Literature based Cyber Security Topics: Handbook

Cyber security is the practice of protecting systems, networks, and programs from digital attacks. These cyber attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Cloud computing has emerged from the legacy data centres. Consequently, threats applicable in legacy system are equally applicable to cloud computing along with emerging new threats that plague only the cloud systems. Traditionally the data centres were hosted on-premises. Hence, control over the data was comparatively easier than handling a cloud system which is borderless and ubiquitous. Threats due to multi-tenancy, access from anywhere, control of cloud, etc. are some examples of why cloud security becomes important. Considering the significance of cloud security, this work is an attempt to understand the existing cloud service and deployment models, and the major threat factors to cloud security that may be critical in cloud environment. It also highlights various methods employed by the attackers to cause the damage. Cyber-attacks are highlighted as well. This work will be profoundly helpful to the industry and researchers in understanding the various cloud specific cyber-attack and enable them to evolve the strategy to counter them more effectively

Cyber Safety: A theoretical Insight

This paper is written by the EUCPN Secretariat following the topic of the Estonian Presidency of the Network, which is Cyber Safety. It gives a theoretical insight in what Cyber Safety is. Furthermore, we take interest in what the exact object is of cybercrime and have a deeper look into two European policy priorities, namely cyber-attacks and payment fraud. Moreover, these priorities are the subject of the European Crime Prevention award. The goal of this paper is to add to the digital awareness of local policy-makers and practitioners on a theoretical level. A toolbox will follow with legislative measures, existing policies and best practices on this topic

A Strategic Decision for Information Security

A utilização de recursos informáticos é a estratégia mais comum à maioria das organizações para gerirem os seus ativos e propriedade intelectual. Esta decisão estratégica implica a sua exposição ao exterior através de canais de comunicação (infraestrutura de dados). McDermott e Redish (1999), descrevem a terceira lei de Newton como o princípio da ação - reação, as organizações ao exporem a sua infraestrutura ao exterior despoletaram, como reação, estranhos quererem aceder à sua infraestrutura para diversos fins, seja como puro divertimento, detetarem fragilidades ou, mais relevante para este trabalho, roubarem ativos/propriedade intelectual e criarem uma disrupção no serviços. As organizações sentem necessidade de se protegerem contra estes estranhos/ataques ao implementarem estratégias de segurança, mas a realidade é que as linhas de defesa da rede são permeáveis e as arquiteturas de segurança não são suficientemente dinâmicas para travar as ameaças existentes. Uma estratégia de segurança informática baseada na tecnologia “Deception” poderá permitir de uma forma rápida detetar, analisar e defender as redes organizacionais contra-ataquesem tempo real. Esta tecnologia “Deception” poderá oferecer informações precisas sobre “malware” e atividades maliciosas não detetadas por outros tipos de defesa cibernética. Este trabalho pretende explorar esta estratégia recente baseada em “Deception”, que pretende ser diferenciadora face à panóplia de dispositivos/software de segurança informática existentes. Como resultados, pretende-se elaborar uma análise onde as organizações possam perceber a tecnologia “Deception” nas suas vertentes da eficácia, eficiência e o seu valor estratégico para que, eventualmente, a possam utilizar para suportar/adicionar valor a uma decisão de estratégia de segurança informática.The use of Information Technology (IT) resources are the common approach for most organizations so they assets and intellectual property are properly managed. This strategic decision implies its exposure to the outside world through the data infrastructure. McDermott and Redish (1999), described the third Newton’s law as the principle of action- reaction, when organizations expose their infrastructure to the outside world and, as a response, strangers want to access their infrastructure for various purposes, either as pure fun, detect weaknesses or, more relevant for this work, steal assets/intellectual property. Organizations feel the need to protect themselves against these strangers/attacks by implementing security strategies, but truly, the network's first defense lines are permeable, and the security architectures are not dynamic enough to face existing or future threats. A Deception-based technology could enable the organizations to quickly detect, analyze and defend organizational networks against real-time attacks. Deception technology may provide accurate information on malware and malicious activity not detected by other types of cyber defense. This work intends to explore a new technology, Deception, that claims a differentiation when compared with the range of existing information security suite. The types of cyber-threats and their materialization could be relevant to the information technology and risk analysis. Thus, the intent is to elaborate an analysis where organizations can understand the Deception technology, his effectiveness, and strategic value so they can, eventually, use it to support/add value to a decision regarding information security strategy

Wide spectrum attribution: Using deception for attribution intelligence in cyber attacks

Modern cyber attacks have evolved considerably. The skill level required to conduct a cyber attack is low. Computing power is cheap, targets are diverse and plentiful. Point-and-click crimeware kits are widely circulated in the underground economy, while source code for sophisticated malware such as Stuxnet is available for all to download and repurpose. Despite decades of research into defensive techniques, such as firewalls, intrusion detection systems, anti-virus, code auditing, etc, the quantity of successful cyber attacks continues to increase, as does the number of vulnerabilities identified. Measures to identify perpetrators, known as attribution, have existed for as long as there have been cyber attacks. The most actively researched technical attribution techniques involve the marking and logging of network packets. These techniques are performed by network devices along the packet journey, which most often requires modification of existing router hardware and/or software, or the inclusion of additional devices. These modifications require wide-scale infrastructure changes that are not only complex and costly, but invoke legal, ethical and governance issues. The usefulness of these techniques is also often questioned, as attack actors use multiple stepping stones, often innocent systems that have been compromised, to mask the true source. As such, this thesis identifies that no publicly known previous work has been deployed on a wide-scale basis in the Internet infrastructure. This research investigates the use of an often overlooked tool for attribution: cyber de- ception. The main contribution of this work is a significant advancement in the field of deception and honeypots as technical attribution techniques. Specifically, the design and implementation of two novel honeypot approaches; i) Deception Inside Credential Engine (DICE), that uses policy and honeytokens to identify adversaries returning from different origins and ii) Adaptive Honeynet Framework (AHFW), an introspection and adaptive honeynet framework that uses actor-dependent triggers to modify the honeynet envi- ronment, to engage the adversary, increasing the quantity and diversity of interactions. The two approaches are based on a systematic review of the technical attribution litera- ture that was used to derive a set of requirements for honeypots as technical attribution techniques. Both approaches lead the way for further research in this field

A Review on the Mechanism Mitigating and Eliminating Internet Crimes using Modern Technologies

There is no doubting that contemporary technology creates new hazards, and these threats are many and significant, directly harming people's lives and threatening their stability. Because of the increased use of computers and Internet-connected cellphones in recent years, the problem of cybercrime has expanded substantially. Unquestionably, this kind of crime is now a reality that jeopardizes people's reputations and lives, therefore we must be aware of it to prevent being a victim. The exponential growth in internet connectedness is closely tied to a rise in cyberattack incidences, frequently with significant consequences. Malware is the weapon of choice for carrying out malicious intent in cyberspace, whether by exploiting pre-existing flaws or exploiting the unique properties of new technology. There is an urgent need in the cybersecurity area to develop more inventive and effective virus defense techniques. To do this, we first give an overview of the most often exploited vulnerabilities in the current hardware, software, and network layers. This follows criticism of the most recent mitigation efforts and the reasons why they may or may not be helpful. Following that, We'll talk about new attack methods for cutting-edge technologies including social networking, cloud computing, mobile technology, as well as critical infrastructure. We conclude by sharing our speculative findings on potential future research avenues

Ransomware and Academic International Medicine

Healthcare is among the leading industries targeted by cyber-criminals. Ransomware exploits vulnerabilities to hijack target information technology (IT) infrastructures for monetary gain. Due to the nature and value of information, access to medical information enables cyber-criminals to commit identity theft, medical fraud, and extortion, and illegally obtain controlled substances. The utility and versatility of medical information, extensive centralized storage of medical information, relatively weak IT security systems, and the expanding use of healthcare IT infrastructure all contribute to an increase in cyber-attacks on healthcare entities. Research suggests that an individual’s medical information is 20–50 times more valuable to cyber-criminals than personal financial information. As such, cyber-attacks targeting medical information are increasing 22% per year. This chapter explores the history of ransomware attacks in healthcare, ransomware types, ransom payment, healthcare vulnerabilities, implications for international health security, and means of institutional protection

Open Source Information’s Blind Spot

Digital open source information has been heralded for its democratizing potential, insofar as it allows access to a much broader range of sources and voices than would normally be consulted through traditional methods of information gathering for international criminal investigations. It also helps to overcome some of the physical access barriers that are commonplace in international criminal investigations. At a time when the use of digital open source information is becoming more widespread, this article warns of the cognitive and technical biases that can impact upon two key stages of an investigation: finding relevant information and analysing that information. At the information-gathering stage, there are particular crimes, regions, and groups of people whose experiences are more likely to be overlooked or hidden in digital open source investigations. When it comes to analysing digital open source information, there is a danger that cognitive and technical biases may influence which information is deemed most relevant and useful to an international criminal investigation, and how that information is interpreted. This article proposes some steps that can be taken to mitigate these risks

Computer Criminal Profiling applied to Digital Investigations

This PhD thesis aims to contribute to the Cyber Security body of knowledge and its Computer Forensic field, still in its infancy when comparing with other forensic sciences. With the advancements of computer technology and the proliferation of cyber crime, offenders making use of computers range from state-sponsored cyber squads to organized crime rings; from cyber paedophiles to crypto miners abusing third-party computer resources. Cyber crime is not only impacting the global economy in billions of dollars annually; it is also a life-threatening risk as society is increasingly dependent on critical systems like those in air traffic control, hospitals or connected cars. Achieving cyber attribution is a step towards to identify, deter and prosecute offenders in the cyberspace, a domain among the top priorities for the UK National Security Strategy. However, the rapid evolution of cyber crime may be an unprecedented challenge in the forensic science history. Attempts to keep up with this pace often result in computer forensic practices limited to technical outcomes, like user accounts or IP addresses used by the offenders. Limitations are intensified when the current cyber security skill shortage contrasts with the vastness of digital crime scenes presented by cloud providers and extensive storage capacities or with the wide range of available anonymizing mechanisms. Quite often, offenders are remaining unidentified, unpunished, and unstoppable. As these anonymising mechanisms conceal offenders from a technological perspective, it was considered that they would not offer the same level of concealment from a behavioural standpoint. Therefore, in addition to the analysis of the state-of-theart of cyber crimes and anonymising mechanisms, the literature of traditional crimes and criminal psychology was reviewed, in an attempt to known what traits of human behaviour could be revealed by the evidence at a crime scene and how to recognize them. It was identified that the subdiscipline of criminology called criminal profiling helps providing these answers. Observing its success rate and benefits as a support tool in traditional investigations, it was hypothesized that a similar outcome could be achieved while investigating cyber crimes, providing that a framework could enable digital investigators to apply criminal profiling concepts in digital investigations. 2 Before developing the framework, the scope of this thesis was delimited to a subset of cyber crimes, consisting exclusively of computer intrusions cases. Also, among potential criminal profiling benefits, the reduction of the suspect pool, case linkage and optimization of investigative efforts were included in the scope. A SSH honeypot experiment based on Cowrie was designed and deployed in a public cloud infrastructure. In its first phase, a single honeypot instance was launched, protected by username and password and accepting connection attempts from any Internet address. Users that were able to guess a valid pair of credentials, after a random number of attempts providing strong passwords, were presented to a simple file system, in which all their interactions within the system were recorded and all downloaded attack tools were isolated and securely stored for their posterior analysis. In the second phase of the experiment, the honeypot infrastructure was expanded to a honeynet with 18 (eighteen) nodes, running in a total of 6 (six) geographic regions and making it possible the analysis of additional variables like location of the “victim” system, perceived influence from directory/file structure/contents and resistance levels to password attacks. After a period of approximately 18 (eighteen) months, more than 7 million connection attempts and 12 million authentication attempts were received by the honeynet, where more than 85,000 were able to successfully log into one of the honeynet servers. Offenders were able to interact with the simulated operating systems and their files, while enabling this research to identify behavioural patterns that proved to be useful not only to group offenders, but also to enrich individual offender profiles. Among these behavioural patterns, the choice of which commands and which parameters to run, the basis of the attack on automated versus manual means, the pairs of usernames and passwords that were provided to try to break the honeypot authentication, their response once a command was not successful, their intent on using specific attack tools and the motivation behind it, any level of caution presented and, finally, preferences for naming tools, temporary files or customized ports were some of the most relevant attributes. Based on the collected data set, such attributes successfully make it possible to narrow down the pools of suspects, to link different honeypot breakins to a same offender and to optimize investigative efforts by enabling the researcher to focus the analysis in a reduced area while searching for evidence. 3 In times when cyber security skills shortage is a concerning challenge and where profiling can play a critical role, it is believed that such a structured framework for criminal profiling within cyber investigations can help to make investigation of cyber crimes quicker, cheaper and more effective

Cybercrime: Public and Private Entities Face Challenges in Addressing Cyber Threats

A letter report issued by the Government Accountability Office with an abstract that begins "Computer interconnectivity has produced enormous benefits but has also enabled criminal activity that exploits this interconnectivity for financial gain and other malicious purposes, such as Internet fraud, child exploitation, identity theft, and terrorism. Efforts to address cybercrime include activities associated with protecting networks and information, detecting criminal activity, investigating crime, and prosecuting criminals. GAO's objectives were to (1) determine the impact of cybercrime on our nation's economy and security; (2) describe key federal entities, as well as nonfederal and private sector entities, responsible for addressing cybercrime; and (3) determine challenges being faced in addressing cybercrime. To accomplish these objectives, GAO analyzed multiple reports, studies, and surveys and held interviews with public and private officials.