains access to your login credentials for the purpose of theft, fraud, or business disruption. It has become an alarming issue for various organizations. It is not only crucial for information technology (IT) oriented institutions using database management systems (DBMSs) but is also critical for competitive and sensitive organization where faulty data is more difficult to clean up. Various well-known risk mitigation techniques have been developed, such as authentication, authorization, and fraud detection. However, none of these methods are capable of efficiently detecting compromised legitimate users’ credentials. This is because cyber-criminals can gain access to legitimate users’ accounts based on trusted relationships with the account owner. This study focuses on handling CUC on time to avoid larger-scale damage incurred by the cyber-criminals. The proposed approach can efficiently detect CUC in a live database by analyzing and comparing the user’s current and past operational behavior. This novel approach is built by a combination of prudent analysis, ripple down rules and simulated experts. The experiments are carried out on collected data over 6 months from sensitive live DBMS. The results explore the performance of the proposed approach that it can efficiently detect CUC with 97% overall accuracy and 2.013% overall error rate. Moreover, it also provides useful information about compromised users’ activities for decision or policy makers as to which user is more critical and requires more consideration as compared to less crucial user based prevalence value

Compromised user credentials detection in a digital enterprise using behavioral analytics

© 2018 In today\u27s digital age, the digital transformation is necessary for almost every competitive enterprise in terms of having access to the best resources and ensuring customer satisfaction. However, due to such rewards, these enterprises are facing key concerns around the risk of next-generation data security or cybercrime which is continually increasing issue due to the digital transformation four essential pillars—cloud computing, big data analytics, social and mobile computing. Data transformation-driven enterprises should ready to handle this next-generation data security problem, in particular, the compromised user credential (CUC). When an intruder or cybercriminal develops trust relationships as a legitimate account holder and then gain privileged access to the system for misuse. Many state-of-the-art risk mitigation tools are being developed, such as encrypted and secure password policy, authentication, and authorization mechanism. However, the CUC has become more complex and increasingly critical to the digital transformation process of the enterprise\u27s database by a cybercriminal, we propose a novel technique that effectively detects CUC at the enterprise-level. The proposed technique is learning from the user\u27s behavior and builds a knowledge base system (KBS) which observe changes in the user\u27s operational behavior. For that reason, a series of experiments were carried out on the dataset that collected from a sensitive database. All empirical results are validated through well-known evaluation measures, such as (i) accuracy, (ii) sensitivity, (iii) specificity, (iv) prudence accuracy, (v) precision, (vi) f-measure, and (vii) error rate. The experiments show that the proposed approach obtained weighted accuracy up to 99% and overall error of about 1%. The results clearly demonstrate that the proposed model efficiently can detect CUC which may keep an organization safe from major damage in data through cyber-attacks

Privileged Access Management

Security breaches are becoming a common occurrence in society today. When breaches occur, people are often left wondering how they will be affected and what steps can be taken to protect them. The passing of stricter standards and regulations has not slowed would be hackers from crafting ways to breach networks. While there are many ways that a breach can occur, the focus of this paper will be to look at the usage of credentials and privileged accounts. Specifically, the idea of privilege access management and methods for protecting credentials will be examined

What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Credentials In The Wild

Cybercriminals steal access credentials to online accounts and then misuse them for their own profit, release them publicly, or sell them on the underground market. Despite the importance of this problem, the research community still lacks a comprehensive understanding of what these stolen accounts are used for. In this paper, we aim to shed light on the modus operandi of miscreants accessing stolen Gmail accounts. We developed an infrastructure that is able to monitor the activity performed by users on Gmail accounts, and leaked credentials to 100 accounts under our control through various means, such as having information-stealing malware capture them, leaking them on public paste sites, and posting them on underground forums. We then monitored the activity recorded on these accounts over a period of 7 months. Our observations allowed us to devise a taxonomy of malicious activity performed on stolen Gmail accounts, to identify differences in the behavior of cybercriminals that get access to stolen accounts through different means, and to identify systematic attempts to evade the protection systems in place at Gmail and blend in with the legitimate user activity. This paper gives the research community a better understanding of a so far understudied, yet critical aspect of the cybercrime economy

Perspectives on retail payments fraud

Payment systems ; Fraud

Modernization of Manufacturing with Cybersecurity at the Forefront

With the proliferation of Industrial Control Systems (ICSs), manufacturing processes have improved over the last 30 years, however, the organizational focus to securely exchange and process information to/from integrated systems has been consistently lacking. These environments continue to be susceptible to security vulnerabilities, despite history [15] showing that cybersecurity exposures in manufacturing have largely gone unaddressed and continue to rise [52]. This study evaluates cybersecurity challenges in the industry and proposes recommendations for practical and fiscally responsible defense-in-depth cybersecurity protections for manufacturing environments. The business operating model, how ICSs became pervasive, as well as the major components that enable the operational technology (OT) were evaluated. With an understanding of the traditional network architecture for the industry [37], the rapidly evolving challenges facing the industry were examined. These challenges are impactful to the traditional and slow to change manufacturing operating model that has not focused on the necessary cyber protections for their OT environments. In addition, the industry is now facing game-changing technological concepts such as advanced manufacturing and Industry 4.0 that bring new complex challenges and cyber threats, unfamiliar to most in the industry. This is all underpinned by an organizational divide where the personnel most knowledgeable with the modern technology and cyber risks, in the majority of cases, are not responsible for the OT architecture and security. These headwinds impact an industry which spends the least on IT and cyber security than any other industry, globally [22]. The cyber risks and challenges in the industry are diverse, spanning technological and organizational competencies, stemming from purpose built components which operate in an ecosystem where cybersecurity is an afterthought. As a means to close the gap, practical and reasonable recommendations to address these problems are discussed; some specific and unique to the manufacturing industry while others are fundamental applications discussed with a manufacturing industry lens, which are commonly ignored due to perceived complexity, cost or simply lack of awareness. Lastly, a number of these recommendations were selected for further evaluation and implementation; challenges, approach, benefits and outcomes are shared showing measureable improvements to the cybersecurity posture of the organization.Master of ScienceComputer and Information Science, College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/147433/1/49698122_CIS699 - Mangano Thesis - Modernization of Manufacturing with Cybersecurity at the Forefront - Final 121018-v4.pdfDescription of 49698122_CIS699 - Mangano Thesis - Modernization of Manufacturing with Cybersecurity at the Forefront - Final 121018-v4.pdf : Thesi

Battlefield malware and the fight against cyber crime

Relatório apresentado à Universidade Fernando Pessoa como parte dos requisitos para o cumprimento do programa de Pós-Doutoramento em Ciências da InformaçãoOur cyber space is quickly becoming over-whelmed with ever-evolving malware that breaches all security defenses, works viciously in the background without user awareness or interaction, and secretly leaks of confidential business data. One of the most pressing challenges faced by business organizations when they experience a cyber-attack is that, more often than not, those organizations do not have the knowledge nor readiness of how to analyze malware once it has been discovered on their production computer networks. The objective of this six months post-doctoral project is to present the fundamentals of malware reverse-engineering, the tools and techniques needed to properly analyze malicious programs to determine their characteristics which can prove extremely helpful when investigating data breaches. Those tools and techniques will provide insights to incident response teams and digital investigation professionals. In order to stop hackers in their tracks and beat cyber criminals in their own game, we need to equip cyber security professionals with the knowledge and skills necessary to detect and respond to malware attacks. Learning and mastering the inner workings of malware will help in the fight against the ever-changing malware landscape.N/