ABSTRACT
The impact of COVID-19 pandemic affected the whole world leading to threats to the healthcare, economies, governments, and education sectors. During this challenging period, online learning and educational tools such as Zoom, Google Meet, Microsoft Teams, and Cisco Webex gained immense popularity in academic institutions. However, these tools provided vulnerabilities for malicious attackers to exploit these online platforms. That posed a huge cyber threat to the online educational system to continue and survive under such circumstances. The paper aims to explore and analyze the cyber threats to these online learning platforms to understand the security posture and mitigation techniques. The contribution of this paper is threefold: First, we explore the various attacks on online tools such as Zoom, Google Meet, Microsoft Teams, and Cisco Webex and determine how much security and privacy they offer. Secondly, we analyze the encryption's capabilities to assess the level of confidentiality, integrity, and availability they provide to the users and present the results as a table. Finally, we discussed a common vulnerability framework comprising common threats faced by users and the service provider for the mitigation techniques to improve security. © 2022 IEEE.
ABSTRACT
The covid-19 pandemic has impacted the world. One of the mitigation technique to limit the spread of the virus is contact tracing. Contact tracing techniques applies to any infectious disease. Digital contact tracing via mobile phone using GPS coordinates was investigated. Implementation decision such as the location service's configuration mode has an impact on the accuracy of location data captured as well as the battery usage. The limitations and issues associated to the implementation of mobile contact tracing applications are identified. © 2022 IEEE.
ABSTRACT
Undoubtedly, technology has not only transformed our world of work and lifestyle, but it also carries with it a lot of security challenges. The Distributed Denial-of-Service (DDoS) attack is one of the most prominent attacks witnessed by cyberspace of the current era. This paper outlines several DDoS attacks, their mitigation stages, propagation of attacks, malicious codes, and finally provides redemptions of exhibiting normal and DDoS attacked scenarios. A case study of a SYN flooding attack has been exploited by using Metasploit. The utilization of CPU frame length and rate have been observed in normal and attacked phases. Preliminary results clearly show that in a normal scenario, CPU usage is about 20%. However, in attacked phases with the same CPU load, CPU execution overhead is nearly 90% or 100%. Thus, through this research, the major difference was found in CPU usage, frame length, and degree of data flow. Wireshark tool has been used for network traffic analyzer. © 2022 Bharati Vidyapeeth, New Delhi.
ABSTRACT
The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Framework provides a rich and actionable repository of adversarial tactics, techniques, and procedures. Its innovative approach has been broadly welcomed by both vendors and enterprise customers in the industry. Its usage extends from adversary emulation, red teaming, behavioral analytics development to a defensive gap and SOC (Security Operations Center) maturity assessment. While extensive research has been done on analyzing specific attacks or specific organizational culture and human behavior factors leading to such attacks, a holistic view on the association of both is currently missing. In this paper, we present our research results on associating a comprehensive set of organizational and individual culture factors (as described on our developed cyber-security culture framework) with security vulnerabilities mapped to specific adversary behavior and patterns utilizing the MITRE ATT&CK framework. Thus, exploiting MITRE ATT&CK's possibilities towards a scientific direction that has not yet been explored: security assessment and defensive design, a step prior to its current application domain. The suggested cyber-security culture framework was originally designed to aim at critical infrastructures and, more specifically, the energy sector. Organizations of these domains exhibit a co-existence and strong interaction of the IT (Information Technology) and OT (Operational Technology) networks. As a result, we emphasize our scientific effort on the hybrid MITRE ATT&CK for Enterprise and ICS (Industrial Control Systems) model as a broader and more holistic approach. The results of our research can be utilized in an extensive set of applications, including the efficient organization of security procedures as well as enhancing security readiness evaluation results by providing more insights into imminent threats and security risks.