ABSTRACT
The COVID-19 pandemic accelerated many organisations' reliance on the Internet, with schools, companies, and government agencies, among other institutions, all shifting their operations online in a relatively short period of time. This sudden shift created opportunities for cybercriminals, as did the burden on the healthcare sector, the rush for unemployment benefits, and the desire for up-to-date information about outbreaks and health precautions. This chapter examines the trends in cybercrime during the COVID-19 pandemic that were spurred by these changes, as well as the mitigation measures implemented by government and private industry stakeholders to help protect critical infrastructure and online operations. It argues that the nature of cybercrime and the most common forms of criminal activity did not change substantially during the pandemic, but rather that criminals' focus on whom to target and how to exploit evolving current events enabled them to wield existing criminal tools to greater effect, and potentially also at greater scale, though reliable statistics on the frequency and size of cybercrimes are scarce. Finally, the chapter considers how these trends in cybercrime forced private organisations and governments to undertake new cybersecurity measures and programs and whether the long-term effects of the pandemic might actually include stronger cybersecurity if these efforts continue past the end of the public health crisis. © 2023 the authors.
ABSTRACT
Information Technology (IT) has become the integral part of majority of businesses. Healthcare sector is also one such sector where IT adoption is increased in recent times. This adoption of IT has increased the internet exposure and hence increased the attack surface of the organisations working in healthcare sector. During covid outbreak, we have observed various cyber-attack and threats on organisations operating in healthcare sector. This paper focuses on cyber threat pattern in healthcare sector during covid-19 outbreak and post-covid-19 period. This research paper also aims to generate basic cyber awareness through generic cyber sanity checks to secure healthcare sector from malicious threat actors. The adaptation of proactive measures required to enhance the cyber hygiene of organisations becomes very essential in this sector. © 2023 IEEE.
ABSTRACT
This research concentrates on ransomware attacks and their effects in local government. With attacks dating back to the late 1980's, this classification of malware has shifted its focus from end-users to a more lucrative high-profile, big-game hunting style. This resurgence in recent years has proven that the size and variety of threats faced today needs solutions to efficiently identify and examine more comprehensive ransomware security strategies. In this research, the evidence dictates that it is necessary to broaden current security methods to protect local government and municipality systems as well as data from the ever-increasing number of ransomware attacks. In favor of this assertion, the beginning of the research will examine the evolution of ransomware, its damaging characteristics, and its advancements. Furthermore, the financial and economic impacts these attacks have on local governments is outlined. This will be fol-lowed by methodologies with results and findings to outline a wireless audit and a survey of government employees. Finally, defense-in-depth measures to mitigate the proliferation of ransomware outbreaks will be defined. © International Association for Computer Information Systems. All Rights Reserved.
ABSTRACT
Given that cyber security underwrites public trust in digital services and technologies, the new cyber strategy sets out a vision for reducing the cyber security risk to health and social care organizations across the Department of Health and Social Care (DHSC), National Health Service (NHS) organizations, local authorities, independent social care providers, and suppliers-which includes pharmaceutical manufacturers. [...]attacks can cause a complete loss of access to clinical and administrative information technology (IT) systems, resulting in significant disruption in day-to-day operations. According to the NCSC, ransomware attacks are increasingly seen to include data theft and extortion with a threat of data leaks (3). According to the UK government's recently published policy paper outlining the new cyber security strategy, "all these threats pose risk not just to patient and staff safety, but also to public trust in a health and social care system that can and must safeguard people's data" (2).
ABSTRACT
2020-2022 provided nearly ideal circumstances for cybercriminals, with confusion and uncertainty dominating the planet due to COVID-19. Our way of life was altered by the COVID-19 pandemic, which also sparked a widespread shift to digital media. However, this change also increased people's susceptibility to cybercrime. As a result, taking advantage of the COVID-19 events' exceedingly unusual circumstances, cybercriminals launched widespread Phishing, Identity theft, Spyware, Trojan-horse, and Ransomware attacks. Attackers choose their victims with the intention of stealing their information, money, or both. Therefore, if we wish to safeguard people from these frauds at a time when millions have already fallen into poverty and the remaining are trying to survive, it is imperative that we put an end to these attacks and assailants. This manuscript proposes an intelligence system for identifying ransomware attacks using nature-inspired and machine-learning algorithms. To classify the network traffic in less time and with enhanced accuracy, Genetic Algorithm (GA) and Particle Swarm Optimization (PSO), two widely used algorithms are coupled in the proposed approach for Feature Selection (FS). Random Forest (RF) approach is used for classification. The system's effectiveness is assessed using the latest ransomware-oriented dataset of CIC-MalMem-2022. The performance is evaluated in terms of accuracy, model building, and testing time and it is found that the proposed method is a suitable solution to detect ransomware attacks. © 2022 IEEE.
ABSTRACT
E-commerce sites are flourishing nowadays in lockdown. A lot of entrepreneurs are making their own sites and selling them online. In 2020, one of INTERPOL's private sector partners detected 907,000 spam messages, 737 malware incidents, and 48,000 malware URLs connected to COVID-19 during the period from January to April. 'Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.' states Jürgen Stock, INTERPOL Secretary General. The main threats during this pandemic are Malware/Ransomware(36%), Phishing/Scam(59%), Fake News(14%) and Malicious Domains(22%). Cybercriminals are active in these pandemic times and the developers designing stunning user interfaces without basic cybersecurity knowledge is a great attraction for these criminals. Our goal is to explain how easily hackers gain access by selecting 10 top vulnerabilities from OWASP and exploiting them. © 2023 IEEE.
ABSTRACT
Ransomware is the most severe threat to companies and organizations, snowballing daily. Ransomware comes in various types that are difficult for non-specialists to distinguish and evolve and change encryption techniques to avoid detection. Ransomware has become a worldwide incidence during the Corona pandemic and remote work, accountable for millions of dollars of losses annually;This malware threatens victims to lose sensitive data unless they pay a ransom, usually by encrypting the victims' hard drive contents until the ransom is paid. The study focused on literature reviews and publications issued by international organizations interested in ransomware analysis to build a strong background in this field. Used static analysis and reverse engineering methodology to investigate ransomware to understand its purpose, functionality, and effective countermeasures against it. Finally, after Dearcry and Babuk ransomware were analyzed, written the Yara rule to detect and suggested countermeasures against them to help cybersecurity professionals better understand the inner workings of real ransomware and develop advanced countermeasures against similar attacks in the future. © 2023 by the authors.
ABSTRACT
The SARS-CoV-2 pandemic has had an immense impact on public policy and the management of risks that threaten critical systems, such as national health services. Drawing on perspectives from multiple disciplines, this article considers lessons-learned with respect to mitigating the threats to critical systems and societal harms presented by the proliferation of malware. The article dovetails crisis management with cyber resilience, for the purpose of analyzing transferable good-practices and areas-for-improvement, drawing on preparedness and response strategies deployed in public policymaking in the United Kingdom during the pandemic. Reflecting on key national and local ransomware incidents that have impacted key services, the article offers a post-SARS-CoV-2 review of recent British strategic outputs with respect to cyber resilience;most notably the National Cyber Security Strategy and the Government Cyber Security Strategy. The article focuses on lessons that may be learned with respect to communications strategies. The article argues that although the recent British cyber-security strategies hold significant promise in terms of improving preparedness, response and recovery in relation to future cyber crisis, nuanced, dynamic and empathetic multi-stakeholder engagement will be required in order to meaningfully implement the measures outlined in the strategy documents. © 2023 The Author(s). Published by Informa UK Limited, trading as Taylor & Francis Group.
ABSTRACT
Social media, such as Twitter, allow people to interact with ongoing events and share their sentiments. Therefore, people use social media to report and express their emotions about events they are experiencing. Furthermore, some officials take advantage of the popularity of social media to keep the public informed, especially during emergent events. Researchers have covered sentiment analysis on Twitter in many fields, such as movie reviews, stocks, politics, health, and sports. However, there is a research gap in studying the public's concerns on social media when a cybersecurity breach occurs and how people's sentiment changes over time. To fill the gap, The researchers selected the cyberattacks against Universal Health Services (UHS) during the late days of September 2020 and collected a large dataset of related tweets over five weeks. Live-streaming tweets and historical ones both were compiled. The focus while gathering tweets was in the context of cyberattacks on UHS using keywords and hashtags such as Universal Health System, UHS cyberattack, UHS Ransome, UHS security breach, and UHS locked. Then, the researchers determined tweets' sentiment classification on this developing event using deep learning of Long Short-Term Memory (LSTM) and Artificial Neural Networks (ANN) and their accuracies. Furthermore, the researchers performed exploratory data analysis for the dataset supplying information about how sentiment has changed over time to compare the sentiment per week since the start of these cyberattacks on UHS. This study is the first to provide an analysis of the public's sentiment toward a significant cybersecurity breach on a healthcare provider dealing with COVID-19 based on a large-scale dataset extracted from social media feeds. © 2023 IEEE.
ABSTRACT
All malware are harmful to computer systems;however, crypto-ransomware specifically leads to irreparable data loss and causes substantial economic prejudice. Ransomware attacks increased significantly during the COVID-19 pandemic, and because of its high profitability, this growth will likely persist. To respond to these attacks, we apply static analysis to detect ransomware by converting Portable Executable (PE) header files into color images in a sequential vector pattern and classifying these via Xception Convolutional Neural Network (CNN) model without transfer learning, which we call Xception ColSeq. This approach simplifies feature extraction, reduces processing load, and is more resilient against evasion techniques and ransomware evolution. The proposed method was evaluated using two datasets. The first contains 1000 ransomware and 1000 benign applications, on which the model achieved an accuracy of 93.73%, precision of 92.95%, recall of 94.64%, and F-measure of 93.75%. The second dataset, which we created and have made available, contains 1023 ransomware, grouped in 25 still active and relevant families, and 1134 benign applications, on which the proposed method achieved an accuracy of 98.20%, precision of 97.50%, recall of 98.76%, and F-measure of 98.12%. Furthermore, we refined a testing methodology for a particular case of zero-day ransomware attacks detection—the detection of new ransomware families—by adding an adequate amount of randomly selected benign applications to the test set, providing representative evaluation performance metrics. These results represent an improvement over the performance of the current methods reported in the literature. Our advantageous approach can be applied as a technique for ransomware detection to protect computer systems from cyber threats. © 2023 Elsevier Ltd
ABSTRACT
COVID-19 is one of the deadliest pandemics of this century's that affected the whole world. As the COVID-19 spread the government had to impose lockdown that pushed the people to follow some new lifestyle like social distancing, work from home, hand washing, and the country have to shut down industries, businesses and public transport. At the same time, doctors were occupied in saving life's and on other side cyber criminals were busy taking this situation as advantage, which creates an another silent pandemic i.e. cyber-security pandemic. During this pandemic with overloaded ICT infrastructure, cyber space was gaining attention of more cyber attacker and number of attacks/threats increased exponentially. This is one of the rapidly growing global challenges for industry as well as for human life. In this paper a systematic surveys and review is done on recent trends of cyber security attacks during and post COVID-19 pandemic and their countermeasures. The relevant information has been collected from different trusted sources and impact landscape discussed with importance of cyber security education and future research challenges highlights. © 2023 IEEE.
ABSTRACT
Privacy in Electronic Health Records (EHR) has become a significant concern in today's rapidly changing world, particularly for personal and sensitive user data. The sheer volume and sensitive nature of patient records require healthcare providers to exercise an intense quantity of caution during EHR implementation. In recent years, various healthcare providers have been hit by ransomware and distributed denial of service attacks, halting many emergency services during COVID-19. Personal data breaches are becoming more common day by day, and privacy concerns are often raised when sharing data across a network, mainly due to transparency and security issues. To tackle this problem, various researchers have proposed privacy-preserving solutions for EHR. However, most solutions do not extensively use Privacy by Design (PbD) mechanisms, distributed data storage and sharing when designing their frameworks, which is the emphasis of this study. To design a framework for Privacy by Design in Electronic Health Records (PbDinEHR) that can preserve the privacy of patients during data collection, storage, access and sharing, we have analysed the fundamental principles of privacy by design and privacy design strategies, and the compatibility of our proposed healthcare principles with Privacy Impact Assessment (PIA), Australian Privacy Principles (APPs) and General Data Protection Regulation (GDPR). To demonstrate the proposed framework, ‘PbDinEHR', we have implemented a Patient Record Management System (PRMS) to create interfaces for patients and healthcare providers. In addition, to provide transparency and security for sharing patients' medical files with various healthcare providers, we have implemented a distributed file system and two permission blockchain networks using the InterPlanetary File System (IPFS) and Ethereum blockchain. This allows us to expand the proposed privacy by design mechanisms in the future to enable healthcare providers, patients, imaging labs and others to share patient-centric data in a transparent manner. The developed framework has been tested and evaluated to ensure user performance, effectiveness, and security. The complete solution is expected to provide progressive resistance in the face of continuous data breaches in the patient information domain.
ABSTRACT
In the year passed, rarely a month passes without a ransomware incident being published in a newspaper or social media. In addition to the rise in the frequency of ransomware attacks, emerging attacks are very effective as they utilize sophisticated techniques to bypass existing organizational security perimeter. To tackle this issue, this paper presents "DeepWare,” which is a ransomware detection model inspired by deep learning and hardware performance counter (HPC). Different from previous works aiming to check all HPC results returned from a single timing for every running process, DeepWare carries out a simple yet effective concept of " imaging hardware performance counters with deep learning to detect ransomware ,” so as to identify ransomware efficiently and effectively. To be more specific, DeepWare monitors the system-wide change in the distribution of HPC data. By imaging the HPC values and restructuring the conventional CNN model, DeepWare can address HPC's nondeterminism issue by extracting the event-specific and event-wise behavioral features, which allows it to distinguish the ransomware activity from the benign one effectively. The experiment results across ransomware families show that the proposed DeepWare is effective at detecting different classes of ransomware with the 98.6% recall score, which is 84.41%, 60.93%, and 21% improvement over RATAFIA , OC-SVM , and EGB models respectively. DeepWare achieves an average MCC score of 96.8% and nearly zero false-positive rates by using just a 100 ms snapshot of HPC data. This timeliness of DeepWare is critical on the ground that organizations and individuals have the opportunity to take countermeasures in the first stage of the attack. Besides, the experiment conducted on unseen ransomware families such as CoronaVirus, Ryuk, and Dharma demonstrates that DeepWare has excellent potential to be a useful tool for zero-day attack detection.
ABSTRACT
Latin America suffered more than 41 billion attempted cyberattacks in 2020, as the COVID-19 pandemic generated remote working, setting conditions for cybercriminals to exploit vulnerabilities in corporate computer networks. The general objective of this research was to implement sandbox technology to protect against ransomware attacks in a local network of a financial institution. The implementation of Sandbox technology was developed with opensource software. To this end, a server with sandbox technology was implemented and configured to manage all operations performed by customers. A test lab was implemented with five machines in a virtualized environment. Five types of ransomware were collected and downloaded from the tutorialjinni page, executed in the test lab and analyzed by Cuckoo Sandbox, the latter reported that of the five ransomware injected, 100% were detected and successfully isolated, using on average 0.89 Gb of ram memory and with an average time of 123.6 s, which demonstrated that Cuckoo Sandbox is effective and optimal in utilizing hardware resources, thus contributing to the perimeter security of the computer network. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
PurposeThis paper aims to investigate the potential challenges that governments in the Commonwealth Caribbean are likely to face combating crimes facilitated by the dark Web.Design/methodology/approachThe "lived experience” methodology guided by a contextual systematic literature review was used to ground the investigation of the research phenomena in the researchers' collective experiences working in, living in and engaging in research with governments in the Commonwealth Caribbean.FindingsThe two major findings emerging from the analysis are that jurisdictional and technical challenges are producing major hindrances to the creation of an efficient and authoritative legislative framework and the building of the capacity of governments in the Commonwealth Caribbean to confront the technicalities that affect systematic efforts to manage problems created by the dark Web.Practical implicationsThe findings indicate the urgency that authorities in the Caribbean region must place on reevaluating their administrative, legislative and investment priorities to emphasize cyber-risk management strategies that will enable their seamless and wholesome integration into this digital world.Originality/valueThe research aids in developing and extending theory and praxis related to the problematization of the dark Web for governments by situating the experiences of Small Island Developing States into the ongoing discourse.
ABSTRACT
This paper studies the cybersecurity issues that have occurred during the coronavirus (COVID-19) pandemic. During the pandemic, cyber criminals and Advanced Persistent Threat (APT) groups have taken advantage of targeting vulnerable people and systems. This paper emphasizes that there is a correlation between the pandemic and the increase in cyber-attacks targeting sectors that are vulnerable. In addition, the growth in anxiety and fear due to the pandemic is increasing the success rate of cyber-attacks. We also highlight that healthcare organizations are one of the main victims of cyber-attacks during the pandemic. The pandemic has also raised the issue of cybersecurity in relation to the new normal of expecting staff to work from home (WFH), the possibility of state-sponsored attacks, and increases in phishing and ransomware. We have also provided various practical approaches to reduce the risks of cyber-attacks while WFH including mitigation of security risks related to healthcare. It is crucial that healthcare organizations improve protecting their important data and assets by implementing a comprehensive approach to cybersecurity. © 2020 The Authors. Internet Technology Letters Published by John Wiley & Sons, Ltd.
ABSTRACT
The SolarWinds attack, for example, a Russian government-backed breach discovered in late 2020, infected networks in at least nine federal agencies-including the State Department, the Department of Homeland Security, and parts of the Pentagon5-and may have caused upwards of $100 billion in damage.6 Private companies regularly face similar attacks, with only a fraction of the governments resources to defend themselves. According to IBM the average business cost of a cyberattack is $3.86 million.9 Former NSA Director Keith Alexander has estimated cumulative U.S. company losses to cyberattacks to be the greatest transfer of wealth in history.10 And cybercrime is on the rise-since the start of the global COVID-19 pandemic, the FBI has reported a 300% increase in the number of cybersecurity complaints it receives daily, now up to around 4,000 per day.11 Several prominent examples illustrate the havoc a malicious cyberattack can wreak on a company. "23 It does not define "authorization" or "obtain information," so courts have generally applied the plain meaning of these terms.24 It also notably does not include any type of self-defense provision that would exempt unauthorized access to a network by persons or companies under attack from that network. [...]while hackback responses could take on a variety of forms, most-if not all-would at least seriously risk violating the CFAA. The best-known proposal was the Active Cyber Defense Certainty (ACDC) Act, introduced by Representative Tom Graves in 2017 and again in 2019.30 ACDC would establish an affirmative defense to CFAA charges for responses that qualify as "active cyber defense measures" (ACDMs).31 This would allow victims of cyberattacks to access the attacker's computer without authorization, in order to establish attribution, disrupt attacks, and monitor the attacker.32 A company must first notify the FBI's National Cyber Investigative Joint Task Force and can request voluntary FBI review of a planned hackback, but no government approval or oversight is required.33 The 2019 bill garnered bipartisan support from 18 cosponsors.34 A companion bill was not introduced in the Senate, but Senator Sheldon Whitehouse floated the idea, stating that "[w]e ought to think hard about how and when to license hack-back authority so capable, responsible private-sector actors can deter foreign aggression.
ABSTRACT
Ransomware is a malware practice which cyber criminals usually inject through phishing practices to make money as their priority. With the high rise in the use of the internet amid the COVID phase, the cyber world is also reaching its peak as well. The attacker is also getting smarter with technology. We in this paper are taking blockchain technology as a weapon to fight against the terror of ransomware attacks, as this is the most notorious and devastating attack of all, and there is no doubt that it is going to be with us in the future too. Detection of ransomware attacks before they infect and decode the data is a complex thing. Several algorithms exist to detect attacks at their early stages, but the lack of information about the pre and post behavior similarities is proving to be an obstacle to accurately observing and detecting ransomware at its very first stage rather than making sense of paying the ransom and even not being sure of getting back the confidentialities. With the use of blockchain technology, we focus on making a record of the pre-encryption and post-encryption behaviour of ransomware attacks so that it is not going to be complex to track the nature, similarities, and behaviour of ransomware attacks. With inaccurate availability of data about pre and post behaviour of attacks and also weak design of detection models, both have a negative impact on selecting the features and similarities of the attack and thus developing a design model for the same. The paper is focusing on one of the most challenging variations of ransomware attacks, i.e., the crypto ransomware. Many researches before proposed solutions as performing regular backup of files but this measure has a significant overhead too as key backup schemes results in high computational cost as well. Thus, with the use of blockchain for gathering and maintaining records, we expect to be prepared for every unexpected attack. © 2022 IEEE.
ABSTRACT
Ransomware has been one of the biggest cyber threats against consumers in recent years. It can leverage various attack vectors while it also evolves in terms of finding more innovative ways to invade different cyber security systems. There have been many efforts to detect ransomware within the workforce and academia leveraging machine learning algorithms, which has shown promising results. Accordingly, there is a considerably large body of literature addressing various solutions on how ransomware threats can be detected and mitigated. Such large and rapidly growing scientific and technical materials start to make it difficult in knowing the actual ML algorithm(s) being used. Hence, the aim of this paper is to give insight about ransomware detection frameworks and those ML algorithms which are typically being used to extract ever-evolving characteristics of ransomware. In addition, this study will provide the cyber security community with a detailed analysis of those frameworks. This will be augmented with information such as datasets being used along with the challenges that each framework may be faced with in detecting a wide variety of ransomware accurately. To summarize, this paper delivers a comparative study which can be used by peers as a reference for future work in ransomware detection. Author
ABSTRACT
Latin America suffered more than 41 billion attempted cyberattacks in 2020, as the COVID-19 pandemic generated remote working, setting conditions for cybercriminals to exploit vulnerabilities in corporate computer networks. The general objective of this research was to implement sandbox technology to protect against ransomware attacks in a local network of a financial institution. The implementation of Sandbox technology was developed with opensource software. To this end, a server with sandbox technology was implemented and configured to manage all operations performed by customers. A test lab was implemented with five machines in a virtualized environment. Five types of ransomware were collected and downloaded from the tutorialjinni page, executed in the test lab and analyzed by Cuckoo Sandbox, the latter reported that of the five ransomware injected, 100% were detected and successfully isolated, using on average 0.89 Gb of ram memory and with an average time of 123.6 s, which demonstrated that Cuckoo Sandbox is effective and optimal in utilizing hardware resources, thus contributing to the perimeter security of the computer network. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.