Threat Landscape Research Articles

A review of smart vehicles in smart cities: Dangers, impacts, and the threat landscape

A review of smart vehicles in smart cities: Dangers, impacts, and the threat landscape

A novel cyber threat intelligence platform for evaluating the risk associated with smart agriculture

The rapid proliferation of Internet of Things (IoT) devices has brought about a profound transformation in our daily lives and work environments. However, this proliferation has also given rise to significant security challenges, as cybercriminals increasingly target IoT devices to exploit vulnerabilities and gain access to sensitive data. This escalating threat landscape poses a severe issue across diverse domains where IoT is deployed, including agriculture, healthcare, and surveillance. In the realm of agriculture, where farmers have historically contended with pests and environmental challenges, a new adversary has emerged in the form of cyber criminals. The agriculture sector has witnessed a surge in cyber-attacks targeting smart agriculture solutions despite being a relatively recent addition to the industry. Farmers may not have control over the actions of cyber adversaries, but they possess the ability to make informed purchasing decisions when adopting smart farming solutions and implementing fundamental security measures, such as robust user credentials and regular system updates. In this regard, this research introduces a groundbreaking approach to addressing the cybersecurity concerns associated with smart agriculture–deception technology. Overall, deception technology involves the creation of deceptive elements, including decoys, traps, and false information, designed to divert cybercriminals away from genuine data and systems where this research presents a novel cyber threat intelligence platform that leverages deception technology to assess and mitigate the risks associated with smart agriculture as the first of its kind research. Based on the insights derived from the experimental work, actionable recommendations would be provided to relevant stakeholders on how to mitigate cyber risks and bolster the security posture of IoT-enabled smart agriculture. Overall, this innovative approach represents a significant step towards safeguarding the increasingly interconnected world of smart agriculture, offering a promising avenue for defending against the escalating cyber threats faced by this vital industry.

Social Engineering Attack in the Era of Generative AI

A significant cybersecurity risk arises when sophisticated artificial intelligence (AI) is combined with social engineering. The aim of this study was to assess how much the sophistication and skills of social engineering are enhanced through advanced AI techniques. The study found that generative AI has revolutionized social engineering in six key areas: multi-channel attack vectors, automated infrastructure for social engineering campaigns, advanced personalization, the development of evasion and obfuscation tactics, and the creation of hyper-realistic content. The study also proposed a framework to recognize the evolving threat landscape, termed the Generative AI Social Engineering Framework. It highlights how structured and organized AI can be leveraged in deceptive social engineering tactics by integrating elements from machine learning, cybersecurity, and human-computer interaction. Besides showing up the vulnerabilities, the research also lays out recommendations to safeguard organizations and individuals in order to attain digital resilience.

Labeling Network Intrusion Detection System (NIDS) Rules with MITRE ATT&CK Techniques: Machine Learning vs. Large Language Models

Analysts in Security Operations Centers (SOCs) are often occupied with time-consuming investigations of alerts from Network Intrusion Detection Systems (NIDSs). Many NIDS rules lack clear explanations and associations with attack techniques, complicating the alert triage and the generation of attack hypotheses. Large Language Models (LLMs) may be a promising technology to reduce the alert explainability gap by associating rules with attack techniques. In this paper, we investigate the ability of three prominent LLMs (ChatGPT, Claude, and Gemini) to reason about NIDS rules while labeling them with MITRE ATT&CK tactics and techniques. We discuss prompt design and present experiments performed with 973 Snort rules. Our results indicate that while LLMs provide explainable, scalable, and efficient initial mappings, traditional machine learning (ML) models consistently outperform them in accuracy, achieving higher precision, recall, and F1-scores. These results highlight the potential for hybrid LLM-ML approaches to enhance SOC operations and better address the evolving threat landscape. By utilizing automation, the presented methods will enhance the analysis efficiency of SOC alerts, and decrease workloads for analysts.

Future threat landscapes: The impact on intelligence and security services

This article examines the evolving nature of antagonistic threats in the context of intelligence and security services, with a focus on small and medium-sized countries. It explores the impact of hybrid threats and non-linear warfare in an increasingly blurred security landscape between war and peace. The study aims to understand the emerging dynamics of the grey zone and the new challenges these evolving threats pose to intelligence and security services. The article adopts a qualitative methodology, drawing on global examples and including the strategic use of hybrid warfare by both state and non-state actors. In addition, the study examines technological advancements, particularly in artificial intelligence (AI) and machine learning (ML), to assess their role in shaping modern threats. The article argues that modern antagonistic threats differ from traditional ones in both intensity and complexity. Hybrid threats operate across multiple domains, blending military and non-military tactics while exploiting societal vulnerabilities. The article highlights the growing importance of AI and ML in both offensive and defensive strategies as well as the challenges posed by rapid technological advancements beyond state control. The article concludes that intelligence and security services must adapt to these multi-dimensional threats by embracing flexible integrated strategies. Enhanced international collaboration, advanced technological integration, and a focus on resilience will be the key to countering hybrid threats. The findings underscore the need for intelligence services to operate beyond traditional boundaries to effectively manage the complexities of future security environments.

Low-impact, near real-time risk assessment for legacy IT infrastructures

In an era where cybersecurity threats are evolving at an unprecedented pace, this paper introduces a methodology for near real-time risk assessment of high-profile, high security infrastructures, where data security and operational continuity inherently limits observability. Our approach addresses the challenges of this limited observability and minimized disruption, offering a new perspective on processing and evaluating cybersecurity knowledge. We present an innovative method that leverages attack graphs and attacker behavior analysis to assess risks and vulnerabilities. Our research includes the development of an automated risk assessment mechanism, graphical security modeling, and a Markov chain-based model for attacker behavior. Our methodology utilizes a blend of direct and indirect event sources, incorporating an attacker behavioral model based on a random walk method akin to Google’s PageRank. The proof-of-concept solution calculates potential risk according to the actual threat landscape, providing a more accurate and timely assessment.

Securing the Future of E-Commerce: How Scalable Software Transforms Online Shopping

The exponential growth of e-commerce has necessitated robust security measures to protect digital transactions and consumer data. This technical exploration delves into how scalable software architectures revolutionize online shopping security through advanced encryption, authentication, and fraud prevention mechanisms. The transformation of traditional security approaches through zero-trust initiatives, multi-factor authentication, and microservices architecture demonstrates significant improvements in threat detection and response capabilities. Machine learning and artificial intelligence enhance real-time fraud detection, enabling instantaneous transaction analysis while maintaining seamless customer experiences. Behavioral biometrics, device intelligence, and collaborative threat detection networks further strengthen the security infrastructure. The implementation of comprehensive security frameworks, including tokenization and encrypted payment processing, not only safeguards sensitive data but also builds consumer trust. Enhanced compliance measures and transparent security policies establish a foundation for sustainable e-commerce growth, while adaptive security systems continuously evolve to counter emerging threats, ensuring the resilience of digital retail platforms in an increasingly complex threat landscape.

Risk Mitigation Approach to Cyber Threat using AI-Driven Models for the Evolving Threat Landscape

Risk Mitigation Approach to Cyber Threat using AI-Driven Models for the Evolving Threat Landscape

Mitigating Cyber Attacks for Organization Assets using UEBA (User and Entity Behavior Analytics) and other Machine Learning Solutions from Cloud Security Threats: A Literature Review

User and Entity Behavior Analytics has been one of the key steppingstones towards protecting valuable data and information for organizations that decided to store their assets in a cloud-based storage. The implications suggest that third-party software may not be as reliable as these are prone to attacks due to its accessibility and vulnerable nature. This study aims to provide a comprehensive review that covers User and Entity Behavior Analytics (UEBA) and other machine learning techniques to effectively mitigate cyberattacks and protect organizational assets from cloud-based security threats. The objective is to identify and analyze anomalous user and entity behaviors that may indicate potential cyberattacks and provide recommendations for organizations to enhance their cloud security posture and minimize the risk of data breaches and other security incidents. The research covers some of the algorithms used in detecting anomalies such as Isolation Forest, Deep Autoencoder, and Linear Regression, and emphasizes the adaptability of these chosen algorithms to the dynamic landscape of cyber threats, especially in cloud environments. By arriving at a cohesive integration of machine learning algorithms, this study advocates for a holistic approach that aligns with evolving security challenges. Ultimately, the significance lies in offering a nuanced perspective on effective cyber threat mitigation strategies, contributing to the broader conversation on securing organizational assets in the face of evolving cybersecurity landscapes.

Enhanced Grey Wolf Optimization (EGWO) and random forest based mechanism for intrusion detection in IoT networks

Smart devices are enabled via the Internet of Things (IoT) and are connected in an uninterrupted world. These connected devices pose a challenge to cybersecurity systems due attacks in network communications. Such attacks have continued to threaten the operation of systems and end-users. Therefore, Intrusion Detection Systems (IDS) remain one of the most used tools for maintaining such flaws against cyber-attacks. The dynamic and multi-dimensional threat landscape in IoT network increases the challenge of Traditional IDS. The focus of this paper aims to find the key features for developing an IDS that is reliable but also efficient in terms of computation. Therefore, Enhanced Grey Wolf Optimization (EGWO) for Feature Selection (FS) is implemented. The function of EGWO is to remove unnecessary features from datasets used for intrusion detection. To test the new FS technique and decide on an optimal set of features based on the accuracy achieved and the feature taking filters, the most recent FS approach relies on the NF-ToN-IoT dataset. The selected features are evaluated by using the Random Forest (RF) algorithm to combine multiple decision trees and create an accurate result. The experimental outcomes against the most recent procedures demonstrate the capacity of the recommended FS and classification methods to determine attacks in the IDS. Analysis of the results presents that the recommended approach performs more effectively than the other recent techniques with optimized features (i.e., 23 out of 43 features), high accuracy of 99.93% and improved convergence.

Toward risk analysis of the impact of artificial intelligence on the deliberate biological threat landscape.

The perception that the convergence of biological engineering and artificial intelligence (AI) could enable increased biorisk has recently drawn attention to the governance of biotechnology and AI. The 2023 Executive Order, Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, requires an assessment of how AI can increase biorisk. Within this perspective, quantitative and qualitative frameworks for evaluating biorisk are presented. Both frameworks are exercised using notional scenarios and their benefits and limitations are then discussed. Finally, the perspective concludes by noting that assessment and evaluation methodologies must keep pace with advances of AI in the lifesciences.

Fortifying Organizational Cyber Resilience: An Integrated Framework for Business Continuity and Growth amidst Escalating Threat Landscapes

Fortifying Organizational Cyber Resilience: An Integrated Framework for Business Continuity and Growth amidst Escalating Threat Landscapes

Exploring Cyber Insurance: A Strategic Shield against Modern Threats

In today’s digitally transformed global business ecosystem, organizations face unprecedented cybersecurity challenges that threaten their financial stability and reputation. As technological vulnerabilities grow increasingly complex and pervasive, cyber insurance has become a critical tool for risk mitigation. It provides comprehensive financial protection and robust support against the evolving landscape of digital threats. This research paper examines the multifaceted dimensions of cyber insurance by synthesizing theoretical insights and practical considerations. It explores the complex ecosystem of cyber insurance, focusing on its two primary coverage types: first-party protection, which addresses direct organizational losses, and third-party coverage, which manages external liabilities. Through a systematic analysis, the study delves into the fundamental components of cyber insurance, the intricate dynamics of the market, rigorous assessment methodologies, and its strategic importance within modern organizational risk management frameworks. The paper concludes by highlighting the potential of cyber insurance to do more than merely protect organizations. It argues that cyber insurance can actively support sustainable digital transformation, making it a crucial enabler of organizational resilience in an era of persistent and evolving technological challenges

Intelligent Incident Response Systems Using Machine Learning

Machine learning (ML) is revolutionising cybersecurity by enhancing the ability to predict, detect, and respond to cyber threats. By leveraging advanced algorithms, ML systems can analyse vast datasets in real-time, identify patterns, and automate responses, addressing the challenges of increasingly sophisticated cyberattacks. This paper explores the transformative impact of machine learning in cybersecurity, highlighting key tasks such as classification, anomaly detection, and natural language processing. It also discusses future research directions, including explainable AI, adversarial machine learning, federated learning, and privacy-preserving techniques. The cybersecurity community can develop more robust and adaptive defences by focusing on these innovative areas, ensuring a safer digital environment. Integrating machine learning into cybersecurity practices is crucial for navigating the evolving threat landscape and maintaining trust in digital systems.

Deep learning in cybersecurity: Enhancing threat detection and response

Deep learning (DL) has changed the cybersecurity domain by providing sophisticated tools for detecting and mitigating an evolving landscape of cyber threats. This study explores the application of deep learning techniques, including convolutional neural networks (CNNs) and recurrent neural networks (RNNs), in real-time threat detection and response. These models excel in identifying patterns and anomalies within vast and complex datasets, enabling accurate detection of malware, phishing attempts, and insider threats. Their ability to autonomously learn from diverse sources, such as network traffic, user behaviour, and system logs, enhances the efficacy of cybersecurity systems. Despite these advancements, the field faces significant challenges, including adversarial attacks designed to exploit vulnerabilities in deep learning algorithms. These attacks manipulate input data to deceive models, potentially bypassing security mechanisms and compromising critical systems. Addressing this issue requires a multi-faceted approach, integrating robust training methods, data augmentation, and defensive mechanisms such as adversarial training and gradient masking. Furthermore, explainability and interpretability of deep learning models remain crucial for building trust and improving decision-making in security operations. The paper also emphasizes the importance of a proactive, layered defense strategy to counteract sophisticated cyber threats. This includes combining deep learning with traditional cybersecurity measures and incorporating threat intelligence to enhance system resilience. By bridging the gap between state-of-the-art DL methodologies and practical applications in cybersecurity, this research provides a roadmap for improving threat detection and response capabilities, ultimately contributing to the development of secure, adaptive, and resilient cyber infrastructures.

“The Effect of Cyber Risk on Banks Profitability in Egypt”: An Empirical Analysis

Recent years have seen an impressive increase in the integration of financial technology or fintech in the global banking industry, resulting in product, service, and operational developments. Nowhere has this shift in focus been more pronounced than in fintech, a sector that has seen remarkable growth in Egypt. Nevertheless, this is not without its difficulties since integrating technology means that their banks are more susceptible to cyber risk, which could decrease its profitability. This research aims to assess whether cyber risk exerts a statistically significant negative impact on the profitability of banks in Egypt, utilizing a sample of 16 banks spanning the years 2017 to 2022. The study employs panel data analysis through STATA 14 for its investigation. The findings demonstrated that cyber risk has a negative significant effect on bank profitability, and this assumption was supported by the study's findings. According to the findings, cyber risk has a significant and negative impact on both ROA and GPM. As a consequence of this, it is necessary to incorporate preventative measures in order to deal with the constantly shifting cyber threat landscape. It is also essential to highlight the significant role that technology and data security play in ensuring that the banking industry remains robust and profitable in the digital era.

Dynamic Multi-Method Allocation for Intent-based Security Orchestration

In today's dynamic cybersecurity landscape, static and deterministic services orchestration which does not consider security as part of the orchestration process are proving insufficient against the evolving threat landscape. Security must be an intrinsic part of the orchestration processes. In this regard, this paper introduces an innovative paradigm shift: Intent & AI-based Optimized Security Orchestration. On the one hand, leveraging the capabilities of an Intent-based solution, this approach enables proactive and reactive threat mitigation in next generation heterogenous environments of the computing continuum, abstracting and homogenizing the complexity of underlying technologies. On the other hand, leveraging the capabilities of a dynamic allocation approach that applies different techniques for selecting the most suitable enforcement point (hardware/software) as well as the most suitable allocation for deploying/configuring them, always considering security properties during decision stages. Thus, the solution allows organizations adaptively optimizing resource allocation considering intent-based security requirements. The implementation considers different algorithms to perform the allocation decision depending on a variety of parameters. The performance has been also provided for validating the proposed solution. The results show that combining the security orchestrator with a Dynamic Allocation Engine improves the efficiency of decision making due to the ability to dynamically choose which algorithm is the most appropriate to solve the assignment problem in the best possible way and in the shortest possible time.

State Cyber Warfare: The Strategic Shift Towards Private Sector Targets

The strategic targeting of private sector infrastructure by state-sponsored cyber actors represents a fundamental transformation in modern warfare, with profound implications for national security and economic stability. Drawing on a comprehensive literature review and theoretical analysis, this research examines the drivers and consequences of this evolving cyber threat landscape. The findings indicate this strategic shift toward private sector targets serves multiple objectives for state actors, including technological competition, economic disruption, and the exploitation of vulnerabilities in critical infrastructure. By increasingly focusing cyber attacks on private enterprises rather than traditional government or military targets, nation-states are able to achieve strategic aims while maintaining plausible deniability and minimizing the risk of direct military confrontation. The study proposes new frameworks for enhanced public-private cooperation in cyber defense, as well as targeted policy measures to bolster the protection of essential private sector infrastructure. Addressing these emerging threats will require unprecedented levels of international collaboration and innovative approaches to cybersecurity, with significant ramifications for national security policy and global economic stability. Overall, this research provides a timely and in-depth examination of the evolving cyber warfare tactics employed by state actors, underscoring the need for a fundamental reassessment of traditional security paradigms in an increasingly interconnected digital world.

Optimized Deep Neuro-Fuzzy Networks for Enhanced Cyber Forensic Analysis in Iot-Driven Big Data Ecosystems

The rapid expansion of Internet of Things (IoT) ecosystems has significantly increased the complexity and scale of cyber forensic investigations, necessitating innovative and efficient analytical methods. This study proposes an Optimized Deep Neuro-Fuzzy Network (DNFN) framework designed to enhance forensic capabilities in IoT-driven big data environments. The framework synergizes the feature extraction strengths of deep learning with the interpretative advantages of fuzzy logic, while employing optimization algorithms to fine-tune its parameters for improved performance. The DNFN framework addresses key challenges such as data heterogeneity, dynamic threat landscapes, and resource constraints in IoT ecosystems. Extensive experimentation on benchmark datasets demonstrates the framework's ability to achieve high accuracy in detecting cyber anomalies, reduce false positive rates, and support comprehensive forensic analysis. The proposed approach is a significant step toward enabling scalable, interpretable, and robust cyber forensic solutions tailored for the evolving complexities of IoT-driven networks.

AI Driven Cybersecurity

The advent of Artificial Intelligence (AI) has revolutionized the field of cybersecurity by introducing advanced mechanisms for detecting, preventing, and mitigating cyber threats. This research explores the intersection of AI and cybersecurity, highlighting the transformative potential of AI-driven solutions in combating increasingly sophisticated cyberattacks. By leveraging machine learning, deep learning, and neural network algorithms, AI enhances real-time threat detection, predictive analytics, and anomaly detection across diverse digital infrastructures. This study evaluates current AI-driven cybersecurity frameworks, emphasizing their efficacy in handling dynamic threat landscapes and addressing the limitations of traditional methods. Additionally, it examines ethical considerations, such as the potential misuse of AI by malicious actors and the need for transparent AI systems. Through comprehensive analysis, this research underscores the importance of developing resilient AI models to secure critical data and infrastructure in an era of rapidly evolving cyber risks. The findings provide actionable insights for policymakers, organizations, and technology developers, advocating for collaborative efforts to harness AI’s potential while addressing its inherent challenges.