User-profile-based analytics for detecting cloud security breaches

While the growth of cloud-based technologies has benefited the society tremendously, it has also increased the surface area for cyber attacks. Given that cloud services are prevalent today, it is critical to devise systems that detect intrusions. One form of security breach in the cloud is when cyber-criminals compromise Virtual Machines (VMs) of unwitting users and, then, utilize user resources to run time-consuming, malicious, or illegal applications for their own benefit. This work proposes a method to detect unusual resource usage trends and alert the user and the administrator in real time. We experiment with three categories of methods: simple statistical techniques, unsupervised classification, and regression. So far, our approach successfully detects anomalous resource usage when experimenting with typical trends synthesized from published real-world web server logs and cluster traces. We observe the best results with unsupervised classification, which gives an average F1-score of 0.83 for web server logs and 0.95 for the cluster traces

Master of sheets: A tale of compromised cloud documents

As of 2014, a fifth of EU citizens relied on cloud accounts to store their documents according to a Eurostat report. Although useful, there are downsides to the use of cloud documents. They often accumulate sensitive information over time, including financial information. This makes them attractive targets to cybercriminals. To understand what happens to compromised cloud documents that contain financial information, we set up 100 fake payroll sheets comprising 1000 fake records of fictional individuals. We populated the sheets with traditional bank payment information, cryptocurrency details, and payment URLs. To lure cybercriminals and other visitors into visiting the sheets, we leaked links pointing to the sheets via paste sites. We collected data from the sheets for a month, during which we observed 235 accesses across 98 sheets. Two sheets were not opened. We also recorded 38 modifications in 7 sheets. We present detailed measurements and analysis of accesses, modifications, edits, and devices that visited payment URLs in the sheets. Contrary to our expectations, bank payment URLs received many more clicks than cryptocurrency payment URLs despite the popularity of cryptocurrencies and emerging blockchain technologies. On the other hand, sheets that contained cryptocurrency details recorded more modifications than sheets that contained traditional banking information. In summary, we present a comprehensive picture of what happens to compromised cloud spreadsheets.Accepted manuscrip

Impact and key challenges of insider threats on organizations and critical businesses

The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed

The Analysis of Data Tampering and Forensics in a Cloud Environment

In cloud systems, where sensitive data is stored and processed remotely, data manipulation is a serious security problem. The issues of data tampering in cloud environments are explored in this research, along with the importance of forensic investigation in reducing its effects. We explore several data tampering techniques and illustrate the need for strong security measures to guard against unlawful behavior. This paper also covers forensic analysis methods, tools, and techniques that are crucial in locating, analyzing, and minimizing data tampering instances in cloud systems. The security posture associated with cloud infrastructures can be greatly improved by integrating cutting-edge forensic procedures, ensuring data integrity, confidentiality, and overall system dependability

The Future of Cybercrime: AI and Emerging Technologies Are Creating a Cybercrime Tsunami

This paper reviews the impact of AI and emerging technologies on the future of cybercrime and the necessary strategies to combat it effectively. Society faces a pressing challenge as cybercrime proliferates through AI and emerging technologies. At the same time, law enforcement and regulators struggle to keep it up. Our primary challenge is raising awareness as cybercrime operates within a distinct criminal ecosystem. We explore the hijacking of emerging technologies by criminals (CrimeTech) and their use in illicit activities, along with the tools and processes (InfoSec) to protect against future cybercrime. We also explore the role of AI and emerging technologies (DeepTech) in supporting law enforcement, regulation, and legal services (LawTech)

Cybersecurity of Online Proctoring Systems

The online proctored examinations are adopted exceedingly in all forms of academic education and professional training. AI with Machine Learning technology take the leading role in supporting authentication, authorization, and operational control of proctored online examination. The paper discusses how administrative, physical, and technical controls can help mitigate related cybersecurity vulnerabilities of online proctoring systems (OPS). The paper considers two classes of OPS: fully automated AI-enabled systems and hybrid systems (automated AI-enabled with an expert live proctor in control). Based on the review of 20 online proctoring systems, the paper discusses methods and techniques of multi-factor authentication and authorizations, including the use of challenge-response, biometrics (face and voice recognition), and blockchain technology. The discussion of operational controls includes the use of lockdown browsers, webcam detection of behavioral signs of fraud, endpoint security, VPN and VM, screen-sharing and keyboard listening programs, technical controls to mitigate the absence of spatial (physical area) controls, compliance with regulations (GDPR), etc. Other topics discussed include confidentiality of the exam content, logging of control data, video and sound recording for auditing, limitations of endpoint-based security protection and detection techniques of behavior-based cheating and the effect of new intrusive technology on students’ privacy. In conclusion, the paper lists advanced features of online proctoring systems