Performance Assessment of some Phishing predictive models based on Minimal Feature corpus

Phishing is currently one of the severest cybersecurity challenges facing the emerging online community. With damages running into millions of dollars in financial and brand losses, the sad tale of phishing activities continues unabated. This led to an arms race between the con artists and online security community which demand a constant investigation to win the cyberwar. In this paper, a new approach to phishing is investigated based on the concept of minimal feature set on some selected remarkable machine learning algorithms. The goal of this is to select and determine the most efficient machine learning methodology without undue high computational requirement usually occasioned by non-minimal feature corpus. Using the frequency analysis approach, a 13-dimensional feature set consisting of 85% URL-based feature category and 15% non-URL-based feature category was generated. This is because the URL-based features are observed to be more regularly exploited by phishers in most zero-day attacks. The proposed minimal feature set is then trained on a number of classifiers consisting of Random Tree, Decision Tree, Artificial Neural Network, Support Vector Machine and Naïve Bayes. Using 10 fold-cross validation, the approach was experimented and evaluated with a dataset consisting of 10000 phishing instances. The results indicate that Random Tree outperforms other classifiers with significant accuracy of 96.1% and a Receiver’s Operating Curve (ROC) value of 98.7%. Thus, the approach provides the performance metrics of various state of art machine learning approaches popular with phishing detection which can stimulate further deeper research work in the evaluation of other ML techniques with the minimal feature set approach

Payments fraud: perception versus reality - a conference summary

The authors highlight key issues from the presentations, keynote addresses, and open floor discussions at the Federal Reserve Bank of Chicago's eighth annual Payments Conference. The conference's agenda appears at the end of this article.Fraud ; Payment systems

An eye for deception: A case study in utilizing the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks

In a number of information security scenarios, human beings can be better than technical security measures at detecting threats. This is particularly the case when a threat is based on deception of the user rather than exploitation of a specific technical flaw, as is the case of spear-phishing, application spoofing, multimedia masquerading and other semantic social engineering attacks. Here, we put the concept of the humanas-a-security-sensor to the test with a first case study on a small number of participants subjected to different attacks in a controlled laboratory environment and provided with a mechanism to report these attacks if they spot them. A key challenge is to estimate the reliability of each report, which we address with a machine learning approach. For comparison, we evaluate the ability of known technical security countermeasures in detecting the same threats. This initial proof of concept study shows that the concept is viable

Ransomware: Current Trend, Challenges, and Research Directions

Ransomware attacks have become a global incidence, with the primary aim of making monetary gains through illicit means. The attack started through e-mails and has expanded through spamming and phishing. Ransomware encrypts targets’ files and display notifications, requesting for payment before the data can be unlocked. Ransom demand is usually in form of virtual currency, bitcoin, because it is difficult to track. In this paper, we give a brief overview of the current trend, challenges, and research progress in the bid to finding lasting solutions to the menace of ransomware that currently challenge computer and network security, and data privacy

An Examination of the Human Factors in Cybersecurity: Future Direction for Nigerian Banks

Information and communication technology has become necessary for conducting business operations and ensuring business survival in Nigerian banks. However, this has come with some encumbrances, as this technology is vulnerable to attacks due to technical or human factors. These human factors have been very challenging for organizations due to their multi-dimensional nature and the fact that humans have been responsible for most cybersecurity incidents. Resolving issues arising from cybersecurity incidents is expensive and time-consuming. Therefore, this study is crucial as it will enable Nigerian banks witnessing increased attacks to take preventive measures and reduce the enormous expenditure required for remediation. This study adopts a literature review approach, reviewing previous studies on human factors in cybersecurity to determine the factors responsible for successful cyber-attacks and their suggested mitigations. The findings categorize these human factors into social engineering, poor information security culture, risky password practices, stress, burnout, and security fatigue. The study presents mitigations but notes that training and cybersecurity awareness are the most common reoccurring pre-emptive actions recommended. This research is significant as very little prior research has been conducted in this area targeted at the Nigerian banking sector. Practically, the findings of this study are expected to point Nigerian banks toward the critical human factors that they need to concentrate on to minimize the success rate of cyber-attacks and reduce the associated costs of recovering from these attacks

Addressing telecommuting in cyber security guidelines

Cyber security threats are becoming more common than before. New phenomena in society include new cyber security threats which organisations and society should prepare for. One of these phenomena is telecommuting. Telecommuting has its roots already in the 1970s, but it has become increasingly popular during the last years. Especially the pandemic caused by Covid-19 has changed the way of working drastically. Pandemic and the social distancing forced many organisations to have their employees working from home. Information technology has abled telecommuting, but it has also brought some problems such as security issues. Cyber security threats have increased and become more diverse during the mass telecommuting caused by Covid-19. Telecommuting has some special features that can increase cyber security threats and risks. In this research the following cyber security threats relating to telecommuting were identified to be most relevant: cyber attacks, social engineering, unauthorized access and physical security. Previous literature has identified that there exist cyber security threats in telecommuting, but it has remained unclear how organisations manage and mitigate these in practice. Many of the identified threats relate to employees’ unwanted behaviour. Employees are unaware of the threats facing the organisation in telecommuting. Some employees have not been provided with proper guidelines and instruction on secure way of working. Information security policies and guidelines are important for maintaining cyber security in organisations. Policies can be even seen as the basis for organisation’s cyber security. This research studied which guidelines could be applicable in a telecommuting environment in order to mitigate the common cyber security threats. Most prominent cyber security guidelines for telecommuting identified in this research were guidelines for personal and mobile devices, guidelines for social engineering, guidelines for physical security, network guidelines, password guidelines and guidelines for online meetings. Case study of multiple cases was used as a method for this study. The cases are seven Finnish universities. The empirical data consists of cyber security and telecommuting guidelines from the universities. These guidelines were analysed by reflecting to the theoretical framework. The analysis showed that especially guidelines for physical security and online meetings were lacking. The presence of outsiders in the telecommuting environment was addressed poorly. Outsiders are a threat both to physical and online meeting security as outsiders may see or hear confidential things. In addition, guidelines were not addressing data labelling and information release. Threats specific to Covid-19 were also addressed poorly even though cyber criminals have exploited the pandemic. Guidelines seemed to be otherwise comprehensive. Threats that were addressed poorly have been especially relevant during the pandemic which suggests that organisations’ guidelines are not quite up to date even though otherwise applicable. Organisations should review and update their guidelines periodically and if a major change occurs in the operation environment.Kyberturvallisuusuhat ovat yleistymässä. Uudet ilmiöt tuovat mukanaan uusia kyberturvallisuusuhkia, joihin organisaatioiden ja yhteiskunnan tulee varautua. Yksi näistä ilmiöistä on etätyö. Etätyön juuret ovat jo 1970-luvulla, mutta sen suosio on kasvanut viime vuosina. Erityisesti Covid-19 ja sen aiheuttama pandemia ovat muuttaneet työn toimintatapoja radikaalisti, sillä pandemia pakotti monet työntekijät etätyöhön. Tietotekniikka on mahdollistanut etätyön, mutta se on tuonut myös ongelmia liittyen kyberturvaan. Kyberturvallisuusuhat ovat lisääntyneet ja monipuolistuneet pandemian aiheuttaman laajalle levinneen etätyön myötä. Etätyössä on joitain erityispiirteitä, jotka voivat lisätä kyberturvallisuusuhkia ja -riskejä perinteiseen työntekoon verraten. Tässä tutkimuksessa tärkeimmiksi etätyöhön liittyviksi kyberuhiksi tunnistettiin kyberhyökkäykset, sosiaalinen manipulointi, valtuuttamaton pääsy ja huono fyysinen turvallisuus. Aikaisemmassa kirjallisuudessa on havaittu, että etätyöhön liittyy kyberturvallisuusuhkia, mutta on jäänyt epäselväksi, miten organisaatiot hallitsevat ja vähentävät niitä käytännössä. Monet tunnistetuista uhista liittyvät työntekijöiden ei-toivottuun käyttäytymiseen. Työntekijät eivät välttämättä ole tietoisia etätyön uhista organisaatiolle. Osalle työntekijöistä ei ole myöskään annettu asianmukaisia ohjeita kyberturvallisista työskentelytavoista. Tietoturvapolitiikat ja - ohjeet ovat tärkeitä organisaatioiden kyberturvallisuuden ylläpitämisessä. Politiikkoja voidaan pitää jopa organisaation kyberturvallisuuden perustana. Tässä tutkimuksessa selvitettiin, minkälaisia ohjeita tarvitaan etätyössä yleisten kyberturvallisuusuhkien lieventämiseksi. Tässä tutkimuksessa tunnistetut kyberturvallisuusohjeet etätyöhön liittyivät henkilökohtaisten ja mobiililaitteiden käyttöön, sosiaaliseen manipulointiin, fyysiseen turvallisuuteen, turvattomiin verkkoihin, salasanoihin ja online-kokouksiin. Tutkimusmetodina tässä tutkimuksessa käytettiin usean tapauksen tapaustutkimusta. Tapauksina toimivat seitsemän suomalaista yliopistoa. Empiirinen data koostuu Suomessa toimivien yliopistojen kyberturvallisuus- ja etätyöohjeista. Nämä ohjeet analysoitiin teoreettiseen viitekehyksen avulla ja siihen viitaten. Analyysi osoitti, että erityisesti fyysistä turvallisuutta ja online-kokouksia koskevat ohjeet ovat puutteellisia. Ulkopuolisten läsnäolo etätyöympäristössä on huomioitu huonosti. Ulkopuoliset ovat uhka sekä fyysiselle että online-kokousten turvallisuudelle, koska ulkopuoliset voivat nähdä tai kuulla luottamuksellisia asioita. Lisäksi datan merkitsemiseen ja tiedon jakamiseen liittyvät ohjeet puuttuivat. Covid-19 oli myös huomioitu huonosti, vaikka pandemian aikana on ollut useita kyberhyökkäyksiä, jotka ovat hyödyntäneet Covid-19 tuomaa epävarmuutta. Yliopistojen ohjeet näyttivät muuten olevan kattavat. Huonosti huomioon otetut ohjeet ovat sellaisia, jotka ovat olleet esillä etenkin pandemian aikana. Vaikuttaa siltä, että organisaatioiden ohjeet eivät ole täysin ajan tasalla, vaikka ne muuten olisivat tarkoituksenmukaiset. Organisaatioiden tuleekin tarkistaa ja päivittää ohjeitaan säännöllisesti ja aina, jos toimintaympäristössä tapahtuu suuria muutoksia

Deep Learning for Phishing Detection: Taxonomy, Current Challenges and Future Directions

This work was supported in part by the Ministry of Higher Education under the Fundamental Research Grant Scheme under Grant FRGS/1/2018/ICT04/UTM/01/1; and in part by the Faculty of Informatics and Management, University of Hradec Kralove, through SPEV project under Grant 2102/2022.Phishing has become an increasing concern and captured the attention of end-users as well as security experts. Existing phishing detection techniques still suffer from the de ciency in performance accuracy and inability to detect unknown attacks despite decades of development and improvement. Motivated to solve these problems, many researchers in the cybersecurity domain have shifted their attention to phishing detection that capitalizes on machine learning techniques. Deep learning has emerged as a branch of machine learning that becomes a promising solution for phishing detection in recent years. As a result, this study proposes a taxonomy of deep learning algorithm for phishing detection by examining 81 selected papers using a systematic literature review approach. The paper rst introduces the concept of phishing and deep learning in the context of cybersecurity. Then, taxonomies of phishing detection and deep learning algorithm are provided to classify the existing literature into various categories. Next, taking the proposed taxonomy as a baseline, this study comprehensively reviews the state-of-the-art deep learning techniques and analyzes their advantages as well as disadvantages. Subsequently, the paper discusses various issues that deep learning faces in phishing detection and proposes future research directions to overcome these challenges. Finally, an empirical analysis is conducted to evaluate the performance of various deep learning techniques in a practical context, and to highlight the related issues that motivate researchers in their future works. The results obtained from the empirical experiment showed that the common issues among most of the state-of-the-art deep learning algorithms are manual parameter-tuning, long training time, and de cient detection accuracy.Ministry of Higher Education under the Fundamental Research Grant Scheme FRGS/1/2018/ICT04/UTM/01/1Faculty of Informatics and Management, University of Hradec Kralove, through SPEV project 2102/202

Applications of Cyber Threat Intelligence (CTI) in Financial Institutions and Challenges in Its Adoption

The critical nature of financial infrastructures makes them prime targets for cybercriminal activities, underscoring the need for robust security measures. This research delves into the role of Cyber Threat Intelligence (CTI) in bolstering the security framework of financial entities and identifies key challenges that could hinder its effective implementation. CTI brings a host of advantages to the financial sector, including real-time threat awareness, which enables institutions to proactively counteract cyber-attacks. It significantly aids in the efficiency of incident response teams by providing contextual data about attacks. Moreover, CTI is instrumental in strategic planning by providing insights into emerging threats and can assist institutions in maintaining compliance with regulatory frameworks such as GDPR and CCPA. Additional applications include enhancing fraud detection capabilities through data correlation, assessing and managing vendor risks, and allocating resources to confront the most pressing cyber threats. The adoption of CTI technologies is fraught with challenges. One major issue is data overload, as the vast quantity of information generated can overwhelm institutions and lead to alert fatigue. The issue of interoperability presents another significant challenge; disparate systems within the financial sector often use different data formats, complicating seamless CTI integration. Cost constraints may also inhibit the adoption of advanced CTI tools, particularly for smaller institutions. A lack of specialized skills necessary to interpret CTI data exacerbates the problem. The effectiveness of CTI is contingent on its accuracy, and false positives and negatives can have detrimental impacts. The rapidly evolving nature of cyber threats necessitates real-time updates, another hurdle for effective CTI implementation. Furthermore, the sharing of threat intelligence among entities, often competitors, is hampered by mistrust and regulatory complications. This research aims to provide a nuanced understanding of the applicability and limitations of CTI within the financial sector, urging institutions to approach its adoption with a thorough understanding of the associated challenges

Phishing Detection using Base Classifier and Ensemble Technique

Phishing attacks continue to pose a significant threat in today's digital landscape, with both individuals and organizations falling victim to these attacks on a regular basis. One of the primary methods used to carry out phishing attacks is through the use of phishing websites, which are designed to look like legitimate sites in order to trick users into giving away their personal information, including sensitive data such as credit card details and passwords. This research paper proposes a model that utilizes several benchmark classifiers, including LR, Bagging, RF, K-NN, DT, SVM, and Adaboost, to accurately identify and classify phishing websites based on accuracy, precision, recall, f1-score, and confusion matrix. Additionally, a meta-learner and stacking model were combined to identify phishing websites in existing systems. The proposed ensemble learning approach using stack-based meta-learners proved to be highly effective in identifying both legitimate and phishing websites, achieving an accuracy rate of up to 97.19%, with precision, recall, and f1 scores of 97%, 98%, and 98%, respectively. Thus, it is recommended that ensemble learning, particularly with stacking and its meta-learner variations, be implemented to detect and prevent phishing attacks and other digital cyber threats