ABSTRACT
The world is recovering from Covid-19, and along with that it has brought the zeal to use the digital media, concepts like work from home, connecting the whole world using applications and social media. However, with good things follow bad and we observe a lot of people being affected by social engineering attack via multiple means be it as elementary as an unfamiliar person calling us to ask us about our day or complicated and puzzling as someone acting like the victim's senior. In some cases, people are aware of the process but are unaware of the terms they are victimized with others do not know many kinds of social engineering attacks. Therefore, it is imperative for an organization and an individual that they are aware of how Social Engineering is carried out. In this paper, we represent the survey filled by more than 100 people from diverse age groups and work profiles seeking their views on the attack and knowledge about social engineering. © 2022 IEEE.
ABSTRACT
COVID-19 epidemic has changed many people's life. There has been an increase in cybercrime and cyber-attacks on infrastructure systems throughout the world. To reduce the impact of social alienation, a significant rise has been observed in the utilization and dependence on computers, handheld devices, and web to perform day-to-day activities like communication, work, online transactions for shopping, and medical diagnostics throughout the pandemic. Criminals were able to take advantage of new weaknesses generated because of movement of the work place to home for their own individual advantage. In a postpandemic world, ab roader and diverse cyber security approach is required to assure the well-being and continuation of crucial systems on which our mankind depends. This research work shows the preliminary design of the proposed solution, which is built based on the concept of Artificial Intelligence (AI) enabled self-replication system. © 2023 IEEE.
ABSTRACT
Cybercrime is a growing concern, particularly in this COVID-19 era. The COVID-19 outbreak has shown the significant impact potential of such crises on our daily lives worldwide. Phishing is a social engineering crime that can cause financial and reputational damages such as data loss, personal identity theft, money loss, financial account credential theft, etc., to people and organizations. In the recent outbreak of the COVID-19 pandemic, many companies and organizations have changed their working conditions, moved to an online environment workspace, and implemented the Work From Home (WFH) business model that increases the phishing attacks vectors and risk of breaching internal data. In this paper, we have extracted nine efficient features from the URLs and applied seven different Machine Learning algorithms to recognize phishing URLs. Machine learning algorithms are often used to detect phishing attacks more accurately before affecting users. The obtained result concludes that the Random Forest model provides the best and highest accuracy of 95.2%. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
For a long time, optimization has been part of our lives and the most recent literature shows a tremendous increase of the number of articles using Revolutionary algorithms in particular Firefly algorithm (FA) and Genetic algorithm. This tendency can be observed nearly in all areas of Computer Sciences and Engineering domain. Some of them are hybridized with other techniques to discover better performance. In addition, literatures found that most of the cases that used (FA) and (GA) techniques have outperformed compare to other metaheuristic algorithms. And because of the extraordinary impact of the COVID-19 pandemic on society and business as a whole, the pandemic generated an increase in the number and range of cybercriminal attacks due to the extensive use of computer networks. As result, new risks have arisen, and improving the speed and accuracy of security mechanisms has become a critical need. The aim of this article is to give the main mechanisme of those approachs and their application alone and hybrided to solve cybercrime problems. © 2022 IEEE.
ABSTRACT
SIM swapping is a novel criminal modus operandi which uses copied SIM cards for the purpose of taking over a mobile service subscription and thereby accessing sensitive personal and financial data. Authorities around the world have reported a surge in SIM Swapping crimes, mainly driven by criminals taking advantage of the increasingly virtual lifestyle precipitated by the COVID-19 pandemic. This study examines related cases around the world, and categorizes them according to their specific modi operandi, as well as the initial responses of national authorities to this emerging crime. By analyzing the dynamics of this new crime trend, this study aims to propose preemptive and preventative measures to address this new threat. Research has identified three main steps in SIM Swapping crime: 1) personal data theft, 2) fraudulent copying of SIM card, and 3) exploitation of falsely-obtained mobile service for perpetration. Research has also found that the subscriber authentication procedure involved in replacing a SIM card is vulnerable to identity theft, especially in jurisdictions which have implemented eSIM. Therefore, it will be upon governments to enforce a stronger user authentication and information security regime for mobile carriers, introduce an online payment system devised with a data-sharing mechanism connecting mobile carriers and financial services, and raise public awareness on SIM Swapping and information security in general. © 2022 IEEE.
ABSTRACT
In this digital era of online processing, most information is accessible electronically and is prone to cyber threats. There is a vast range of cyber threats whose behavior is hard to understand in the early phases. These attacks may have some motivation behind them that have significant societal impacts in the form of economic damage, psychological disturbance, a threat to national security, and so on. With the worldwide spread of COVID-19, India experienced an astonishing 86% rise in cybercrimes. Nowadays, cybercrime has become an attractive strategy for hackers to create chaos and disruption. This paper is based on the quantitative analysis of cybercrime in India and its impacts on society, with preventive measures to handle them. In our study, we found that digital related offenses and online frauds are drastically increasing in India during COVID-19 pandemic. As a result, awareness campaigns and security solutions are needed to prevent or mitigate them. © 2022 IEEE.
ABSTRACT
Due to the onset of the Covid-19 pandemic, people are compelled to maintain social distance in all spheres of life, forcing people to adopt virtual mode of activity. Usage of social media and other internet activity has shot up in this period, and consequently, cybercrimes have also increased. If cybercrimes are reported, computer forensics analysts will examine the concerned website, online forum, or social media to find meticulous details about the cybercrime. But webpage content seen on the day may not be available on the next day. The contents of the webpage, which is the subject of crime, will be deleted or withdrawn, or deactivated to destroy evidence to escape from legal proceedings. The victims usually produce a screenshot of the webpage or image or video as a piece of evidence. But there is a distinct possibility of manipulating the offensive materials and it may not be considered a valid piece of evidence before the court of law. Such a scenario requires a forensic technique that should acquire the content of the webpage before it is removed from web site to maintain the authenticity of captured data. So, we are proposing an automated system for the forensic acquisition of a website that will effectively capture all content from the live website and make it useful for forensic investigation and may be produced before the court as valid evidence of cybercrime. © 2022 IEEE.
ABSTRACT
Times of crisis have long been combined with an increase in cybercrime, exploiting the general instability;therefore, in such times, systems and infrastructures face greater exposure to vulnerabilities. On top of that, the COVID-19 crisis has increased our reliance on the internet, while working-from-home has been the daily reality for a large proportion of the population worldwide. Increased cyber-security awareness becomes a necessity for everyone, starting from a more knowledgeable audience;IT professionals, and software engineers. In this context, this paper aims to assess the cyber-security culture readiness of representatives studying or working within a European Polytechnique Academic Institution, during the COVID-19 crisis. Towards that end, a targeted evaluation campaign was launched for two weeks, from 28th February 2022 to 13th March 2022. The campaign consisted of four questionnaires of increased difficulty and a phishing quiz, all assessing the security culture of the participants against three dimensions;their security attitude, their competency, and their actual behavior. The campaign results have been thoroughly analyzed, and the findings were unforeseen in many cases, supporting the identification of security awareness weaknesses and assisting in drafting targeted, customized training programs. © 2022 ACM.
ABSTRACT
Blockchains emerged in the past decade with applications across a myriad of domains, however this nascent field has so far been commonly associated with cryptocurrencies. The secure and decentralized nature of blockchains offers benefits across a wide range of industries, including healthcare which remains the largest focus of cyber crimes today. In this work, we demonstrate a Blockchain implementation as a proof of concept for the storage of electronic Protected Health Information (ePHI) related to the COVID-19 pandemic. We use two Amazon Managed Blockchain services, Hyperledger Fabric and Ethereum, to store medical data in Amazon Web Services (AWS). While the two frameworks provide a secure resource for medical data, depending on the chosen implementation, the cost can grow quickly based on the number of requests, which may make them prohibitive for applications such as COVID-19 vaccine passports. copy;2022 IEEE. © 2022 IEEE.
ABSTRACT
This study aims to analyze the importance of strengthening legal concepts in overcoming cybercrime during the Covid-19 pandemic in Indonesia. The Covid-19 pandemic that hit Indonesia made some people lose many things in various aspects of their lives due to multiple types of cybercrimes that often occur in society, such as malware attacks, trojan activities, and information leaks. The Electronic Information and Transactions Law (ITE) Number 11 of 2008 and the revised version of the ITE Law Number 19 of 2016 have historically been the legal basis for regulating cyber security in Indonesia. However, this regulation does not include essential parts of cybersecurity such as information and network infrastructure and human resources with cybersecurity experience. Thus, it is necessary to know how important it is to strengthen legal concepts in overcoming cybercrime during the Covid-19 pandemic in Indonesia. This study uses a qualitative approach. The data sources are from various online news media and relevant research journals and analyzed using the NVivo12 Plus application. Based on the results of the analysis, this study found that the acceleration of the ratification of the Personal Data Protection Bill, the establishment of special regulations related to cybersecurity and cybercrime, the creation of a multi-sectoral cyber security management ecosystem, as well as increasing awareness and capacity of human resources in the cyber security sector are alternative policies that must be considered and realized to strengthen the concept of law in overcoming various cyber crimes during the Covid-19 pandemic in Indonesia. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
Large-scale dark web marketplaces have been around for more than a decade. So far, academic research has mainly focused on drug and hacking-related offers. However, data markets remain understudied, especially given their volatile nature and distinct characteristics based on shifting iterations. In this paper, we perform a large-scale study on dark web data markets. We first characterize data markets by using an innovative theoretical legal taxonomy based on the Council of Europe’s Cybercrime Convention and its implementation in Dutch law. The recent Covid-19 pandemic showed that cybercrime has become more prevalent with the increase of digitalization in society. In this context, important questions arise regarding how cybercrime harms are determined, measured, and prioritized. We propose a determination of harm based on criminal law qualifications and sanctions. We also address the empirical question of what the economic activity on data markets looks like nowadays by performing a comprehensive measurement of digital goods based on an original dataset scraped from twelve marketplaces consisting of approximately 28,000 offers from 642 vendors. The resulting analysis combines insights from the theoretical legal framework and the results of the measurement study. To our knowledge, this is the first study to combine these two elements systematically. © 2022, IFIP International Federation for Information Processing.
ABSTRACT
The recent wave of the global Covid-19 pandemic has led to a surge in text-based non-technical cybercrime attacks within the cyber ecosystem. Information about such cyber-attacks is often in unstructured text data and metadata, a rich source of evidence in a digital forensic investigation. However, such information is usually unavailable during a digital forensic investigation when dealing with the public cloud post-incident. Furthermore, digital investigators are challenged with extracting meaningful semantic content from the raw syntactic and unstructured data. It is partly due to the lack of a structured process for forensic data pre-processing when or if such information is identified. Thus, this study seeks to address the lack of a procedure or technique to extract semantic meaning from text data of a cybercrime attack that could be used as a digital forensic readiness semantics trigger in a cybercrime detection process. For the methodology to address the proposed approach, data science modelling and unsupervised machine learning are used to design a strategy. This method process extracts tokens of cybercrime text data, which are further used to develop an intelligent DFR semantic tool extractor based on natural language patterns from cybercrime text data. The proposed DFR cybercrime semantic trigger process when implemented could be used to create a digital forensic cybercrime language API for all digital forensic investigation systems or tools. © 2022, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.
ABSTRACT
The National Institute of Standards and Technology (NIST) published the NIST Framework for Improving Critical Infrastructure Cybersecurity of 2014, followed by an updated version in 2017. The Framework, which was developed as a joint effort between the U.S. Federal Government and the private sector, serves only as a guideline and is not mandated by any legal authority. Currently, adoption of the Framework is voluntary. The Financial Sector, one of sixteen Department of Homeland Security critical infrastructure sectors, should be incentivized to adopt the framework, based on inconsistency and accountability of best practices implementation across the sector. Global cyber attack opportunists used the 2020 COVID-19 pandemic to exploit cybersecurity vulnerabilities and gaps in the U.S. Financial Sector. The NIST Cybersecurity Framework provides guidelines for strengthening cybersecurity and identifies areas of potential cyber attack impacts. This paper is a summary of the author's published 2021 doctoral dissertation, which includes research and analysis of reported Financial Sector risks, failures and impacts due to weak or lack of cybersecurity controls. The study also provides analysis of success stories of Financial Sector and other entities which have adopted the NIST Cybersecurity Framework. Dr. Goodwin is a Senior Member of IEEE. © 2022 IEEE.
ABSTRACT
The Internet as a whole is a large network of interconnected computer networks and their supporting infrastructure which is divided into 3 parts. The web is a list of websites that can be accessed using search engines like Google, Firefox, and others, this is called as Surface Web. The Internet's layers stretch well beyond the surface material that many people can quickly reach in their everyday searches. The Deep Web material, which cannot be indexed by regular search engines like Google, is a subset of the internet. The Dark Web, which extends to the deepest reaches of the Deep Web, contains data that has been purposefully hidden. Tor may be used to access the dark web. Tor employs a network of volunteer devices to route users' web traffic via a succession of other users' computers, making it impossible to track it back to the source. We will analyze and include results about the Dark Web's presence in various spheres of society in this paper. Further we take dive into about the Tor metrics how the relay list is revised after users are determined based on client requests for directories (using TOR metrics). Other way we can estimate the number of users in anonymous networks. This analysis discusses the purposes for which it is frequently used, with a focus on cybercrime, as well as how law enforcement plays the adversary position. The analysis discusses these secret Dark Web markets, what services they provide, and the events that take place there such as cybercrime, illegal money transfers, sensitive communication etc. Before knowing anything about Dark Web, how a rookie can make mistake of letting any threat or malware into his system. This problem can be tackled by knowing whether to use Windows, or any other OS, or any other service like VPN to enter Dark world. The paper also goes into the agenda of how much of illegal community is involved from India in these markets and what impact does COVID-19 had on Dark Web markets. Our analysis is carried out by searching scholarly journal databases for current literature. By acting as a reference guide and presenting a research agenda, it contributes to the field of the dark web in an efficient way. This paper is totally built for study purposes and precautionary measures for accessing Dark Web. © 2022 IEEE.
ABSTRACT
This paper has discussed cybersecurity threats and their mitigation of measures to be taken in the healthcare sector. Due to the corona pandemic, the cases of cybersecurity hiked up, bringing havoc to online operators. As many governments were busy combating the pandemic, cybercriminals took advantage primarily to attack healthcare systems globally. Furthermore, the healthcare sector has been prone to attacks due to its vulnerability. It has faced challenges in keeping patient's data confidential, thus making its ng its accessibility easy by attackers. As a result, this paper has highlighted the appropriate measures to be taken by the health care sector in terms of hospital system infrastructures and safety. The paper has also discussed the common cybersecurity threats to the health sector via diverse methodologies as studied in the literature review of this paper. © 2022 IEEE.
ABSTRACT
As more activities are moving to digital platforms in the age of COVID-19 pandemic, cyber security becomes an increasingly critical issue. Thus, understanding how the recent pandemic has changed the Singapore cyber security landscape gains importance in unearthing potential weaknesses present in the infrastructure, which unfortunately is very challenging. In this paper, we propose, LionKeeper, an automated system for discovering the cyber security dynamics timely in Lion City - Singapore through social media data analytics. In particular, considering that the social media platforms like news websites provide immediate reports on local and global cybercrime incidents, in our system, we first crawl all the news articles from mainstream news sources such as CNA and Strait Times. Then, we analyze these news articles to identify those related to cybercrimes, the date and the location of cybercrime incidents, and employ a scoring system to detect the cyber security attack types and their significance. Additionally, based on the extracted information, we perform various analyses to generate meaningful insights for users to understand the cyber attack landscape dynamics before and during the COVID-19 pandemic automatically and intelligently. To the best of our knowledge, this is the first automated solution to understand the Singapore cyber landscape via social media analytics. © 2021 IEEE.
ABSTRACT
The onset of the COVID-19 pandemic has given rise to an increase in cyberattacks and cybercrime, particularly with respect to phishing attempts. Cybercrime associated with phishing emails can significantly impact victims, who may be subjected to monetary loss and identity theft. Existing anti-phishing tools do not always catch all phishing emails, leaving the user to decide the legitimacy of an email. The ability of machine learning technology to identify reoccurring patterns yet cope with overall changes complements the nature of anti-phishing techniques, as phishing attacks may vary in wording but often follow similar patterns. This paper presents a browser extension called MailTrout, which incorporates machine learning within a usable security tool to assist users in detecting phishing emails. MailTrout demonstrated high levels of accuracy when detecting phishing emails and high levels of usability for end-users. © Boyle et al. Published by BCS Learning and Development Ltd.
ABSTRACT
Building a project starts with innovation and idea but funding is a part that decides the evolution of the project from idea to product. During the last decade funding campaign and project via crowdfunding has become a common theme. With the COVID situation, it has become a necessity for NGOs, campaigns, projects, start-ups to consider the concept of crowdfunding and build seed funds through it, therefore organizations are trying to create a safe, secure, and fraud-proof gateway for people to get funds and as well as provide funds, which is hard in the current time of pandemic and technical advancements. It has become quite easy to fall into a trap and lose your hard-earned funds with cybercrimes as identity fraud, theft of financial data, and internet fraud. This work is an attempt to create a secure, efficient, and viable tool for crowdfunding. The solution proposed has Blockchain integrated to build trust among the funders and those raising these funds, with its characteristics as decentralized, irrefutable, distributed ledgers, consensus, and faster settlement. The proposed model has been built on the smart contract protocol, created for crowdfunding transactions, campaigns for the proposed model was implemented on remix ide, this will create a campaign for those in need of funds and for donors to donate funds to these campaigns. The campaign master has the right to reject or accept requests thus creating fraud and a tamper-proof environment. The model has been subjected to positive negative unit and integration tests on mocha, the efficiency of the model obtained is at par with existing solutions with an added edge on security via smart contract protocols. © 2021 IEEE.
ABSTRACT
Purpose: The teenager community is the most affected community by cybercrime in the COVID-19 era. Increasing social networks and facilitating teenager access to the Internet have increased the probability of cybercrimes. On the other hand, entertainment such as mobile and computer games is top-rated among teenagers. Teenagers' tendency to cybercrime may be influenced by individual, parent, social, economic and political factors. Studying the impact of social networks, mobile games and parents' religious attitudes on teenagers' tendency to cybercrimes in the COVID-19 era is the primary goal of this paper. Design/methodology/approach: The outbreak of COVID-19 caused a considerable change in the world and the lifestyle of all people. Information and Communication Technology (ICT) was also affected by the special conditions of this virus. Changes in ICT and rapid access to it have empowered individuals and organizations, and people have increased civic participation and interaction through ICT. However, the outbreak of COVID-19 has created new challenges for the government and citizens and may cause new crimes. Cybercrime is a type of crime that occurs in a cyber environment. These crimes range from invasions of privacy to crimes in which the offender vaguely paralyzes the macroeconomic. In this research, 265 students of high schools and universities are used for collecting data by utilizing a survey. Measuring actions have been done in all surveys employing a Likert scale. The causal pattern is assessed through a constructional equation modeling procedure to study the scheme's validity and reliability. Findings: The outcomes have indicated that social networks have no significant relationship with teenagers' tendency to cybercrimes in the COVID-19 era. Mobile games have a mild effect on teenagers' tendency to cybercrimes in the COVID-19 era, and parents' religious attitudes significantly impact teenagers' tendency to cybercrimes in the COVID-19 era. Research limitations/implications: Current research also has some restrictions that must be noticed in assessing the outcomes. First, sample research was selected from high schools and universities in one city. So, the size of the model is small, and the generalization of results is limited. Second, this research may have ignored other variables that affect the tendency of teenagers' to cybercrime. Future researchers intend to investigate the parents' upbringing system's impact on teenager's trend to cybercrime in the COVID-19 era. Future research can also examine practical factors such as parental upbringing, attitudes toward technology development and virtual addiction in the COVID-19 era. Originality/value: In this study, teenagers' tendency to cybercrimes in the COVID-19 era is investigated, and a procedure is applied depending on a practical occasion. This article's offered sample provides a perfect framework for influencing parents' social networks, mobile games and religious attitudes on teenagers' tendency to cybercrimes in the COVID-19 era. © 2021, Emerald Publishing Limited.