The Rise of Crypto Malware: Leveraging Machine Learning Techniques to Understand the Evolution, Impact, and Detection of Cryptocurrency-Related Threats

Crypto malware has become a major threat to the security of cryptocurrency holders and exchanges. As the popularity of cryptocurrency continues to rise, so too does the number and sophistication of crypto malware attacks. This paper leverages machine learning techniques to understand the evolution, impact, and detection of cryptocurrency-related threats. We analyse the different types of crypto malware, including ransomware, crypto jacking, and supply chain attacks, and explore the use of machine learning algorithms for detecting and preventing these threats. Our research highlights the importance of using machine learning for detecting crypto malware and compares the effectiveness of traditional methods with deep learning techniques. Through this analysis, we aim to provide insights into the growing threat of crypto malware and the potential benefits of using machine learning in combating these attacks

How Artificial Intelligence Can Protect Financial Institutions From Malware Attacks

The objective of this study is to examine the potential of artificial intelligence (AI) to enhance the security posture of financial institutions against malware attacks. The study identifies the current trends of malware attacks in the banking sector, assesses the various forms of malware and their impact on financial institutions, and analyzes the relevant security features of AI. The findings suggest that financial institutions must implement robust cybersecurity measures to protect against various forms of malware attacks, including ransomware attacks, phishing attacks, mobile malware attacks, APTs, and insider threats. The study recommends that financial institutions invest in AI-based security systems to improve security features and automate security tasks. To ensure the reliability and security of AI systems, it is essential to incorporate relevant security features such as explain ability, privacy, anomaly detection, intrusion detection, and data validation. The study highlights the importance of incorporating explainable AI (XAI) to enable users to understand the reasoning behind the AI's decisions and actions, identify potential security threats and vulnerabilities in the AI system, and ensure that the system operates ethically and transparently. The study also recommends incorporating privacy-enhancing technologies (PETs) into AI systems to protect user data from unauthorized access and use. Finally, the study recommends incorporating robust security measures such as anomaly detection and intrusion detection to protect against adversarial attacks and data validation and integrity checks to protect against data poisoning attacks. Overall, this study provides insights for decision-makers in implementing effective cybersecurity strategies to protect financial institutions from malware attacks

Security Posture: A Systematic Review of Cyber Threats and Proactive Security

In the last decade, several high-profile cyber threats have occurred with global impact and devastating consequences. The tools, techniques, and procedures used to prevent cyber threats from occurring fall under the category of proactive security. Proactive security methodologies, however, vary among professionals where differing tactics have proved situationally effective. To determine the most effective tactics for preventing exploitation of vulnerabilities, the author examines the attack vector of three incidents from the last five years in a systematic review format: the WannaCry incident, the 2020 SolarWinds SUNBURST exploit, and the recently discovered Log4j vulnerability. From the three cases and existing literature, the author determined that inventory management, auditing, and patching are essential proactive security measures which may have prevented the incidents altogether. Then, the author discusses obstacles inherent to these solutions, such as time, talent, and resource restrictions, and proposes the use of user-friendly, open-source tools as a solution. The author intends through this research to improve the security posture of the Internet by encouraging further research into proactive cyber threat intelligence measures and motivating business executives to prioritize cybersecurity

Ransomware and Academic International Medicine

Healthcare is among the leading industries targeted by cyber-criminals. Ransomware exploits vulnerabilities to hijack target information technology (IT) infrastructures for monetary gain. Due to the nature and value of information, access to medical information enables cyber-criminals to commit identity theft, medical fraud, and extortion, and illegally obtain controlled substances. The utility and versatility of medical information, extensive centralized storage of medical information, relatively weak IT security systems, and the expanding use of healthcare IT infrastructure all contribute to an increase in cyber-attacks on healthcare entities. Research suggests that an individual’s medical information is 20–50 times more valuable to cyber-criminals than personal financial information. As such, cyber-attacks targeting medical information are increasing 22% per year. This chapter explores the history of ransomware attacks in healthcare, ransomware types, ransom payment, healthcare vulnerabilities, implications for international health security, and means of institutional protection

Measuring Cyber Security Awareness within Groups of Medical Professionals in Poland

The goal of this study is to measure the cyber security awareness of medical professionals in Poland, i.e. to verify whether healthcare specialists have knowledge and understanding of basic cyber security threats. This survey was based on the cyber security recommendations from the European Union Agency for Network and Information Security and the U.S. Department of Health and Human Services. The survey consisted of 23 single and multiple-choice questions divided into four parts. The results categorized the respondents and measured the level of cyber security awareness. Among the 620 persons invited to participate in the survey, 300 (48.39%) responded and answered all of the questions. The results show a an unsatisfactory level of knowledge regarding information security in Poland. The main conclusion drawn from the survey is that the quality of cyber security training among medical professionals should be improved and frequency of the trainings should be increased

The Mega Healthcare Data Breaches in the United States (2009 – 2023): A Comparative Document Analysis

This paper presents a comprehensive analysis of the predominant healthcare data breaches in the United States from October 2009 to September 2023, utilizing a mixed-methods approach centered on seven publicly available breach reports. It aims to identify patterns, common factors, and measures to enhance cybersecurity within the sector. Through comparative document analysis, the study examines the nature, causes, and repercussions of these breaches, recognizing external attacks, internal errors, and software vulnerabilities as critical weaknesses. The consequences range from financial and reputational damage to erosion of patient trust. The findings stress the necessity for improved preventive strategies, bolstering of security practices, employee training, vendor oversight, and effective incident response mechanisms. The paper also offers insights into the legal and ethical implications of breaches. It suggests robust cybersecurity measures, including the adoption of emerging technologies like blockchain and AI/ML to deter threats. The recommendations guide healthcare organizations toward establishing robust protections for sensitive health data, ensuring regulatory compliance, and facilitating continuity of trust and care. The paper serves as a call to action for ongoing study into the multidimensional impact of data compromises in healthcare.

Addressing telecommuting in cyber security guidelines

Cyber security threats are becoming more common than before. New phenomena in society include new cyber security threats which organisations and society should prepare for. One of these phenomena is telecommuting. Telecommuting has its roots already in the 1970s, but it has become increasingly popular during the last years. Especially the pandemic caused by Covid-19 has changed the way of working drastically. Pandemic and the social distancing forced many organisations to have their employees working from home. Information technology has abled telecommuting, but it has also brought some problems such as security issues. Cyber security threats have increased and become more diverse during the mass telecommuting caused by Covid-19. Telecommuting has some special features that can increase cyber security threats and risks. In this research the following cyber security threats relating to telecommuting were identified to be most relevant: cyber attacks, social engineering, unauthorized access and physical security. Previous literature has identified that there exist cyber security threats in telecommuting, but it has remained unclear how organisations manage and mitigate these in practice. Many of the identified threats relate to employees’ unwanted behaviour. Employees are unaware of the threats facing the organisation in telecommuting. Some employees have not been provided with proper guidelines and instruction on secure way of working. Information security policies and guidelines are important for maintaining cyber security in organisations. Policies can be even seen as the basis for organisation’s cyber security. This research studied which guidelines could be applicable in a telecommuting environment in order to mitigate the common cyber security threats. Most prominent cyber security guidelines for telecommuting identified in this research were guidelines for personal and mobile devices, guidelines for social engineering, guidelines for physical security, network guidelines, password guidelines and guidelines for online meetings. Case study of multiple cases was used as a method for this study. The cases are seven Finnish universities. The empirical data consists of cyber security and telecommuting guidelines from the universities. These guidelines were analysed by reflecting to the theoretical framework. The analysis showed that especially guidelines for physical security and online meetings were lacking. The presence of outsiders in the telecommuting environment was addressed poorly. Outsiders are a threat both to physical and online meeting security as outsiders may see or hear confidential things. In addition, guidelines were not addressing data labelling and information release. Threats specific to Covid-19 were also addressed poorly even though cyber criminals have exploited the pandemic. Guidelines seemed to be otherwise comprehensive. Threats that were addressed poorly have been especially relevant during the pandemic which suggests that organisations’ guidelines are not quite up to date even though otherwise applicable. Organisations should review and update their guidelines periodically and if a major change occurs in the operation environment.Kyberturvallisuusuhat ovat yleistymässä. Uudet ilmiöt tuovat mukanaan uusia kyberturvallisuusuhkia, joihin organisaatioiden ja yhteiskunnan tulee varautua. Yksi näistä ilmiöistä on etätyö. Etätyön juuret ovat jo 1970-luvulla, mutta sen suosio on kasvanut viime vuosina. Erityisesti Covid-19 ja sen aiheuttama pandemia ovat muuttaneet työn toimintatapoja radikaalisti, sillä pandemia pakotti monet työntekijät etätyöhön. Tietotekniikka on mahdollistanut etätyön, mutta se on tuonut myös ongelmia liittyen kyberturvaan. Kyberturvallisuusuhat ovat lisääntyneet ja monipuolistuneet pandemian aiheuttaman laajalle levinneen etätyön myötä. Etätyössä on joitain erityispiirteitä, jotka voivat lisätä kyberturvallisuusuhkia ja -riskejä perinteiseen työntekoon verraten. Tässä tutkimuksessa tärkeimmiksi etätyöhön liittyviksi kyberuhiksi tunnistettiin kyberhyökkäykset, sosiaalinen manipulointi, valtuuttamaton pääsy ja huono fyysinen turvallisuus. Aikaisemmassa kirjallisuudessa on havaittu, että etätyöhön liittyy kyberturvallisuusuhkia, mutta on jäänyt epäselväksi, miten organisaatiot hallitsevat ja vähentävät niitä käytännössä. Monet tunnistetuista uhista liittyvät työntekijöiden ei-toivottuun käyttäytymiseen. Työntekijät eivät välttämättä ole tietoisia etätyön uhista organisaatiolle. Osalle työntekijöistä ei ole myöskään annettu asianmukaisia ohjeita kyberturvallisista työskentelytavoista. Tietoturvapolitiikat ja - ohjeet ovat tärkeitä organisaatioiden kyberturvallisuuden ylläpitämisessä. Politiikkoja voidaan pitää jopa organisaation kyberturvallisuuden perustana. Tässä tutkimuksessa selvitettiin, minkälaisia ohjeita tarvitaan etätyössä yleisten kyberturvallisuusuhkien lieventämiseksi. Tässä tutkimuksessa tunnistetut kyberturvallisuusohjeet etätyöhön liittyivät henkilökohtaisten ja mobiililaitteiden käyttöön, sosiaaliseen manipulointiin, fyysiseen turvallisuuteen, turvattomiin verkkoihin, salasanoihin ja online-kokouksiin. Tutkimusmetodina tässä tutkimuksessa käytettiin usean tapauksen tapaustutkimusta. Tapauksina toimivat seitsemän suomalaista yliopistoa. Empiirinen data koostuu Suomessa toimivien yliopistojen kyberturvallisuus- ja etätyöohjeista. Nämä ohjeet analysoitiin teoreettiseen viitekehyksen avulla ja siihen viitaten. Analyysi osoitti, että erityisesti fyysistä turvallisuutta ja online-kokouksia koskevat ohjeet ovat puutteellisia. Ulkopuolisten läsnäolo etätyöympäristössä on huomioitu huonosti. Ulkopuoliset ovat uhka sekä fyysiselle että online-kokousten turvallisuudelle, koska ulkopuoliset voivat nähdä tai kuulla luottamuksellisia asioita. Lisäksi datan merkitsemiseen ja tiedon jakamiseen liittyvät ohjeet puuttuivat. Covid-19 oli myös huomioitu huonosti, vaikka pandemian aikana on ollut useita kyberhyökkäyksiä, jotka ovat hyödyntäneet Covid-19 tuomaa epävarmuutta. Yliopistojen ohjeet näyttivät muuten olevan kattavat. Huonosti huomioon otetut ohjeet ovat sellaisia, jotka ovat olleet esillä etenkin pandemian aikana. Vaikuttaa siltä, että organisaatioiden ohjeet eivät ole täysin ajan tasalla, vaikka ne muuten olisivat tarkoituksenmukaiset. Organisaatioiden tuleekin tarkistaa ja päivittää ohjeitaan säännöllisesti ja aina, jos toimintaympäristössä tapahtuu suuria muutoksia

A SYSTEMATIC LITERATURE REVIEW OF RANSOMWARE ATTACKS IN HEALTHCARE

This culminating experience project conducted a Systematic Literature Review of ransomware in the healthcare industry. Due to COVID-19, there has been an increase in ransomware attacks that took healthcare by surprise. Although ransomware is a common attack, the current healthcare infrastructure and security mechanisms could not suppress these attacks. This project identifies peer-viewed literature to answer these research questions: “What current ransomware attacks are used in healthcare systems? “What ransomware attacks are likely to appear in the future?” and “What solutions or methods have been used to prepare, prevent, and recover from these attacks?” The purpose of this research is to identify a possible increasing trend of seeing ransomware in the future and to see what technologies are used to combat these attacks. The findings focus on three solutions, artificial intelligence (AI), machine learning (ML), and blockchain as there can be many solutions that could have been included. Because the healthcare industry has many different types of systems involved, limitations of the research are solutions suggested being other studies may not work with other studies. For future studies, indicating a specific type of healthcare organization may be recommended and will have better results

DECEPTION BASED TECHNIQUES AGAINST RANSOMWARES: A SYSTEMATIC REVIEW

Ransomware is the most prevalent emerging business risk nowadays. It seriously affects business continuity and operations. According to Deloitte Cyber Security Landscape 2022, up to 4000 ransomware attacks occur daily, while the average number of days an organization takes to identify a breach is 191. Sophisticated cyber-attacks such as ransomware typically must go through multiple consecutive phases (initial foothold, network propagation, and action on objectives) before accomplishing its final objective. This study analyzed decoy-based solutions as an approach (detection, prevention, or mitigation) to overcome ransomware. A systematic literature review was conducted, in which the result has shown that deception-based techniques have given effective and significant performance against ransomware with minimal resources. It is also identified that contrary to general belief, deception techniques mainly involved in passive approaches (i.e., prevention, detection) possess other active capabilities such as ransomware traceback and obstruction (thwarting), file decryption, and decryption key recovery. Based on the literature review, several evaluation methods are also analyzed to measure the effectiveness of these deception-based techniques during the implementation process