Adversarial behaviours knowledge area

The technological advancements witnessed by our society in recent decades have brought improvements in our quality of life, but they have also created a number of opportunities for attackers to cause harm. Before the Internet revolution, most crime and malicious activity generally required a victim and a perpetrator to come into physical contact, and this limited the reach that malicious parties had. Technology has removed the need for physical contact to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attacker’s motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio

A Proposed Hierarchical Taxonomy for Assessing the Primary Effects of Cyber Events: A Sector Analysis 2014-2016

Publicity surrounding the threat of cyber-attacks continues to grow, yet immature classification methods for these events prevent technical staff, organizational leaders, and policy makers from engaging in meaningful and nuanced conversations about the risk to their organizations or critical infrastructure. This paper provides a taxonomy of cyber events that is used to analyze over 2,431 publicized cyber events from 2014-2016 by industrial sector. Industrial sectors vary in the scale of events they are subjected to, the distribution between exploitive and disruptive event types, and the method by which data is stolen or organizational operations are disrupted. The number, distribution, and mix of cyber event types highlight significant differences by sector, demonstrating that strategies may vary based on deeper understandings of the threat environment faced across industries

Typhoid Mario: Video Game Piracy as Viral Vector and National Security Threat

Current academic and policy discussions regarding video game piracy focus on the economic losses inherent to copyright infringement. Unfortunately, this approach neglects the most significant implication of video game piracy: malware distribution. Copyright-motivated efforts to shut down file-sharing sites do little to reduce piracy and actually increase viral malware infection. Pirated video games are an ideal delivery device for malware, as users routinely launch unverified programs and forego virus detection. The illicit nature of the transaction forces users to rely almost entirely on the reputation of websites, uploaders, and other users to determine if a file is safe to download. In spite of this, stakeholders continue to push for ineffectual anti-infringement actions that destroy this reputational infrastructure. Scholars and policymakers have not made a case for utility by considering only first-stage economic incentives to create content. In addition to the economic consequences, malware must be taken seriously as a threat to infrastructure and national security, especially in light of Russia’s efforts to infect machines to influence and delegitimize elections. Accordingly, this Article proposes that we adopt a harm reduction philosophy that both dissuades piracy and decreases the malware risk attendant to ongoing piracy

Healthcare is the most breached industry : how do we change that?

Healthcare is the most breached industry in the United States. Health records are now fetching more money on the black market than credit card numbers. Threats to Healthcare data security come from criminal hackers, hacktivists, state-sponsored hackers, malicious employees with perhaps the greatest threat coming from accidental or negligent disclosure by employees. Most information security related investments are driven by the need to meet Health Insurance Portability and Accountability Act (HIPAA) requirements. Typically, these investments are characterized by heavy reliance on technology, outsourcing security activities, and risk transfer (Cyber Liability Policy). As a result of this compliance focused security spending, little headway is made in reducing the number of breaches in healthcare. Two important weaknesses that will continue to inhibit progress in protecting health information are: the industry lacks a culture of security, and there is a lack of strong leadership among those tasked with overseeing information security.Informatio

Smart techniques and tools to detect Steganography - a viable practice to Security Office Department

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Information Systems and Technologies ManagementInternet is today a commodity and a way for being connect to the world. It is through Internet is where most of the information is shared and where people run their businesses. However, there are some people that make a malicious use of it. Cyberattacks have been increasing all over the recent years, targeting people and organizations, looking to perform illegal actions. Cyber criminals are always looking for new ways to deliver malware to victims to launch an attack. Millions of users share images and photos on their social networks and generally users find them safe to use. Contrary to what most people think, images can contain a malicious payload and perform harmful actions. Steganography is the technique of hiding data, which, combined with media files, can be used to place malicious code. This problem, leveraged by the continuous media file sharing through massive use of digital platforms, may become a worldwide threat in malicious content sharing. Like phishing, people and organizations must be trained to suspect about inappropriate content and implement the proper set of actions to reduce probability of infections when accessing files supposed to be inoffensive. The aim of this study will try to help people and organizations by trying to set a toolbox where it can be possible to get some tools and techniques to assist in dealing with this kind of situations. A theoretical overview will be performed over other concepts such as Steganalysis, touching also Deep Learning and in Machine Learning to assess which is the range of its applicability in find solutions in detection and facing these situations. In addition, understanding the current main technologies, architectures and users’ hurdles will play an important role in designing and developing the proposed toolbox artifact

Cybersecurity in social networks

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Knowledge Management and Business IntelligenceIn recent years, the use of social networks has been increasing substantially. As we know, platforms such as Facebook, Twitter, Google +, Pinterest, LinkedIn or Instagram allow millions of individuals to create online profiles and share personal information with several friends through social networks – and, often, it’s possible to do the same with a large amount of strangers. By itself, social networks should not be considered a cyber threat. However, there are several issues related to maintaining the user’s data security and privacy, especially when they upload personal information, photos and / or videos. The large majority of users ignores the security best practices, which sometimes facilitates the hackers’ attacks. The main goal of this research is to understand patterns of information that are revealed on online social networks and their privacy implications. The goal is to map people behaviour on social networks and understand if they care about the security of their data exposed on the Internet. This research also aims to understand the impact of cybersecurity in social networks and a comparison of which social network is most concerned with the exposure of its user. It will be also addressed the current defence solutions that can protect social network users from these kinds of threats

Security Posture: A Systematic Review of Cyber Threats and Proactive Security

In the last decade, several high-profile cyber threats have occurred with global impact and devastating consequences. The tools, techniques, and procedures used to prevent cyber threats from occurring fall under the category of proactive security. Proactive security methodologies, however, vary among professionals where differing tactics have proved situationally effective. To determine the most effective tactics for preventing exploitation of vulnerabilities, the author examines the attack vector of three incidents from the last five years in a systematic review format: the WannaCry incident, the 2020 SolarWinds SUNBURST exploit, and the recently discovered Log4j vulnerability. From the three cases and existing literature, the author determined that inventory management, auditing, and patching are essential proactive security measures which may have prevented the incidents altogether. Then, the author discusses obstacles inherent to these solutions, such as time, talent, and resource restrictions, and proposes the use of user-friendly, open-source tools as a solution. The author intends through this research to improve the security posture of the Internet by encouraging further research into proactive cyber threat intelligence measures and motivating business executives to prioritize cybersecurity