ABSTRACT
Covid pandemic brought a significant change in the way people learn, entertain, interact and conduct business. With people working and socializing remotely, social media usage skyrocketed and provided a fertile ground to cybercriminals to exploit the platforms and its users. This paper will explore the rising trend of cybercrime on social media, including specific types of cybercrime such as phishing scams, impersonation and misinformation. The paper will also discuss about the parties mostly affected by cybercrimes. Additionally, the paper will delve into the impact of increase in cybercrime on digital marketing, including the challenges faced by businesses. Overall the paper aims to provide a comprehensive overview of the current state of cybercrime media during the covid pandemic and how it is impacting the overall society and digital markets all together.
ABSTRACT
Given that cyber security underwrites public trust in digital services and technologies, the new cyber strategy sets out a vision for reducing the cyber security risk to health and social care organizations across the Department of Health and Social Care (DHSC), National Health Service (NHS) organizations, local authorities, independent social care providers, and suppliers-which includes pharmaceutical manufacturers. [...]attacks can cause a complete loss of access to clinical and administrative information technology (IT) systems, resulting in significant disruption in day-to-day operations. According to the NCSC, ransomware attacks are increasingly seen to include data theft and extortion with a threat of data leaks (3). According to the UK government's recently published policy paper outlining the new cyber security strategy, "all these threats pose risk not just to patient and staff safety, but also to public trust in a health and social care system that can and must safeguard people's data" (2).
ABSTRACT
Maritime security is facing many challenges due to war conflicts, geopolitics, sanctions, and pandemics. The supply chain for maritime containers has faced considerable obstacles as a result of the COVID-19 pandemic. Numerous factors, such as port closures, travel restrictions, and a decreased workforce, have impacted the supply chain. The risk of cargo theft, piracy, and other security events has increased as a result of these difficulties. Therefore, it is essential to look at the risk variables that may affect the security of the marine container supply chain during the pandemic. This research paper highlights those risks through the following three indexes: the likelihood index (LI), severity index (SI), and average risk index (ARI) by analyzing 64 risk factors that were prepared and designed by incorporating the Delphi expert survey technique to prepare a systematic questionnaire. The article addresses worries over the COVID-19 pandemic's effects on international supply networks. The causes of the most recent global shipping industry disruptions and their impact on supply chains have been thoroughly examined. In order to reduce the number of disruptions in global supply chains and lower the direct and indirect costs for consumers, the authors have also mentioned the necessary actions that must be implemented. The results concluded after the analysis pointed to "management activities,” such as human resources or the working environment as having the highest possibility of going wrong, whereas "operation activities” were judged to likely be the fatal ones if the security of maritime containers was ever compromised. The main objective of the study is to evaluate how the COVID-19 epidemic may affect international shipping, particularly container shipping, which is currently the most important link in the world's multimodal land–sea supply chains.
ABSTRACT
This research provides information related to the use of data analytic tools for preventing and detecting COVID-19 pandemic frauds. The IRS-CI (Internal Revenue Service - Criminal Investigation) Agency continues to conduct investigations involving billions with these frauds. With the data analytic tools, people can be stopped from fraudulently taking advantage the government during critical life or death times.
ABSTRACT
As social media use increases, the number of users has risen also. This has increased the volume of data carried over the network, making it more important to secure users' data and privacy from threats. As users are unaware of hackers, social media's security flaws and new forms of attack will persist. Intrusion detection systems, therefore, are vital to identifying intrusion risks. This paper examines a variety of intrusion detection techniques used to detect cyberattacks on social media networks. The paper provides a summary of the prevalent attacks on social media networks, such as phishing, fake profiles, account compromise, and cyberbullying. Then, the most prevalent techniques for classifying network traffic, including statistical and artificial intelligence (AI) techniques, are addressed. The literature also demonstrates that because AI can manage vast, scalable networks, AI-based IDSs are more effective at classifying network traffic and detecting intrusions in complex social media networks. However, AI-based IDSs exhibit high computational and space complexities;therefore, despite their remarkable performance, they are more suitable for high computing power systems. Hybrid IDSs, utilizing statistical feature selection and shallow neural networks, may provide a compromise between computational requirements and efficiency. This investigation shows that accuracies of statistical techniques range from 90% to 97.5%. In contrast, AI and ML technique detection accuracy ranges from 78% to 99.95%. Similarly, swarm and evolutionary techniques achieved from 84% to 99.95% and deep learning-based detection techniques achieved from 45% to more than 99% detection rates. Convolutional neural network deep learning systems outperformed other methods due to their ability to automatically craft the features that would classify the network traffic with high accuracy.
ABSTRACT
The recent covid-19 pandemic created a barrier to every activity that needed physical interaction and involvement, especially in the judiciary. Careful research of some courts in Nigeria shown that case records are still been manually processed and stored and some courts operate a semi-digital and semi-manual processing pattern, which also has its own shortcoming of preprocessing manual records and converting them into digital records and physical presence is required to access court records. This research develops a secure electronic Cybercrime Cases Database System (eCCDBS), for prosecuted cybercrime in the judicial service in Nigeria. The system will provide an efficient method for collecting, retrieving, preserving, and management of court case records. The Rapid Application Development (RAD) methodology is used for the system development, because of its speed and time friendliness and can be easily restructured to meet the client's requirement at any point in time during the development life span. RAD can also present a prototype of the final system software to the client. Access control mechanism and secure password hashing were used to ensure the security of the system. The system was implemented and evaluated through deployment and found to have functioned according to the specification. The application subunits of records' creation, submission, modification, deletion, retrieval, and storage functioned effectively. Hence this system provides a secure online repository specifically for cybercrime case records that have elements of confidentiality, integrity and availability.
ABSTRACT
In the post pandemic era, the telecommuting of business employees has widely become acceptable in organizations, which demands extensive dependence on digital technologies. In addition, this poses additional security threats for business employees as well as organizations. In order to better respond to security threats, business employees must have a higher level of awareness of the potential threats that are relevant to digital infrastructure used within the workplace. In this paper, we present a quantitative study conducted in line with the theory of planned behavior to gain insight into employee behavior toward information security within different business sectors in Saudi Arabia. The key factors chosen for our model were password management, infrastructure security management, email management, organizational security policy, organizational support and training, and the perception of the level of security. We have applied structured equation modelling to identify most of the relevant factors based on the respondents' feedback. The results based on the business employee behavior showed that they respondents did not perceive all of the constructs of our model as relevant security factors, which can potentially result in security lapses. This indicates that more security-related measures should be put in place and that business employees should be updated periodically about potential security threats. To this effect, we divided the studied security measures into those which should be implemented at organizational and individual levels. The results will potentially help business managers to design appropriate security trainings, guidelines, and policies for their employees to ensure more information security awareness and protect their technological infrastructure, especially within home office environments.
ABSTRACT
La COVID-19 afectó a millones de personas y organizaciones de todos los sectores y clases sociales, coadyuvando a que proliferen riesgos sociales, económicos, tecnológicos y financieros, incrementándose en el ámbito organizacional el ciberdelito y el fraude financiero. Estas actividades ilícitas tomaron protagonismo debido a la adopción de medios digitales que las organizaciones utilizaron para poder continuar con sus operaciones. Por ello, el objetivo de esta investigación fue evaluar la percepción del ciberdelito y del fraude financiero en organizaciones del sector público y privado ecuatoriano en la COVID-19. Para esto, se realizó un estudio de tipo descriptivo, bajo un enfoque cuantitativo de corte transversal, utilizando el estadístico chi-cuadrado como medio de asociación de las variables. Los resultados demostraron que la manipulación de datos económicos y estafas fue el principal ciberdelito incurrido durante la pandemia, siendo el fraude a los estados financieros el mayor esquema ejecutado por los perpetradores. Se identificaron a las funciones de control interno y auditoría interna como las principales líneas de prevención y aseguramiento frente a estas actividades criminales.Alternate :COVID-19 affected millions of people and organizations from all sectors and social classes, contributing to the proliferation of social, economic, technological and financial risks, increasing cybercrime and financial fraud in the business field. These illicit activities took leadership due to the adoption of digital media that the organizations used to be able to continue their operations. Therefore, the goal of this research was to evaluate the perception of cybercrime and financial fraud in Ecuadorian public and private sector organizations in COVID-19. For this, a descriptive study was carried out, under a cross-sectional quantitative approach, using the chi-square statistic as a means of association of the variables. The results showed that the manipulation of economic data and fraud was the main cybercrime incurred during the pandemic, with financial statement fraud being the largest scheme executed by the perpetrators. The internal control and internal audit functions were identified as the main lines of prevention and assurance against these criminal activities.
ABSTRACT
COVID-19 pandemic has changed the lifestyle of all aspects of life. These circumstances have created new patterns in lifestyle that people had to deal with. As such, full and direct dependence on the use of the unsafe Internet network in running all aspects of life. As example, many organizations started officially working through the Internet, students moved to e-education, online shopping increased, and more. These conditions have created a fertile environment for cybercriminals to grow their activity and exploit the pressures that affected human psychology to increase their attack success. The purpose of this paper is to analyze the data collected from global online fraud and cybersecurity service companies to demonstrate on how cybercrimes increased during the COVID-19 epidemic. The significance and value of this research is to highlight by evident on how criminals exploit crisis, and for the need to develop strategies and to enhance user awareness for better detection and prevention of future cybercrimes.
ABSTRACT
PurposeStock price reactions have often been used to evaluate the cost of data breaches in the current information systems (IS) security literature. To further this line of research, this study examines the impact of data breaches on stock returns, information asymmetry and unsystematic firm risk in the context of COVID-19.Design/methodology/approachThis paper employs an event study methodology and examines data breach events released in public databases, spanning pre- and post-COVID settings. This study investigated 283 data breaches of the US publicly traded firms, and the economic cost was measured by cumulative abnormal returns (CARs), trading volume, bid-ask spread and unsystematic risk.FindingsThe authors observe that data breaches during the COVID pandemic make investors react more negatively to data breach announcements, as reflected in the significantly negative difference in CARs between breached firms before COVID and those after COVID. The findings also indicate that, after the disclosure of data breach incidents, information asymmetry is reduced to a lesser extent compared with that in the pre-COVID setting. The authors also find that data breach events lead to an increase in the unsystematic risk of breached companies in the pre-COVID era but no change in the post-COVID era.Originality/valueThis study is the first effort to examine the economic consequences of data breaches by investigating the effects in the form of trading activities and risk measurement in the COVID setting.
ABSTRACT
PurposeThis paper aims to investigate the potential challenges that governments in the Commonwealth Caribbean are likely to face combating crimes facilitated by the dark Web.Design/methodology/approachThe "lived experience” methodology guided by a contextual systematic literature review was used to ground the investigation of the research phenomena in the researchers' collective experiences working in, living in and engaging in research with governments in the Commonwealth Caribbean.FindingsThe two major findings emerging from the analysis are that jurisdictional and technical challenges are producing major hindrances to the creation of an efficient and authoritative legislative framework and the building of the capacity of governments in the Commonwealth Caribbean to confront the technicalities that affect systematic efforts to manage problems created by the dark Web.Practical implicationsThe findings indicate the urgency that authorities in the Caribbean region must place on reevaluating their administrative, legislative and investment priorities to emphasize cyber-risk management strategies that will enable their seamless and wholesome integration into this digital world.Originality/valueThe research aids in developing and extending theory and praxis related to the problematization of the dark Web for governments by situating the experiences of Small Island Developing States into the ongoing discourse.
ABSTRACT
The SolarWinds attack, for example, a Russian government-backed breach discovered in late 2020, infected networks in at least nine federal agencies-including the State Department, the Department of Homeland Security, and parts of the Pentagon5-and may have caused upwards of $100 billion in damage.6 Private companies regularly face similar attacks, with only a fraction of the governments resources to defend themselves. According to IBM the average business cost of a cyberattack is $3.86 million.9 Former NSA Director Keith Alexander has estimated cumulative U.S. company losses to cyberattacks to be the greatest transfer of wealth in history.10 And cybercrime is on the rise-since the start of the global COVID-19 pandemic, the FBI has reported a 300% increase in the number of cybersecurity complaints it receives daily, now up to around 4,000 per day.11 Several prominent examples illustrate the havoc a malicious cyberattack can wreak on a company. "23 It does not define "authorization" or "obtain information," so courts have generally applied the plain meaning of these terms.24 It also notably does not include any type of self-defense provision that would exempt unauthorized access to a network by persons or companies under attack from that network. [...]while hackback responses could take on a variety of forms, most-if not all-would at least seriously risk violating the CFAA. The best-known proposal was the Active Cyber Defense Certainty (ACDC) Act, introduced by Representative Tom Graves in 2017 and again in 2019.30 ACDC would establish an affirmative defense to CFAA charges for responses that qualify as "active cyber defense measures" (ACDMs).31 This would allow victims of cyberattacks to access the attacker's computer without authorization, in order to establish attribution, disrupt attacks, and monitor the attacker.32 A company must first notify the FBI's National Cyber Investigative Joint Task Force and can request voluntary FBI review of a planned hackback, but no government approval or oversight is required.33 The 2019 bill garnered bipartisan support from 18 cosponsors.34 A companion bill was not introduced in the Senate, but Senator Sheldon Whitehouse floated the idea, stating that "[w]e ought to think hard about how and when to license hack-back authority so capable, responsible private-sector actors can deter foreign aggression.
ABSTRACT
Nothing has ravaged the global community in recent times like the dreaded corona virus (COVID -19). The virus, though of Chinese origin was transported into Nigeria through an Italian ship. This paper therefore appraises COVID -19 pandemic and anti-cybercrimes crusade in Nigeria: changing the narratives for a better enforcement regime. The paper trenchantly posits that, COVID-19 pandemic is a blessing in disguise as it brought to fore the underlying ineffectiveness that surrounds Nigeria's administrative, institutional and legal architecture for combating cybercrimes. It is also the position of the paper that, during the lock-down (occasioned by the pandemic), there was an exponential increase in cases of cybercrimes in the country as a result of poor enforcement mechanisms, corruption, greed, poverty, lack of expertise, unemployment and the skewed undying quest for wealth. The paper makes a case for a total overhauling of the legal and institutional regime for cybercrimes combat so as to be at par with countries such as the United States of America, United Kingdom, China and the United Arab Emirate (UAE). The paper adopts the doctrinal research approach;primary and secondary materials were sourced and used. These materials include statutes, case laws, articles published in reputable journals, reports of renowned bodies, newspapers publication amongst others.
ABSTRACT
Purpose>Intellectual capital (IC) cyber security is a priority in all organizations. Because of the dearth in IC cyber security (ICCS) research theories and the constant call to theory building, this study proposes a theory of ICCS drawing upon tested empirical data of information systems security (ISS) theory in Lebanon.Design/methodology/approach>After a pilot test, the authors tested the newly developed ISS theory using a field study consisting of 187 respondents, representing many industries, thus contributing to generalizability. ISS theory is used as a proxy for the development of ICCS theory.Findings>Based on a review of the literature from the past three decades in the information systems (IS) discipline and a discovery of the partial yet significant relevance of ISS literature to ICCS, this study succinctly summarized the antecedents and independent variables impacting security compliance behavior, putting the variables into one comprehensive yet parsimonious theoretical model. This study shows the theoretical and practical relevancy of ISS theory to ICCS theory building.Practical implications>This paper highlights the importance of ISS compliance in the context of ICCS, especially in the area of spoken knowledge in environments containing Internet-based security devices.Originality/value>This research article is original, as it presents the theory of ICCS, which was developed by drawing upon a comprehensive literature review of the IS discipline and finding the bridges between the security of both IS and IC.
ABSTRACT
Sustainable Cloud Computing is the modern era’s most popular technology. It is improving daily, offering billions of people sustainable services. Currently, three deployment models are available: (1) public, (2) private, and (3) hybrid cloud. Recently, each deployment model has undergone extensive research. However, relatively little work has been carried out regarding clients’ adoption of sustainable public cloud computing (PCC). We are particularly interested in this area because PCC is widely used worldwide. As evident from the literature, there is no up-to-date systematic literature review (SLR) on the challenges clients confront in PCC. There is a gap that needs urgent attention in this area. We produced an SLR by examining the existing cloud computing models in this research. We concentrated on the challenges encountered by clients during user adoption of a sustainable PCC. We uncovered a total of 29 obstacles that clients confront when adopting sustainable PCC. In 2020, 18 of the 29 challenges were reported. This demonstrates the tremendous threat that PCC still faces. Nineteen of these are considered critical challenges to us. We consider a challenge a critical challenge if its occurrence in the final selected sample of the paper is greater than 20%. These challenges will negatively affect client adoption in PCC. Furthermore, we performed three different analyses on the critical challenges. Our analysis may indicate that these challenges are significant for all the continents. These challenges vary with the passage of time and with the venue of publication. Our results will assist the client’s organization in understanding the issue. Furthermore, it will also help the vendor’s organization determine the potential solutions to the highlighted challenges.
ABSTRACT
Malware has recently grown exponentially in recent years and poses a serious threat to individual users, corporations, banks, and government agencies. This can be seen from the growth of Advanced Persistent Threats (APTs) that make use of advance and sophisticated malware. With the wide availability of computer-automated tools such as constructors, email flooders, and spoofers. Thus, it is now easy for users who are not technically inclined to create variations in existing malware. Researchers have developed various defense techniques in response to these threats, such as static and dynamic malware analyses. These techniques are ineffective at detecting new malware in the main memory of the computer and otherwise require considerable effort and domain-specific expertise. Moreover, recent techniques of malware detection require a long time for training and occupy a large amount of memory due to their reliance on multiple factors. In this paper, we propose a computer vision-based technique for detecting malware that resides in the main computer memory in which our technique is faster or memory efficient. It works by taking portable executables in a virtual environment to extract memory dump files from the volatile memory and transform them into a particular image format. The computer vision-based contrast-limited adaptive histogram equalization and the wavelet transform are used to improve the contrast of neighboring pixel and to reduce the entropy. We then use the support vector machine, random forest, decision tree, and XGBOOST machine learning classifiers to train the model on the transformed images with dimensions of 112 × 112 and 56 × 56. The proposed technique was able to detect and classify malware with an accuracy rate of 97.01%. Its precision, recall, and F1-score were 97.36%, 95.65%, and 96.36%, respectively. Our finding shows that our technique in preparing dataset with more efficient features to be trained by the Machine Learning classifiers has resulted in significant performance in terms of accuracy, precision, recall, F1-score, speed and memory consumption. The performance has superseded most of the existing techniques in its unique approach.
ABSTRACT
Using technology to prevent cyber-attacks has allowed organisations to somewhat automate cyber security. Despite solutions to aid organisations, many are susceptible to phishing and spam emails which can make an unwanted impact if not mitigated. Traits that make organisations susceptible to phishing and spam emails include a lack of awareness around the identification of malicious emails, explicit trust, and the lack of basic security controls. For any organisation, phishing and spam emails can be received and the consequences of an attack could result in disruption. This research investigated the threat of phishing and spam and developed a detection solution to address this challenge. Deep learning and natural language processing are two techniques that have been employed in related research, which has illustrated improvements in the detection of phishing. Therefore, this research contributes by developing Phish Responder, a solution that uses a hybrid machine learning approach combining natural language processing to detect phishing and spam emails. To ensure its efficiency, Phish Responder was subjected to an experiment in which it has achieved an average accuracy of 99% with the LSTM model for text-based datasets. Furthermore, Phish Responder has presented an average accuracy of 94% with the MLP model for numerical-based datasets. Phish Responder was evaluated by comparing it with other solutions and through an independent t-test which demonstrated that the numerical-based technique is statistically significantly better than existing approaches.
ABSTRACT
Hodge and Clark discuss the global state of cybersecurity. Indeed, national cybersecurity agencies around the world warn that cyber threats will continue to be a major concern. That's not only because of the ability of threats to spread so quickly and easily, but also because cyberattacks prey successfully by leveraging other topical risks, including continuing disruption from COVID-19 and Russia's invasion of Ukraine. The risk of state-sponsored cyber threats has increased dramatically in the past few months, cyber agencies say. Some cyber agencies are trying to push greater responsibility for combating cyber risks onto those that are better placed to confront them: the technology sector and government.
ABSTRACT
The unprecedented increase in data availability in many science and technology fields (e.g., genomic data, data from industrial environments, sensory data of smart cities, and social network data) require new methods and solutions for data processing, information extraction, and decision support. ‘Multi-Language Spam/Phishing Classification by Email Body Text: Toward Automated Security Incident Investigation’ by Rastenis et al. The authors proposed a semi-automatic information security model, which can deal with situational awareness data, strategies prevailing information security activities, and protocols monitoring specific types of the network next to the real-time information environment. [...]the paper entitled ‘Simulation of Authentication in Information-Processing Electronic Devices Based on Poisson Pulse Sequence Generators’ by Maksymovych [17] was devoted to modelling authenticators of information-processing electronic devices by creating a bit template simulator based on a Poisson pulse sequence generator.