Antivirus Research Articles

Leveraging Advanced Machine Learning Algorithms for Enhanced Cyberattack Detection on U.S. Business Networks

Cyberattacks' rising volume and sophistication have made conventional security measures, such as firewalls, signature-based intrusion detection systems, and antivirus software, increasingly inadequate. The upsurge of cyber threats has been one of the most pressing predicaments for U.S. organizations in the digital age. With the increased dependence on internet-based forums, cloud computing, and interconnected networks, companies face an advancing number of extreme cyberattacks. The chief objective of this research project is to design and deploy proven machine learning methods to enhance the detection and combating of cyberattacks on U.S. organization networks. This research project retrieved a cyber-attack dataset from Kaggle.com, which had a collection of public datasets of cyber threats. This dataset was curated precisely, offering a realistic representation of cyber-attack scenarios, making it an ideal playground for various analytical tasks. The collection was classified as per the source of the relevant information, such as host-based datasets, network traffic datasets, malware or fraud reports, or a special section for datasets that can be classified according to a specific source. The dataset comprised numerous network traffic attributes such as source and destination IP addresses, ports, protocol, payload size, and attack labels. For this research project, three machine learning algorithms were used, namely: Logistic Regression, XG-Boost and Random Forest. This research project applied performance metrics such as accuracy, precision, recall, and F1 score for the performance of the classification models were considered. The result illustrated that the random forest model was far superior in accuracy compared to the logistic regression model; particularly, it had excellent accuracy. Through the use of advanced machine learning models, organizations will be in a position to devise more dynamic and intelligent security systems that evolve with the threat landscape. These intelligent systems monitor every kind of anomaly, malicious activity, and threat response with unparalleled effectiveness. The findings of this research project have significant implications for enhancing cybersecurity in U.S. organizational networks.

Healthiness and Safety of Smart Environments through Edge Intelligence and Internet of Things Technologies

Smart environments exploit rising technologies like Internet of Things (IoT) and edge intelligence (EI) to achieve unseen effectiveness and efficiency in every tasks, including air sanitization. The latter represents a key preventative measure–made even more evident by the COVID-19 pandemic–to significantly reduce disease transmission and create healthier and safer indoor spaces, for the sake of its occupants. Therefore, in this paper, we present an IoT-based system aimed at the continuous monitoring of the air quality and, through EI techniques, at the proactively activation of ozone lamps, while ensuring safety in sanitization. Indeed, these devices ensure extreme effectiveness in killing viruses and bacteria but, due to ozone toxicity, they must be properly controlled with advanced technologies for preventing occupants from dangerous exposition as well as for ensuring system reliability, operational efficiency, and regulatory compliance.

CADefender: Detection of unknown malicious AutoLISP computer-aided design files using designated feature extraction and machine learning methods

Computer-aided design (CAD) files are used to create digital designs for various structures – from the smallest chips in the high-tech industry to large-scale buildings and bridges in the civil engineering space. We found that most exploits and malicious payloads are deployed through Auto List Processing (AutoLISP) source code (LSP) or Fast Load AutoLISP (FAS) files, which are non-executable files (NEFs) containing scripts in the AutoLISP language that are native to AutoCAD; While antivirus software is capable of detecting many malicious CAD files, the potential to improve protection by using a dedicated machine learning (ML) based detection solution remains, especially against unknown and sophisticated CAD malware. In this study, we are the first to propose designated feature extraction methods and a robust framework aimed at the detection of known and unknown AutoLISP malware using ML algorithms. To accomplish this, we examined the structure, functionality, and ecosystems of AutoLISP files and collected the largest known representative collection of LSP files consisting of 6418 malicious and benign files (labeled and verified). We then explored the use of two novel static-analysis-based feature extraction methods (knowledge-based and structural) designated for LSP files to extract a discriminative set of informative features, which can subsequently be used by ML models to detect malicious LSP files. These two feature extraction methods serve as the basis of the proposed detection framework, whose performance we comprehensively compare to both widely used antiviruses and baseline ML models based on existing feature extraction methods, including MinHash, Bidirectional Encoder Representations from Transformers (BERT), and n-gram. Our results highlight our methods' contributions to the detection of unknown AutoLISP malware and demonstrate their ability to outperform existing methods. The best performance in the task of unknown malicious LSP file detection was obtained by the Artificial Neural Networks (ANN) model trained on 100 knowledge-based features, which obtained a true positive rate (TPR) of 99.49% with a false positive rate (FPR) of 0.57%. Our framework's role in explainability is also highlighted, as we also present the prominent features that contribute most to the model's detection capabilities; this information can be used for explainability purposes. We conclude by evaluating the proposed framework's ability to detect a malicious file from an unknown AutoLISP malware family and by evaluating our framework on an additional independent test set that originated from another source, scenarios that are often faced by malware detection solutions.

An Examination of Threats and Countermeasures Relating to Healthcare Cyber Risks: The Case of Kenyatta National Hospital

Background Africa has seen an exponential increase in internet penetration and ICT affordances since the turn of the twenty-first century. Healthcare institutions are scrambling to put in place the appropriate safeguards to protect their patients' data from unauthorized access since the need to protect private information has become critical, particularly for cybercriminals eyeing the data of medical patients. This thesis investigates cyber security threats and countermeasures in healthcare, with a focus on Kenyatta National Hospital (KNH). Given Africa's increased internet use and the critical need to protect patient data from cybercriminals, the study explores how data protection and cyber security influence healthcare delivery at the hospital.  Key Objectives To examine cyber threats and countermeasures employed by KNH as well as analyzing the impact of Kenya's Cybercrime Act.  Results The survey at Kenyatta National Hospital shows strong cybersecurity measures, with 89% having dedicated resources and 88% using computers regularly. Regarding the Kenya Cybercrime Act, 74% know how to detect and report hacks, though 8% have encountered malware and 12% lack basic malware knowledge. 78% have anti-virus software, and 63% verify email attachments, while knowledge of social engineering and email scams is limited, revealing a need for further education. The second objective looked at the impact of Kenya Cybercrime Act, as a local data protection laws on supporting patient- healthcare system at Kenyatta National Hospital. A significant majority, 74%, are aware of when their computer is hacked or infected and know whom to contact in such cases. The results also show that 79% of respondents have never encountered a virus or trojan on their computers. When opening email attachments, 63% of respondents always verify that the attachment is from a known and expected source. Knowledge of social engineering attacks is limited, with only 18% of respondents aware of these threats and 82% unfamiliar with them. Regarding email scams, 51% do not know what an email scam is or how to recognize one, underscoring a need for further training. Finally, while 85% of respondents believe their computers are not valuable to hackers, 15% recognize their potential as targets, reflecting differing perceptions of risk and emphasizing the need for ongoing cyber security education.

What helps adult learners with little formal schooling to develop basic digital skills?

In today’s world, having at least basic digital skills is essential in working, social, and family life. The present study uses grounded theory to explore ways in which people with little formal schooling engage with the digital world. Drawing on 54 semi-structured interviews, it describes how people with little IT experience from formal education obtain information about digital security, privacy, the functioning of antivirus software, software updates, and so on. We introduce the concepts of computer world and ministories which draw parallels between the online and offline worlds. While creating the concepts of computer world and ministories, we follow Richard Mayer’s theory of multimedia learning, and thus ministories are based on the appropriate combination of images and texts. The study attempts to answer the following general question: ‘Is it better to teach people how to work with specific apps for everyday use or teach them the principles that are behind them?’. This question should be asked when creating new approach in IT education and not only in lifelong learning.

Enhancing Linux System Security: A Kernel-Based Approach to Fileless Malware Detection and Mitigation

In the late 20th century, computer viruses emerged as powerful malware that resides permanently in target hosts. For a virus to function, it must load into memory from persistent storage, such as a file on a hard drive. Due to the significant destructive potential of viruses, numerous defense measures have been developed to protect computer systems. Among these, antivirus software is one of the most recognized and widely used. Typically, antivirus solutions rely on static analysis (signature-based) technologies to detect infections in files stored on permanent storage devices, such as hard drives or USB (Universal Serial Bus) flash drives. However, a new breed of malware, fileless malware, has been designed to evade detection and enhance durability. Fileless malware resides solely in the memory of the target hosts, circumventing traditional antivirus software, which cannot access or analyze processes executed directly from memory. This study proposes the Check-on-Execution (CoE) kernel-based approach to detect fileless malware on Linux systems. CoE intervenes by suspending code execution before a program executes code from a process’s writable and executable memory area. To prevent the execution of fileless malware, CoE extracts the code from memory, packages it with an ELF (Executable and Linkable Format) header to create an ELF file, and uses VirusTotal for analysis. Experimental results demonstrate that CoE significantly enhances a Linux system’s ability to defend against fileless malware. Additionally, CoE effectively protects against shell code injection attacks, including buffer and memory overflows, and can handle packed malware. However, it is important to note that this study focuses exclusively on fileless malware, and further research is needed to address other types of malware.

Recommendation mobile antivirus for Android smartphones based on malware detection

<p>The proliferation of smartphone malware attacks due to a lack of vigilance in app selection raises serious concerns. Built-in smartphone security features often must be improved to protect devices from these threats. Although numerous articles recommend top-tier antivirus solutions, there need to be more reliable data sources that raise suspicions about undisclosed promotional motives. This research endeavors to establish a ranking of antivirus efficacy to provide optimal recommendations for Android smartphone users. The research methodology entails a meticulous comparison of malware detection and labeling outcomes between various antivirus programs within Virustotal and the labeling system employed by the Euphony application. The comparative results are categorized into three groups: antivirus solutions proficient in identifying specific malware types, those detecting malware presence without categorization, and antivirus software failing to detect malware effectively. The experimental findings present the five leading antivirus solutions, ranked from the highest to lowest scores, as Ikarus, Fortinet, ESET-NOD32, Avast-Mobile, and SymantecMobileInsight. Based on the comprehensive assessment conducted in this study, these solutions are recommended as the top antivirus choices. These recommendations are poised to significantly aid users in selecting the most suitable antivirus protection for their Android smartphones.</p>

Digital Literacy, Skills, and Security: Impact on Digital Leadership in Higher Education

This research examines the influence of digital literacy and social media usage skills on digital leadership in higher education and the moderating role of digital security and antivirus software. This research uses the path analysis method with Smart PLS 4.0 software. They were conducted from January to February 2024, involving 100 management program students using the saturated sampling method. The research results show that digital literacy and social media usage skills positively and significantly affect digital leadership. Digital security also has a positive impact on digital leadership. However, the hypothesis regarding antivirus and security systems as moderating variables was rejected, indicating that they did not increase the influence of digital security or social media skills on digital leadership. This research contributes to developing university curricula and leadership programs by integrating aspects of digital security. The model successfully identified significant influences on digital leadership with high reliability and validity. The rejection of some moderation hypotheses suggests that further research is needed to understand the dynamics between these variables, paving the way for refining the model and exploring other influencing factors.

Prediction of novel malware using hybrid convolution neural network and long short-term memory approach

The rapid evolution of network communication technologies has led to the emergence of new forms of malware and cybercrimes, posing significant threats to user safety, network infrastructure integrity, and data privacy. Despite efforts to develop advanced algorithms for detecting malicious activity, constructing models that are both accurate and reliable remains a challenge, especially in handling vast and dynamically shifting data patterns. The prevalent bag-of-words (BOW) method, while widely used, falls short in capturing crucial spatial and sequence information vital for detecting malware patterns. To address this challenge, the work presented in this paper proposes hybrid convolution neural network-long short-term memory network (CNN-LSTM) combination models, leveraging CNN's spatial information extraction and LSTM's temporal modeling capabilities. Focused on predicting the infiltration of malicious software into personal computers, the proposed hybrid CNN-LSTM model considers factors such as location, firmware version, operating system, and anti-virus software. The proposed models undergo training and evaluation using Microsoft's malware dataset, demonstrating superior performance compared to traditional CNN and LSTM models. The CNN-LSTM model achieves an impressive accuracy of 95% on the Microsoft malware dataset, highlighting its effectiveness in malware detection.

Early mitigation of CPU-optimized ransomware using monitoring encryption instructions

Ransomware attacks pose a significant threat to information systems. Server hosts, including cloud infrastructure as a service, are prime targets for ransomware developers. To address this, security mechanisms, such as antivirus software, have proven effective. Moreover, research on ransomware detection advocates for behavior-based finding mechanisms while ransomware is in operation. In response to evolving detections, ransomware developers are now adapting an optimized design tailored for CPU architecture (CPU-optimized ransomware). This variant can rapidly encrypt files, potentially evading detection by traditional antivirus methods that rely on fixed time intervals for file scans. In ransomware detection research, numerous files can be encrypted by CPU-optimized ransomware until malicious activity is detected. This study proposes an early mitigation mechanism named CryptoSniffer, which is designed specifically to counter CPU-optimized ransomware attacks on server hosts. CryptoSniffer focuses on the misuse of CPU architecture-specific encryption instructions for swift file encryption by CPU-optimized ransomware. This can be achieved by capturing the ciphertext in user processes and thwarting file encryption by scrutinizing the content intended for writing. To demonstrate the efficacy of CryptoSniffer, the mechanism was implemented in the latest Linux kernel, and its security and performance were systematically evaluated. The experimental results demonstrate that CryptoSniffer successfully prevents real-world CPU-optimized ransomware, and the performance overhead is well-suited for practical applications.

Analysis of problems and countermeasures in computer network engineering security

This paper analyzes the existing security issues in computer network engineering and proposes a series of countermeasures. To address the problems of hacker attacks and information leakage, it is recommended to strengthen network monitoring and the application of encryption technology. For the issues of malware and virus dissemination, it is advised to regularly update antivirus software and enhance employee security awareness training. Regarding network data leakage and privacy breaches, the use of secure transmission protocols and multi-factor authentication technology is advocated. For network security management and maintenance issues, establishing a sound security management system and emergency response plans is recommended to ensure the stable operation of network systems. Through the implementation of the above measures, the security level of computer network engineering can be effectively improved, ensuring the normal operation of network systems and the security of information.

Cyber Threats in the Health Sector in the DRC: Risks, Opportunities, Consequences and Preventive Measures

While hackers ravage the world, social media, banking and other accounts are hacked every day, but cyber threats in DRC are not taken very seriously. There is a total negligence on the part of the country's authorities and hospital managers and human lives are in danger. one of the large hospitals of Kinshasa HJ Hospital has always been faced with multiple problems concerning its system. Once I left to get tested, I found a crowd waiting for the results because their system was blocked. It took almost a week to find a solution to this problem. But no statement has been released regarding this issue. lives are in danger; personal data is not protected and no one is complaining. We encounter many diverse cases across the country. With a country of more than 100 million inhabitants, the country cannot escape this scourge. As in many other countries, healthcare facilities in the DRC are increasingly dependent on IT systems to manage patient records, appointments, medical prescriptions and other critical aspects of their operation. However, this increased reliance on information and communications technology (ICT) also exposes healthcare organizations to various online threats, such as cyberattacks, malware, ransomware, and data theft. These threats can have serious consequences, including disruption of healthcare services, disclosure of confidential patient data and even endangering lives. To combat these threats, it is crucial that healthcare facilities in the DRC implement robust cybersecurity measures. This includes raising staff awareness of IT security practices, implementing effective firewalls and antivirus software, regularly backing up data, and training and educating users on how to recognize and report malware. suspicious online activities. Additionally, close collaboration between health authorities, regulators, healthcare providers and cybersecurity experts is essential to develop effective policies and protocols to protect healthcare infrastructure and data from cyber threats. constantly evolving. 1 Published by Maxime Gautier, December 13 2023 We decided to put together this article to be able to enlighten the entire Congolese community, more specifically health establishments, and warn them about the dangers and risks of technology.

A Formal Concept Analysis approach to hierarchical description of malware threats

The problem of intelligent malware detection has become increasingly relevant in the industry, as there has been an explosion in the diversity of threats and attacks that affect not only small users, but also large organisations and governments. One of the problems in this field is the lack of homogenisation or standardisation in the nomenclature used by different antivirus programs for different malware threats. The lack of a clear definition of what a category is and how it relates to individual threats makes it difficult to share data and extract common information from multiple antivirus programs. Therefore, efforts to create a common naming convention and hierarchy for malware are important to improve collaboration and information sharing in this field.Our approach uses as a tool the methods of Formal Concept Analysis (FCA) to model and attempt to solve this problem. FCA is an algebraic framework able to discover useful knowledge in the form of a concept lattice and implications relating to the detection and diagnosis of suspicious files and threats. The knowledge extracted using this mathematical tool illustrates how formal methods can help prevent new threats and attacks. We will show the results of applying the proposed methodology to the identification of hierarchical relationships between malware.

Deep Learning-Based Detection of Android Malware using Graph Convolutional Networks (GCN)

The study is centered around identifying Android malware using deep learning methods through Graph Neural Networks (GNNs) and Graph Convolutional Networks (GCNs). With Android being widely used worldwide ensuring the security of released applications poses a challenge. Conventional malware detection techniques, like dynamic analysis have limitations in recognizing new malware types leading to a shift towards machine learning and deep learning solutions. The research introduces a malware detection system that employs GNNs particularly focusing on GCNs to analyze the relationships within an applications code by transforming APK files into graph formats. The system follows stages including data gathering, feature extraction, graph construction, model training and implementation. By concentrating on function call graphs the system proves effective in identifying software surpassing traditional machine learning methods in terms of accuracy, precision, recall and F1 score. The GCN based model shows enhancements over approaches with an accuracy rate of 95% compared to 89%, for traditional machine learning models. This progress highlights the potential of learning techniques in bolstering Android security. The system excels not in identifying software but also proves versatile, for different uses like screening apps, in stores and functioning as a standalone antivirus program.

Small Steps, Big Security: TAM-Powered Insights of Cybersecurity Adoption Among Small-And-Medium Entrepreneurs in Digital Business

Embracing digital business enhances company resilience, yet small and medium-sized enterprises (SMEs) often lack resources to combat cyber threats, unlike larger enterprises. Sophisticated cyberattacks surpass standard antivirus software, necessitating a shift in cybersecurity strategies. Therefore, this study aimed to investigate the relationship between knowledge, perceived usefulness, perceived ease of use, and the adoption of cybersecurity among small-and-medium entrepreneurs in Perak, Malaysia. Guided by the Technology Acceptance Model (TAM), this ongoing research employed a quantitative approach by distributing questionnaires to 400 digital entrepreneurs in the small and medium-sized business sectors in Perak. The findings revealed that the majority of entrepreneurs possessed a relatively high level of knowledge about cybersecurity. Furthermore, the study identified a strong positive correlation between knowledge and perceived usefulness (correlation coefficient r = 0.639), as well as a moderately positive correlation between knowledge and perceived ease of use (correlation coefficient r = 0.435) among small and medium entrepreneurs in Perak. Consequently, this study contributes to a better understanding of the Technology Acceptance Model (TAM) within the context of perceived usefulness, perceived ease of use, and the adoption of cybersecurity, thereby enriching the existing literature on cybersecurity among small and medium entrepreneurs in the era of digital business.

Dynamic behaviors of a modified computer virus model: Insights into parameters and network attributes

Securing computers is crucial to prevent data breaches, identity theft, and financial losses. Virus incursions disrupt operations, causing downtime and costly repairs. Protective measures, including anti-virus software and cybersecurity practices, maintain network integrity and reduce the spread of malware. Combining robust cybersecurity with green computing strategies ensures efficient energy usage and sustainable network environments, safeguarding against viruses while contributing to both security and environmental goals In this study, we explore the dynamic behaviors of a modified version of the computer virus model and elucidate the connection between its parameters and network attributes. We employ Banach’s and Schaefer’s fixed-point theorems to assess the existence and uniqueness of solutions of the suggested model. Furthermore, we establish sufficient conditions for Ulam–Hyers stability within the envisioned computer virus model. To analyze solution trajectories and the impact of various input factors on computer virus dynamics, we utilize an efficient numerical technique, providing insight into the relationships between model parameters and enabling the design of networks that minimize the risk of virus outbreaks under various bifurcation conditions.

Advanced Techniques of Malware Evasion and Bypass in the Age of Antivirus

The use of antivirus software as the main line of protection against growing cyber threats highlights the necessity of comprehending and resolving its limits. This study provides light on the ease of use and accessibility of tools used by hackers by carefully examining the complex terrain of malware evasion and bypass tactics. The persistent evolution of malware evasion and bypass techniques presents a significant cybersecurity challenge. The main objective is to educate users about the ever-changing hazards and provide them with the knowledge they need to properly strengthen their digital defenses. The literature analysis highlights the necessity for continued attention by establishing a strong correlation between the effectiveness of evasion strategies and their age and popularity. While modern antivirus software shows strong resistance against a range of tried-and-true techniques when updated on a regular basis, the study reveals a crucial component in its testing. This entails applying simple yet effective tweaks to well-known evasion techniques, demonstrating their capacity to fool even the most recent antivirus software. A thorough examination of malware evasion tactics, including both on-desk and in-memory approaches, is given in the methods section. Packing, obfuscators, protectors, reflective DLL injection, remote process memory injection, process hollowing, and inline hooking are all covered in detail in this paper. Subsequently, the study delves deeper into distinct evasion strategies, such defensive evasion through direct system calls and sophisticated evasion tactics, showcasing malware developers' versatility in evading antivirus and endpoint detection and response (EDR) systems.

Justification of the choice of the approach to the determination of the invariant component in the behavior of polymorphic (metamorphic) malware on the basis of reducing the dimensionality of the sign space

The evolution of malware use scenarios necessitates the development of effective strategies to neutralise their destructive impact. One of the most threatening types of malware is polymorphic (metamorphic) viruses, as they are largely able to evade detection by intrusion detection systems, information security management (security events), antivirus software and systems for proactive detection of atypical threats and targeted attacks on endpoints due to their ability to change their own signature. In addition, there has been a rapid increase in recent cyber incidents involving the use of polymorphic (metamorphic) malware. The main reason for this growth is the availability of artificial intelligence technologies that allow attackers to modify the code of already classified malware quickly and efficiently, without requiring significant specialised technical competence. A comparative analysis of existing approaches to detecting polymorphic, oligomorphic and metamorphic malware is carried out. It is found that no group of methods uses to its advantage the key feature of polymorphic (metamorphic) malware – invariant behaviour by a certain subset of features that characterise the same vector of destructive impact of malware. With a view to neutralising the property of modification of its own code by polymorphic (metamorphic) malware, the article proposes an approach to determining its invariant component during behavioural analysis based on a combination of the advantages of behavioural analysis and machine learning techniques – reducing the dimensionality of the studied feature space. Such an approach will potentially allow determining the invariant behaviour of malware as a subset of the studied features for each known type of malware, which in turn forms the basis for implementing a new approach to the effective detection of modified (advanced) malware.

Detection of Phishing Websites by Using URL Analysis

Abstract: In recent years, with the increasing use of mobile devices, there is a growing trend to move almost all real-world operations to the cyberworld. Although this makes easy our daily lives, it also brings many security breaches due to the anonymous structure of the Internet. Used antivirus programs and firewall systems can prevent most of the attacks. However, experienced attackers target on the weakness of the computer users by trying to phish them with bogus webpages. These pages imitate some popular banking, social media, e-commerce, etc. sites to steal some sensitive information such as, user-ids, passwords, bank account, credit card numbers, etc. Phishing detection is a challenging problem, and many different solutions are proposed in the market as a blacklist, rule-based detection, anomaly-based detection, etc. In the literature, it is seen that current works tend on the use of machine learning-based anomaly detection due to its dynamic structure, especially for catching the “zero-day” attacks. In this paper, we proposed a machine learning-based phishing detection system by using eight different algorithms to analyse the URLs, and three different datasets to compare the results with other works. The experimental results depict that the proposed models have an outstanding performance with a success rate.

Internet fraud as one of the types of fraud

The article investigates the current aspects of internet fraud in the context of the coronavirus pandemic and the Russian-Ukrainian war. The increased use of the Internet during quarantine and wartime creates new opportunities for scammers, who exploit this situation to deceive people. Emotional instability, financial problems, and the spread of misinformation also contribute to the growth of fraud online. The article analyzes the legislative approach to combating fraud in Ukraine and identifies the specifics of this type of criminal offense. Due to the accessibility of the Internet, scammers quickly adapt their schemes to the digital environment, making network users more vulnerable. The explores the diversity of methods and types of internet fraud, including phishing, cryptocurrency fraud, social engineering, and other schemes. The authors provide data from the «Data Breach and Incident Response» (DBIR) report. Methods such as phishing, farming, fraud through social media and email, as well as manipulations with ICOs and crypto investment funds, are examined in detail. Special attention is paid to fraud in wartime, mentioning fundraising for military purposes, deceptive schemes with family announcements, and fake evacuation messages. The level of vulnerability of users, geographical features, and the age category most often targeted by internet fraud are evaluated. The article also discusses the aspect of computer equipment, mobile devices, and other means of accessing the Internet used by criminals to carry out fraudulent activities. The authors emphasize the prevalence of internet fraud, where perpetrators attempt to hack websites of government organizations, banks, or media to obtain confidential information or spread fake news. Measures to combat this phenomenon are proposed. Various types of internet fraud and methods of prevention are examined in detail, including software updates, installation of antivirus software, use of strong passwords, and two- factor authentication. It is noted that awareness and a responsible approach to protection on the Internet are key to preventing fraud. Additionally, the criminal liability for fraud in Ukraine and the possibility of strengthening this liability in wartime are discussed.