Do Crypto-Currencies Fuel Ransomware?

As ransomware spreads, victimization rates escalate. A Finnish cybersecurity firm’s F-Secure State of Cyber Security 2017 report stated that there was only one ransomware “variant” in 2012. This increased to 35 in 2015 and 193 in 2016.(1) Individuals, corporations, banks, educational establishments, hospitals, and government agencies have all been held hostage by ransomware and blackmailed into paying out in crypto-currency—typically, bitcoin—to retrieve their data.(2

The Political Economy of Global Private Currencies

This dissertation examines regulatory responses to global private currencies (GPCs). Through detailed analyses of the history and evolution of private digital currencies, and through case studies of the United States, the European Union, and China, this dissertation identifies five factors that condition regulatory responses: (1) compliance with anti-money laundering (AML) laws, (2) compliance with systems built for fiat currencies, (3) degree of transparency in operations, (4) culture of sovereignty within the nation, and (5) great power competition with other nations. Throughout the dissertation, various political, economic, social, technological, legal, and environmental (PESTLE) characteristics of GPCs are highlighted. This dissertation also proposes a ‘game transformation framework’ (GTF) by combining these PESTLE factors with concepts from game theory. A 2x2 game structure is used to analyze strategic interactions between governments in the three case studies and GPCs on a spectrum between cooperation and conflict

Malicious uses of blockchains by malware: from the analysis to Smart-Zephyrus

Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature. This work was supported by the Madrid Government (Comunidad de Madrid-Spain) under the multiannual agreement with UC3M (“fostering young doctor research”, DEPROFAKE-CM-UC3M) and in the context of the V PRICIT research and technological innovation regional program; by CAM by grant CYNAMON P2018/TCS-4566-CM, co-funded with ERDF; by 1208 Min. of Science and Innovation of Spain by grant ODIO PID2019-1209 111429RB-C21 (AEI/10.13039/50110 12100011033); and by Funding for APC: Universidad Carlos III de Madrid (Read & Publish Agreement CRUE-CSIC 2023)

Addressing Behavioral Drift in Ransomware Early Detection Through Weighted Generative Adversarial Networks

Crypto-ransomware attacks pose a significant cyber threat due to the irreversible effect of encryption employed to deny access to the data on the victim’s device. Existing state-of-the-art solutions are developed based on two assumptions: the availability of sufficient data to perform detection during the pre-encryption phase, and that ransomware behavior is static and does not change over time. However, such assumptions do not hold as data collected during the pre-encryption phase of the ransomware attack are limited and does not contain sufficient patterns needed to identify the attack. Additionally, the evasion techniques like polymorphism and metamorphism used by ransomware lead to behavioral drift that could defeat those solutions. Therefore, this paper addresses these two issues by proposing a weighted Generative Adversarial Networks (wGANs) technique. Firstly, the proposed wGAN was used to generate synthetic data that imitate the behavior of ransomware and simulate the evolution of the attacks. Then, the mutual information was used to estimate the significance of features for different timeframes, thereby helping the detection model to handle the behavioral drift in emerging ransomware variants. Experimental evaluation demonstrates that the proposed wGAN is more robust against behavioral drift compared to the state-of-the-art solutions. The wGAN achieved higher accuracy and lower false alarm rates of 97% and 0.0088 respectively

Cybersecurity applications of Blockchain technologies

With the increase in connectivity, the popularization of cloud services, and the rise of the Internet of Things (IoT), decentralized approaches for trust management are gaining momentum. Since blockchain technologies provide a distributed ledger, they are receiving massive attention from the research community in different application fields. However, this technology does not provide cybersecurity by itself. Thus, this thesis first aims to provide a comprehensive review of techniques and elements that have been proposed to achieve cybersecurity in blockchain-based systems. The analysis is intended to target area researchers, cybersecurity specialists and blockchain developers. We present a series of lessons learned as well. One of them is the rise of Ethereum as one of the most used technologies. Furthermore, some intrinsic characteristics of the blockchain, like permanent availability and immutability made it interesting for other ends, namely as covert channels and malicious purposes. On the one hand, the use of blockchains by malwares has not been characterized yet. Therefore, this thesis also analyzes the current state of the art in this area. One of the lessons learned is that covert communications have received little attention. On the other hand, although previous works have analyzed the feasibility of covert channels in a particular blockchain technology called Bitcoin, no previous work has explored the use of Ethereum to establish a covert channel considering all transaction fields and smart contracts. To foster further defence-oriented research, two novel mechanisms are presented on this thesis. First, Zephyrus takes advantage of all Ethereum fields and smartcontract bytecode. Second, Smart-Zephyrus is built to complement Zephyrus by leveraging smart contracts written in Solidity. We also assess the mechanisms feasibility and cost. Our experiments show that Zephyrus, in the best case, can embed 40 Kbits in 0.57 s. for US$1.64, and retrieve them in 2.8 s. Smart-Zephyrus, however, is able to hide a 4 Kb secret in 41 s. While being expensive (around US$ 1.82 per bit), the provided stealthiness might be worth the price for attackers. Furthermore, these two mechanisms can be combined to increase capacity and reduce costs.Debido al aumento de la conectividad, la popularización de los servicios en la nube y el auge del Internet de las cosas (IoT), los enfoques descentralizados para la gestión de la confianza están cobrando impulso. Dado que las tecnologías de cadena de bloques (blockchain) proporcionan un archivo distribuido, están recibiendo una atención masiva por parte de la comunidad investigadora en diferentes campos de aplicación. Sin embargo, esta tecnología no proporciona ciberseguridad por sí misma. Por lo tanto, esta tesis tiene como primer objetivo proporcionar una revisión exhaustiva de las técnicas y elementos que se han propuesto para lograr la ciberseguridad en los sistemas basados en blockchain. Este análisis está dirigido a investigadores del área, especialistas en ciberseguridad y desarrolladores de blockchain. A su vez, se presentan una serie de lecciones aprendidas, siendo una de ellas el auge de Ethereum como una de las tecnologías más utilizadas. Asimismo, algunas características intrínsecas de la blockchain, como la disponibilidad permanente y la inmutabilidad, la hacen interesante para otros fines, concretamente como canal encubierto y con fines maliciosos. Por una parte, aún no se ha caracterizado el uso de la blockchain por parte de malwares. Por ello, esta tesis también analiza el actual estado del arte en este ámbito. Una de las lecciones aprendidas al analizar los datos es que las comunicaciones encubiertas han recibido poca atención. Por otro lado, aunque trabajos anteriores han analizado la viabilidad de los canales encubiertos en una tecnología blockchain concreta llamada Bitcoin, ningún trabajo anterior ha explorado el uso de Ethereum para establecer un canal encubierto considerando todos los campos de transacción y contratos inteligentes. Con el objetivo de fomentar una mayor investigación orientada a la defensa, en esta tesis se presentan dos mecanismos novedosos. En primer lugar, Zephyrus aprovecha todos los campos de Ethereum y el bytecode de los contratos inteligentes. En segundo lugar, Smart-Zephyrus complementa Zephyrus aprovechando los contratos inteligentes escritos en Solidity. Se evalúa, también, la viabilidad y el coste de ambos mecanismos. Los resultados muestran que Zephyrus, en el mejor de los casos, puede ocultar 40 Kbits en 0,57 s. por 1,64 US$, y recuperarlos en 2,8 s. Smart-Zephyrus, por su parte, es capaz de ocultar un secreto de 4 Kb en 41 s. Si bien es cierto que es caro (alrededor de 1,82 dólares por bit), el sigilo proporcionado podría valer la pena para los atacantes. Además, estos dos mecanismos pueden combinarse para aumentar la capacidad y reducir los costesPrograma de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidente: José Manuel Estévez Tapiador.- Secretario: Jorge Blasco Alís.- Vocal: Luis Hernández Encina

Developing an Effective Detection Framework for Targeted Ransomware Attacks in Brownfield Industrial Internet of Things

The Industrial Internet of Things (IIoT) is being interconnected with many critical industrial activities, creating major cyber security concerns. The key concern is with edge systems of Brownfield IIoT, where new devices and technologies are deployed to interoperate with legacy industrial control systems and leverage the benefits of IoT. These edge devices, such as edge gateways, have opened the way to advanced attacks such as targeted ransomware. Various pre-existing security solutions can detect and mitigate such attacks but are often ineffective due to the heterogeneous nature of the IIoT devices and protocols and their interoperability demands. Consequently, developing new detection solutions is essential. The key challenges in developing detection solutions for targeted ransomware attacks in IIoT systems include 1) understanding attacks and their behaviour, 2) designing accurate IIoT system models to test attacks, 3) obtaining realistic data representing IIoT systems' activities and connectivities, and 4) identifying attacks. This thesis provides important contributions to the research focusing on investigating targeted ransomware attacks against IIoT edge systems and developing a new detection framework. The first contribution is developing the world's first example of ransomware, specifically targeting IIoT edge gateways. The experiments' results demonstrate that such an attack is now possible on edge gateways. Also, the kernel-related activity parameters appear to be significant indicators of the crypto-ransomware attacks' behaviour, much more so than for similar attacks in workstations. The second contribution is developing a new holistic end-to-end IIoT security testbed (i.e., Brown-IIoTbed) that can be easily reproduced and reconfigured to support new processes and security scenarios. The results prove that Brown-IIoTbed operates efficiently in terms of its functions and security testing. The third contribution is generating a first-of-its-kind dataset tailored for IIoT systems covering targeted ransomware attacks and their activities, called X-IIoTID. The dataset includes connectivity- and device-agnostic features collected from various data sources. The final contribution is developing a new asynchronous peer-to-peer federated deep learning framework tailored for IIoT edge gateways for detecting targeted ransomware attacks. The framework's effectiveness has been evaluated against pre-existing datasets and the newly developed X-IIoTID dataset

A criminological investigation into the lived experiences of cybercrime perpetrators in southwest Nigeria.

Doctoral Degree. University of KwaZulu-Natal, Durban.Internet fraud, also known as ‘yahoo-yahoo’, has become very popular in Nigeria, especially among the youth. Adopting a qualitative research design through a phenomenological lens, this study investigates the experiences of cybercrime perpetrators, otherwise known as ‘yahoo-boys’, in Nigeria. It seeks to understand the factors influencing and sustaining youth involvement in cyber criminality in Nigeria. Painstaking in-depth interviews were conducted with 29 yahoo-boys across three cities in Nigeria namely, Lagos, Ibadan and Ado-Ekiti. The study adopts the arguments of Robert Merton’s Strain Theory and Rational Choice Theory as a theoretical framework. Findings suggest that poverty, unemployment, corrupt political leadership and law enforcement, failure of vital social institutions to meet the needs of most of the population, as well as the proliferation of internet service providers have all merged to create a booming business of cybercrime in Nigeria. Narratives of yahoo-yahoo among the yahoo-boys vary from some admitting that it is a criminal act to others seeing it as an opportunity to escape the harsh socio-economic realities of Nigeria. Some also see it as an avenue for retribution and the redistribution of wealth. Some of these yahoo-boys believe that because most of their victims are based in rich western countries, they are taking revenge for the years of exploitation and oppression Africa has suffered through slavery and colonialism. Yahoo-yahoo is maintained and sustained through a highly sophisticated network of inter-continental groups of individuals and interests pooling resources together and sharing information and skills with the intent to defraud harmless individuals, business organisations and government parastatals across the globe. They pass on their skills and knowledge to recruits who, most times, consider themselves lucky to be joining the bandwagon through a structured system of apprenticeship and mentorship. The entire network of yahoo-yahoo is built on reliance and collaboration, and more recently has begun exploring elements of the supernatural- spiritualism, to boost the trade. It was brought to the fore that the efforts of the government to curb this illicit trade have been marred by corruption. Therefore, the study concludes that yahoo-yahoo is an endemic problem in Nigeria that requires a broad, systemic, and multi-level intervention. The proliferation of yahoo-yahoo in the country does not just bring to the fore the consequences of the harsh socio-economic reality Nigerians endure, but its normalisation as an inescapable reality for some young people among various groups of people show the decadence that has pervades in the country’s moral norms and ethical codes. To address the problem there is the need for an attitudinal change. Yahoo-yahoo must be labelled as a crime and not an avenue to escape poverty or get retribution. The government must address unemployment, invest in poverty reduction initiatives, and provide better remuneration across the board. There will be a further need to purge the Nigerian law enforcement agencies of corruption and constantly (re)train its officers on how to handle cybercrime. If initiatives such as sport development programmes and skills acquisition programmes are part of the education curriculum, young people will have the opportunity to develop capacity in other conforming areas of life that could yield a better remuneration in their adult life

Cyber Risks, Potential Liabilities and Insurance Responses in the Marine Sector

The marine sector is vulnerable to cyber-attacks as it becomes more dependent on information and operational technology systems connected to the internet. While this allows for greater efficiency, the interconnected nature of such systems will expose the sector to new and evolving cyber risks. The research begins by briefly examining the nature of cyber risks, identifying likely threat actors and the motivation behind such attacks. Through the use of hypothetical scenarios, the researcher identified; i) some of the cybersecurity vulnerabilities particular to the marine sector, ii) the potential losses and liabilities from a cyber-attack / incident and iii) analysed how insurance may be used to mitigate the risks focusing specifically on the adequacy of traditional marine policies as well as cyber insurance policies to cover such risks. Traditional marine policies were analysed to identify the gaps in cyber coverage in addition to the recognition that without a clearly written cyber exclusion clause, insurers will be exposed to risks and liabilities they did not intend to cover. As for Assureds, while traditional hull and cargo insurance policies may cover some risk, they will not fully cover losses unique to cyber risks such as network failure, data loss, business interruption, cyber espionage and reputational damage so they too may not have adequate coverage against cyber-attacks. The main conclusion from the research is that marine and cyber insurance policies currently available do not adequately protect against cyber related losses and liabilities particularly those unique to the marine sector. This is primarily due to the extensive list of exclusions found in cyber insurance policies and commonly used cyber exclusions clauses usually attached to traditional marine policies. The coverage limits are also inadequate to cover the potential losses to marine facilities and assets which are usually connected to a complex supply chain

Sustenabilitatea educației doctorale în economie și afaceri

Volumul ”Sustenabilitatea educației doctorale în economie și afaceri” valorifică ideile și cercetările doctoranzilor de la Universitatea “Alexandru Ioan Cuza” din Iași, școala doctorală de economie și administrarea afacerilor. Lucrările au fost prezentate, prin postere sau în plen, în conferința finală a proiectului SESYR, finanțat prin programul european Jean Monnet. Structurarea volumului în patru subcapitole generice are ca scop valorificarea domeniilor considerate prin filosofia proiectului:managementul proiectelor, antreprenoriat si angajabilitate pentru tinerii cercetători. O colecție de 24 de articole având 35 de autori, oferă un mediu de dezbatere științifică provocatoare pentru publicul cititor din domeniul economic. Focalizarea subiectelor din articolele prezente pe motivațiile de cercetare ale doctoranzilor și postdoctoranzilor face ca acest volum să reprezinte un debut publicistic pentru unii autori iar pentru alții, o consolidare a vocației. Diseminarea pasiunilor în astfel de contexte consolidează colaborarea și deschiderea spre noi subiecte investigative. Volumul este destinat studenților, cercetătorilor și profesorilor și îl propunem ca reper bibliografic pentru dezvoltarea altor idei de cercetare și inovare în arealul nostru tematic