ABSTRACT
Covid pandemic brought a significant change in the way people learn, entertain, interact and conduct business. With people working and socializing remotely, social media usage skyrocketed and provided a fertile ground to cybercriminals to exploit the platforms and its users. This paper will explore the rising trend of cybercrime on social media, including specific types of cybercrime such as phishing scams, impersonation and misinformation. The paper will also discuss about the parties mostly affected by cybercrimes. Additionally, the paper will delve into the impact of increase in cybercrime on digital marketing, including the challenges faced by businesses. Overall the paper aims to provide a comprehensive overview of the current state of cybercrime media during the covid pandemic and how it is impacting the overall society and digital markets all together.
ABSTRACT
E-commerce sites are flourishing nowadays in lockdown. A lot of entrepreneurs are making their own sites and selling them online. In 2020, one of INTERPOL's private sector partners detected 907,000 spam messages, 737 malware incidents, and 48,000 malware URLs connected to COVID-19 during the period from January to April. 'Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.' states Jürgen Stock, INTERPOL Secretary General. The main threats during this pandemic are Malware/Ransomware(36%), Phishing/Scam(59%), Fake News(14%) and Malicious Domains(22%). Cybercriminals are active in these pandemic times and the developers designing stunning user interfaces without basic cybersecurity knowledge is a great attraction for these criminals. Our goal is to explain how easily hackers gain access by selecting 10 top vulnerabilities from OWASP and exploiting them. © 2023 IEEE.
ABSTRACT
During COVID-19 pandemic, there has been unprecedented increase in the number of employees working outside an organisations IT infrastructure due to the use of personal devices. The scale and sophistication of cyberattacks also continue to increase post-COVID-19 and it has become critical for SMEs (Small and Medium Sized Enterprises) to safeguard their information and IT assets. COVID19 proved to be a major catalyst for the adoption of digital approaches to remote working that many organisations did not previously believe to be feasible. The systems are becoming increasingly exposed to cyber-attacks as a result of remote access technology and cloud networks. The literature points to a gap in the existing knowledge to address the cybersecurity requirements for SMEs in India working in a virtual setup. The purpose of this paper is to develop a cybersecurity evaluation model (CSEM) that can be leveraged by SMEs which will eventually help them assess their cyber-risk portfolio. Based on the research project and the methodology used in the past for similar research, a quantitative approach will be chosen for this research. This research requires the researcher to roll out an online survey, which will enable the participants to evaluate cybersecurity risks by responding to the survey questionnaire. Analysing and implementing a CSEM will not only assist SMEs in identifying their strengths and weaknesses but will also include simple best practice guidelines for effectively plugging their cybersecurity flaws while working remotely. © 2022 IEEE.
ABSTRACT
As social media use increases, the number of users has risen also. This has increased the volume of data carried over the network, making it more important to secure users' data and privacy from threats. As users are unaware of hackers, social media's security flaws and new forms of attack will persist. Intrusion detection systems, therefore, are vital to identifying intrusion risks. This paper examines a variety of intrusion detection techniques used to detect cyberattacks on social media networks. The paper provides a summary of the prevalent attacks on social media networks, such as phishing, fake profiles, account compromise, and cyberbullying. Then, the most prevalent techniques for classifying network traffic, including statistical and artificial intelligence (AI) techniques, are addressed. The literature also demonstrates that because AI can manage vast, scalable networks, AI-based IDSs are more effective at classifying network traffic and detecting intrusions in complex social media networks. However, AI-based IDSs exhibit high computational and space complexities;therefore, despite their remarkable performance, they are more suitable for high computing power systems. Hybrid IDSs, utilizing statistical feature selection and shallow neural networks, may provide a compromise between computational requirements and efficiency. This investigation shows that accuracies of statistical techniques range from 90% to 97.5%. In contrast, AI and ML technique detection accuracy ranges from 78% to 99.95%. Similarly, swarm and evolutionary techniques achieved from 84% to 99.95% and deep learning-based detection techniques achieved from 45% to more than 99% detection rates. Convolutional neural network deep learning systems outperformed other methods due to their ability to automatically craft the features that would classify the network traffic with high accuracy.
ABSTRACT
The proliferation of the internet and computing devices has drawn much attention during the Covid-19 pandemic stay home and work, and this has led the organization to adapt to staying home. Also, to let the organization work due to the infrastructure for working on proxy during the pandemic. The alarming rate of cyber-attacks, which through this study infer that phishing is one of the most effective and efficient ways for cyber-attack success. In this light, this study aims to study phishing attacks and mitigation methods in play, notwithstanding analysing performance metrics of the current mitigation performance metrics. Results indicate that business enterprises and educational institutions are the most hit using email (social engineering) and web app phishing attacks. The most effective mitigation methods are training/awareness campaigns on social engineering and using artificial intelligence/machine learning (AI/ML). To gain zero or 100% phishing mitigation, AI/ML need to be applied in large scale to measure its efficiency in phishing mitigation. © 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
ABSTRACT
COVID-19 is one of the deadliest pandemics of this century's that affected the whole world. As the COVID-19 spread the government had to impose lockdown that pushed the people to follow some new lifestyle like social distancing, work from home, hand washing, and the country have to shut down industries, businesses and public transport. At the same time, doctors were occupied in saving life's and on other side cyber criminals were busy taking this situation as advantage, which creates an another silent pandemic i.e. cyber-security pandemic. During this pandemic with overloaded ICT infrastructure, cyber space was gaining attention of more cyber attacker and number of attacks/threats increased exponentially. This is one of the rapidly growing global challenges for industry as well as for human life. In this paper a systematic surveys and review is done on recent trends of cyber security attacks during and post COVID-19 pandemic and their countermeasures. The relevant information has been collected from different trusted sources and impact landscape discussed with importance of cyber security education and future research challenges highlights. © 2023 IEEE.
ABSTRACT
The recent pandemic fosters an increasing dependency on various forms of digital communications that support social distancing. To mitigate widespread exposure to COVID, the Louisiana Department of Health's COVID Defense contact tracing application helps users learn about potential exposures to infected individuals. This research investigates the viability of using the Louisiana Department of Health's COVID Defense application symptoms share feature as an attack vector. The primary contribution of this research is an initial assessment of the effective modification and distribution of a packaged JSON file that contains a malicious link. Secondly, it highlights the effectiveness of this attack through email, WIFI direct, and nearby share. © 2023 IEEE Computer Society. All rights reserved.
ABSTRACT
The increase in Social Engineering (SE) attacks during COVID-19 pandemic has made it imperative to educate people about SE techniques and methods. For the last many years, we have worked on games, which disseminate awareness among the participants about Social Engineering concepts. The aim of this study is to share our newly designed card-based game, which is simple to understand, and can be conducted in classroom environment. © 2022 IEEE.
ABSTRACT
Cybersecurity has seen an increasing frequency and impact of cyberattacks and exposure of Protected Health Information (PHI). The uptake of an Electronic Medical Record (EMR), the exponential adoption of Internet of Things (IoT) devices, and the impact of the COVID-19 pandemic has increased the threat surface presented for cyberattack by the healthcare sector. Within healthcare generally and, more specifically, within anaesthesia and Intensive Care, there has been an explosion in wired and wireless devices used daily in the care of almost every patient-the Internet of Medical Things (IoMT); ventilators, anaesthetic machines, infusion pumps, pacing devices, organ support and a plethora of monitoring modalities. All of these devices, once connected to a hospital network, present another opportunity for a malevolent party to access the hospital systems, either to gain PHI for financial, political or other gain or to attack the systems directly to cause erroneous monitoring, altered settings of any device and even to access the EMR via this IoMT window. This exponential increase in the IoMT and the increasing wireless connectivity of anaesthesia and ICU devices as well as implantable devices presents a real and present danger to patient safety. There has, at the same time, been a chronic underfunding of cybersecurity in healthcare. This lack of cybersecurity investment has left the sector exposed, and with the monetisation of PHI, the introduction of technically unsecure IoT devices for monitoring and direct patient care, the healthcare sector is presenting itself for further devastating cyberattacks or breaches of PHI. Coupled with the immense strain that the COVID-19 pandemic has placed on healthcare and the changes in working patterns of many caregivers, this has further amplified the exposure of the sector to cyberattacks.
ABSTRACT
The world is recovering from Covid-19, and along with that it has brought the zeal to use the digital media, concepts like work from home, connecting the whole world using applications and social media. However, with good things follow bad and we observe a lot of people being affected by social engineering attack via multiple means be it as elementary as an unfamiliar person calling us to ask us about our day or complicated and puzzling as someone acting like the victim's senior. In some cases, people are aware of the process but are unaware of the terms they are victimized with others do not know many kinds of social engineering attacks. Therefore, it is imperative for an organization and an individual that they are aware of how Social Engineering is carried out. In this paper, we represent the survey filled by more than 100 people from diverse age groups and work profiles seeking their views on the attack and knowledge about social engineering. © 2022 IEEE.
ABSTRACT
Social networking sites (SNSs) contain a large amount of information that has been self-disclosed by users around the world because it provides a platform for millions of users to express their feelings, emotions, and even deepest thoughts. Some of these information are sensitive and private and can be used by hackers to launch social engineering attacks against the user or the company the user works for. Due to the physical restrictions imposed by the COVID-19 pandemic, more people turned to social media to stay connected with each other and they spent more time on social media and disclosed much more information than the pre-COVID pandemic. The objective of this research is to study the potential security risks and privacy concerns brought by the disclosed information on SNSs during the COVID-19 pandemic. We developed an automated tool to collect and analyze publicly accessible data from Twitter API using some personal keywords such as birthday, anniversary, mental health, suicide etc. to investigate the impact of the COVID-19 pandemic on the disclosed sensitive information. © 2022 IEEE.
ABSTRACT
The role of technology has undoubtedly evolved into amplifying attackers' ability to use the cyber space for the deceit and abuse of Internet users. This dissertation seeks to investigate these problems from the lens of deceptive and abusive content (e.g., phishing, social engineering, dis- or misinformation, intimate partner surveillance). Phishing is an extremely popular cyber-social engineering attack that come with great costs to society-at-large, and along with mis- and disinformation, has risen to society's collective consciousness after the 2016 and 2020 U.S. General Elections, as well as the onset of the COVID-19 pandemic. Furthermore, research into crimes of abuse surrounding intimate partner violence (IPV), colloquially known as domestic abuse, is still in its infancy, yet IPS allows abusers to stalk, monitor, intimidate, and harass their victims as a form of further control. This thesis seeks to tackle these issues through a multi-methods approach, including natural language processing to detect the presence of influence cues in text, qualitative methods, and rigorous statistical analyses. I detail how cyber abuse is leveraged in social media, how expert advice can negative affect minorities, and investigate how subtle online toxicity can be automatically detected. I then investigate several different ways to mitigate the harms of online deception. The work detailed in this dissertation has resulted in novel and publicly available datasets that may pave the way for further novel mitigations and solutions within their fields and to the global problem of cyber deception and abuse. (PsycInfo Database Record (c) 2022 APA, all rights reserved)
ABSTRACT
Cybercrime is a growing concern, particularly in this COVID-19 era. The COVID-19 outbreak has shown the significant impact potential of such crises on our daily lives worldwide. Phishing is a social engineering crime that can cause financial and reputational damages such as data loss, personal identity theft, money loss, financial account credential theft, etc., to people and organizations. In the recent outbreak of the COVID-19 pandemic, many companies and organizations have changed their working conditions, moved to an online environment workspace, and implemented the Work From Home (WFH) business model that increases the phishing attacks vectors and risk of breaching internal data. In this paper, we have extracted nine efficient features from the URLs and applied seven different Machine Learning algorithms to recognize phishing URLs. Machine learning algorithms are often used to detect phishing attacks more accurately before affecting users. The obtained result concludes that the Random Forest model provides the best and highest accuracy of 95.2%. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
To design preventive policy measures for email phishing, it is helpful to be aware of the phishing schemes and trends that are currently applied. How phishing schemes and patterns emerge and adapt is an ongoing field of study. Existing phishing works already reveal a rich set of phishing schemes, patterns, and trends that provide insight into the mechanisms used. However, there seems to be limited knowledge about how email phishing is affected in periods of social disturbance, such as COVID-19 in which phishing numbers have quadrupled. Therefore, we investigate how the COVID-19 pandemic influences the phishing emails sent during the first year of the pandemic. The email content (header data and html body, excl. attachments) is evaluated to assess how the pandemic influences the topics of phishing emails over time (peaks and trends), whether email campaigns correlate with momentous events and trends of the COVID-19 pandemic, and what hidden content revealed. This is studied through an in-depth analysis of the body of 500.000 phishing emails addressed to Dutch registered top-level domains collected during the start of the pandemic. The study reveals that most COVID-19 related phishing emails follow known patterns indicating that perpetrators are more likely to adapt than to reinvent their schemes.
ABSTRACT
Phishing email attack is a dominant cyber-criminal strategy for decades. Despite its longevity, it has evolved during the COVID-19 pandemic, indicating that adversaries exploit critical situations to lure victims. Plenty of detectors have been proposed over the years, which mainly focus on the contents or the textual information of emails;however, to cope with the evolution of phishing emails more sophisticated approaches should be introduced that will exploit all the emails' traits to enhance the detection capability of Machine Learning/Deep Learning classifiers. To tackle the limitations of existing works, this paper proposes a phishing email detection methodology, named HELPHED that focuses on the detection of phishing emails by combining Ensemble Learning methods with hybrid features. The hybrid features provide an accurate representation of emails by fusing their content and textual traits. We propose two methods of HELPHED, the first one employs the Stacking Ensemble Learning method, while the second method utilizes the Soft Voting Ensemble Learning. Both methods deploy two different Machine Learning algorithms to handle the hybrid features separately, yet in parallel, minimizing the features' complexity and improving the model's performance. A thorough evaluation analysis is carried out considering innovative guidelines that aim to prevent partial and misleading results. Experimental tests verified that the combination of hybrid features with Ensemble Learning, overall, accomplishes better detection performance than when employing only content-based or text-based features. Numerical results on a rich imbalanced dataset (i.e., 32,051 benign and 3,460 phishing email samples) that considers the evolution of phishing emails show that Soft Voting Ensemble Learning outperforms other prominent Machine Learning/Deep Learning algorithms and existing works yielding F1-score equal to 0.9942. © 2022 Elsevier Ltd
ABSTRACT
This paper studies the cybersecurity issues that have occurred during the coronavirus (COVID-19) pandemic. During the pandemic, cyber criminals and Advanced Persistent Threat (APT) groups have taken advantage of targeting vulnerable people and systems. This paper emphasizes that there is a correlation between the pandemic and the increase in cyber-attacks targeting sectors that are vulnerable. In addition, the growth in anxiety and fear due to the pandemic is increasing the success rate of cyber-attacks. We also highlight that healthcare organizations are one of the main victims of cyber-attacks during the pandemic. The pandemic has also raised the issue of cybersecurity in relation to the new normal of expecting staff to work from home (WFH), the possibility of state-sponsored attacks, and increases in phishing and ransomware. We have also provided various practical approaches to reduce the risks of cyber-attacks while WFH including mitigation of security risks related to healthcare. It is crucial that healthcare organizations improve protecting their important data and assets by implementing a comprehensive approach to cybersecurity. © 2020 The Authors. Internet Technology Letters Published by John Wiley & Sons, Ltd.
ABSTRACT
Today, the world lives in the era of information and data. Therefore, it has become vital to collect and keep them in a database to perform a set of processes and obtain essential details. The null value problem will appear through these processes, which significantly influences the behaviour of processes such as analysis and prediction and gives inaccurate outcomes. In this concern, the authors decide to utilise the random forest technique by modifying it to calculate the null values from datasets got from the University of California Irvine (UCL) machine learning repository. The database of this scenario consists of connectionist bench, phishing websites, breast cancer, ionosphere, and COVID-19. The modified random forest algorithm is based on three matters and three number of null values. The samples chosen are founded on the proposed less redundancy bootstrap. Each tree has distinctive features depending on hybrid features selection. The final effect is considered based on ranked voting for classification. This scenario found that the modified random forest algorithm executed more suitable accuracy results than the traditional algorithm as it relied on four parameters and got sufficient accuracy in imputing the null value, which is grown by 9.5%, 6.5%, and 5.25% of one, two and three null values in the same row of datasets, respectively.
ABSTRACT
The COVID-19 pandemic has established not only a health emergency, but has generated an emergency in the control of personal data of all those people who make use of technological means, which increased the activity of phishing which consists of the theft of personal data through the circulation of false information through the different social networks, in addition, the circulation with messages related to the cure of this disease only for the theft of data. This research develops a mobile application that detects malicious URLs found within the content of textmessages. The developed application performs an analysis of the URLs according to the database that is updated with each attack detected, performing a blocking of the content and notifies the user of the actions that canbetaken, with this the theft of the personal data of the users is avoided. This application is very useful for all those people who use mobile equipment (mobile) and have no knowledge of these types of attacks, since they are likely to perform the actions that the perpetrators foresee for the obtaining of their personal data, so this application provides a means of security against these types of phishing attacks. © 2022 by the Author(s).
ABSTRACT
Today, the world lives in the era of information and data. Therefore, it has become vital to collect and keep them in a database to perform a set of processes and obtain essential details. The null value problem will appear through these processes, which significantly influences the behaviour of processes such as analysis and prediction and gives inaccurate outcomes. In this concern, the authors decide to utilise the random forest technique by modifying it to calculate the null values from datasets got from the University of California Irvine (UCL) machine learning repository. The database of this scenario consists of connectionist bench, phishing websites, breast cancer, ionosphere, and COVID-19. The modified random forest algorithm is based on three matters and three number of null values. The samples chosen are founded on the proposed less redundancy bootstrap. Each tree has distinctive features depending on hybrid features selection. The final effect is considered based on ranked voting for classification. This scenario found that the modified random forest algorithm executed more suitable accuracy results than the traditional algorithm as it relied on four parameters and got sufficient accuracy in imputing the null value, which is grown by 9.5%, 6.5%, and 5.25% of one, two and three null values in the same row of datasets, respectively.
ABSTRACT
In recent years, communication over the Internet has become the most effective media for leveraging social interactions during the COVID-19 pandemic. Nevertheless, the rapid increase use of digital platforms has led to a significant growth of Phishing Attacks. Phishing attacks are one of the most common security issues in digital worlds that can affects both individual and organization in keeping their confidential information secure. Various modern approaches can be used to target an individual and trick them into leaking their sensitive information, which can later, purposely be used to harm the targeted victim or entire organization depending on the cybercriminal's intent and type of data leaked. This paper evaluates phishing detection by using Naïve Bayes, Simple Logistic, Random Forest, Ada Boost and MLP classifications. This study discusses the comparative analysis on the effectiveness of classification for detecting phishing attacks. The results indicated that the detection system trained with the Random Forest produce higher accuracy of 97.98% than another classifier method. © 2022 IEEE.