Targeted Cyber Attacks Research Articles

Threat modeling of industrial control systems: A systematic literature review

Threat modeling is the process of identifying and mitigating potential threats to a system. It was originally developed to enhance software security during the design phase but has since been adapted for Industrial Control Systems (ICSs). ICSs are complex and interconnected systems that control critical infrastructure, such as power plants, water treatment facilities, and manufacturing plants. As such, they are major targets for cyberattacks, which may lead to human casualties, severe national security impacts, and financial instability. This systematic literature review explores the existing threat modeling methodologies for ICSs and emphasizes the importance of employing methodical frameworks that cover safety, security, and privacy aspects with clear procedural guidelines. The review reveals that ICSs threat modeling often lacks validation to ensure that the used methodologies are effective in identifying and mitigating threats. This study emphasizes the need to develop and apply better validation metrics in case studies. The main goal of this review is to help cyber security researchers and practitioners in selecting a suitable threat modeling approach that facilitates the creation of ICSs with an acceptable level of security.

Special emergency situations and hazard control in German hospitals-A survey on the current state

In case of events such as acyber attack or amass casualty incident, ad hoc measures have to be taken in hospitals. As part of the critical infrastructure, hospitals are required by law to prepare, update and exercise alarm and emergency plans for various special situations. The processes and instruments involved for emergency response are defined in the hospital alert and emergency planning. The present study aims to explain with which resources and for which special situations hospitals are prepared. Aprospective, exploratory, anonymous survey of hospitals in Germany was conducted. Hospitals with both internal medicine and surgery departments were included. Out of 2497 hospitals listed in the German Hospital Directory ( www.deutsches-krankenhaus-verzeichnis.de ), 1049 met the inclusion criteria. After correcting for hospital groups with shared administrations, 850 employees were identified and contacted by e‑mail. Quality and risk management managers were asked about resources, risks, and content of their own hospital alert and emergency planning using astandardized questionnaire. The survey was conducted using the online platform EFS Survey (Tivian XI GmbH, Cologne) via www.unipark.de . Access to the survey was via anonpersonalized hyperlink. Apart from the size and type of hospital surveyed, no data were collected that would allow identification of an individual person. Of the participating hospitals 45% (n = 43) were primary care hospitals, 24% (n = 23) were specialty care hospitals, 10% (n = 9) were nonuniversity maximum care hospitals, and 21% (n = 20) were university maximum care hospitals. In total 95 hospitals participated in the survey, of which 98% (n = 93) reported having ahospital alert and emergency plan. Preparation for individual scenarios varied widely. Of the participating hospitals 45% (n = 43) reported having been the target of cyber attacks with an emphasis on maximum care hospitals (55%, n = 11 of 20). Technical redundancy for computer systems is available in 67% (n = 63) of participating hospitals, while independent means of communication exist in 50% (n = 47) of hospitals. Aphysician-staffed crisis and disaster management unit existed in 60% (n = 56) of the surveyed hospitals. At least apart time position for planning issues was installed in 12hospitals. Most participating hospitals are aware of the need for ahospital alert and emergency plan and have various scenario-specific plans in place. Especially mass casualty events, fire and hospital evacuation scenarios are uniformly covered among participating hospitals; however, gaps appear to exist not only for chemical, biological or radionuclear situations but also especially in the area of extreme weather events and infrastructure failures. Only about two thirds of all participating hospitals have contingency plans for water supply and/or heating failures. An important limitation of the study is the comparatively low response rate of 12.9% (n = 95 of 850). While primary care hospitals were underrepresented in the study, 32% of Germany's larger hospitals (> 800 beds) participated. In the future, there is aparticular need to engage enough medical staff in the area of hospital alert and emergency planning and refunding of these measures by hospitals.

Design a Hybrid Algorithm for Data Encryption to Implementation in Database

In an era where digital data is increasingly prevalent, data encryption has become essential to information security. Because databases usually contain sensitive and significant data and are a popular target for cyberattacks, robust encryption solutions are necessary. This research proposes a novel hybrid encryption method that combines symmetric and asymmetric encryption approaches to safeguard databases. The recommended approach combines the security of asymmetric encryption with the speed of symmetric encryption to provide a dependable and efficient data protection solution. This paper introduces hybrid techniques by combining the two most essential algorithms AES and RSA algorithms with XORed Operation. This hybrid encryption algorithm provides more security as compared to existing hybrid algorithms. The implementation and result are also derived in the paper.

Edge propagation for link prediction in requirement-cyber threat intelligence knowledge graph

Critical information infrastructure (CII) is a critical component of national socioeconomic systems and one of the primary targets of cyberattacks. Unfortunately, CII's security administration struggles to keep up with the rapidly evolving and complex cyber threats. In this research, we combine cybersecurity threat intelligence (CTI) with management security requirements (SR) data to construct a knowledge graph (KG) named RCTI and predict new knowledge on the heterogeneous graph. In addition, we propose EGNN, a novel GNN-based model that defines the representation of edges and develop an algorithm for propagating edge information. Experiments on three public datasets and the RCTI graph show that the EGNN achieves state-of-the-art performance. Finally, we use the EGNN model to predict new links on the RCTI graph, which by manual analysis achieves a 97% connectivity rate between the CTI and SR entities. Therefore, the EGNN can effectively detect management vulnerabilities and enhance CII's cybersecurity capability in the event of cybersecurity incidents.

A hybrid cyber defense framework for reconnaissance attack in industrial control systems

The convergence of information technology (IT) and operation technology (OT) has made Industrial Control Systems (ICS) a popular target for cyberattacks in recent years. Unlike traditional networks, enhancing availability is the ICS network's top priority rather than confidentiality in the CIA scheme. We propose a bio-inspired adaptive defense framework based on dissimilar redundancy, diversity, and adaptive defense strategies to achieve this aim. The proposed mechanism mixed optimal network shuffling and cyber deception techniques to maximise the time attackers spend on the decoys. Besides, to provide an extra layer of protection for system availability, we introduce dual heterogeneous subnets in the proposed framework that could be regenerated once compromised. We evaluate the performance of the proposed defense framework in a typical industrial manufacturing network using an SDN-based platform and test the defense framework in various scenarios. Compared with previous research, the simulation shows a considerable improvement in defense performance in the adaptive defense mode.

Cybersecurity, Safety, & Privacy Concerns of Student Support Structure for Information and Communication Technologies in Online Education

COVID-19 has created a dramatic paradigm shift in education methods, which forced schools and universities to abandon the usual in-person education in favor of online education modules. Such a shift has extended the time and use of internet communication technologies (ICTs) by most, making online education platforms primary cyberattack targets. In this context, this study aims to explore parents, educators, and other caregivers' concerns about online education and the cybersecurity of their children and students. Thus, we conducted a survey-based study with 983 participants recruited through popular crowdsourcing platforms: MTurk and Prolific. Our results indicate a lack of technical support following cyber safety that the students received with the sudden transition to online education. Over 31% of our participants claimed that they never or rarely receive any communication related to cyber safety from the students' educational institutions. Additionally, our analysis shows that the student support structure needs to be trained and informed on the threats faced by children online and on the ways to mitigate these threats. Finally, we find a statistically significant difference between parents, educators, and other caregivers regarding their perceptions of children's online privacy and cyber safety. We conclude this work by providing actionable recommendations to promote privacy-preserving and digitally secure online education.

Resilience against IT attacks in hospitals : Results from an exercise in aGerman university hospital

According to the legal definition healthcare systems and their components (e.g., hospitals) are part of the critical infrastructure of modern industrial nations. During the last few years hospitals increasingly became targets of cyber attacks causing severe impairment of their operability for weeks or even months. According to the German federal strategy for protection of critical infrastructures (KRITIS strategy), hospitals are obligated to take precautions against potential cyber attacks or other IT incidents. This article describes the process of planning, execution and results of an advanced table-top exercise which took place in a university hospital in Germany and simulated the first 3 days after acyber attack causing atotal failure of highly critical IT systems. During afirst stage lasting about 8 months IT-dependent processes within the clinical routine were identified and analyzed. Then paper-based and off-line back-up processes and workarounds were developed and department-specific emergency plans were defined. Finally, selected central facilities such as pharmacy, laboratory, radiology, IT and the hospitals crisis management team took part in the actual disaster exercise. Afterwards the participants were asked to evaluate the exercise and the hospitals cyber security using aquestionnaire. On this basis the authors visualized the hospital's resilience against cyber incidents and defined short-term, medium-term and long-term needs for action. Of the participants 85% assessed the exercise as beneficial, 97% indicated that they received adequate support during the preparations and 75% had received sufficient information; however, only 34% had the opinion that the hospital's and their own preparedness against critical IT failures were sufficient. Before the exercise took place, IT-specific emergency plans were present only in 1.7% of the hospital facilities but after the exercise in 86.7% of the clinical and technical departments. The highest resilience against cyber attacks was not surprisingly reported by facilities that still work routinely with paper-based or off-line processes, the IT department showed the lowest resilience as it would come to acomplete shutdown in cases of atotal IT failure. The authors concluded that the planning phase is the most important stage of developing the whole exercise, giving the best opportunity for working out fallback levels and workarounds and through this strengthen the hospitals resilience against cyber attacks and comparable incidents. Ameticulous preparedness can minimize the severe effects atotal IT failure can cause on patient care, staff and the hospital as awhole.

“Cyber as sovereignty space: state transformation in the periphery of Europe”

ABSTRACTThe debates over cyberspace and digitalization and their impact over sovereignty have recently had lively discussions in the literature of international relations. This sovereignty debate in the periphery of Europe regarding cyberspace is emerging and it has become an area in which national authorities have sought to claim their share. The paper analyses cyberspace and digitalization and how they have affected the understanding of sovereignty over cyberspace and how they have transformed the state in a specific country case study in the periphery of Europe. It achieves this by focusing on Albania. Cyberspace and digitalization have emerged as priorities for domestic politics, in which Tirana has endeavoured to act by applying the norms emerging internationally and they have been sources for the new role of Albanian institutions domestically. Albanian actors appear to have been less responsive to cyberspace responsibilities, by considering that Albania is not a powerful and rich enough to be a target of cyber attacks. In conditions where it has been responsive, the focus has been more on issues that concern general digitalization politics.

Securing Industrial Internet of Things Against Botnet Attacks Using Hybrid Deep Learning Approach

Industrial Internet of Things (IIoT) formation of richer ecosystem of intelligent interconnected devices while enabling new levels of digital innovation has essentially transformed and revolutionized global manufacturing and industry 4.0. Conversely, the prevalent distributed nature of IIoT, Industrial 5G, underlying IoT sensing devices, IT/OT convergence, Edge Computing, and Time Sensitive Networking makes it an impressive and potential target for cyber-attackers. Multi-variant persistent and sophisticated bot attacks are considered catastrophic for connects IIoTs. Besides, botnet attack detection is extremely complex and decisive. Thus, efficient and timely detection of IIoT botnets is a dire need of the day. We propose a hybrid intelligent Deep Learning (DL)-enabled mechanism to secure IIoT infrastructure from lethal and sophisticated multi-variant botnet attacks. The proposed mechanism has been rigorously evaluated with latest available dataset, standard and extended performance evaluation metrics, and current DL benchmark algorithms. Besides,cross validation of our results are also performed to clearly show overall performance. The proposed mechanisms outperforms in identifying accurately multi-variant sophisticated bot attacks. Besides, our proposed technique also show promising results in terms of speed efficiency.

ARJUNA: An accessible pin entry model in smartphones for persons with low vision

AbstractUser authentication is the cornerstone of providing secure access to the services in the digital ecosystem. Critical applications such as Banking use Personal Identification Number (PIN)‐based passwords and One Time Passwords (OTP), for transactions to strengthen security. However, persons with visual impairments have often been a soft target for cyber attacks as it is comparatively simpler to make them victims of various attacks. This paper proposes a model titled Accessible Robust Just‐in‐time Numerical Authentication (ARJUNA) to assist PIN entry in smartphones for people with visual impairments. This study has explored several cyber‐attacks on visually impaired users and proposed the ARJUNA model that provides a robust braille‐inspired PIN input for people with visual impairments. The proposed model is implemented as an Android application that users can easily access. Several experiments are conducted with visually impaired users to study the model's performance. The proposed ARJUNA model has shown supportive results in the user study. The robustness of ARJUNA against various attacks is also explored in this article.

The growing cyberthreat to critical national infrastructure

There is no more attractive target for cyber attackers – especially those linked to nation states – than critical national infrastructure (CNI). Organisations working in sectors that comprise CNI are subject to attacks ranging from ransom attempts to cyber war. Governments are becoming increasingly nervous about these threats, but often left the industry itself to do something about them. So what are the threats, how are they evolving and what do we do about them?

An approach to identification and forensic analysis of DNS attacks

Domain name resolution servers (DNS) perform a key function in establishing access to web pages. Because of their importance, they are constant targets for cyber-attacks, which aim to erase or replace some of their records, causing huge losses for users, companies and institutions worldwide. In Brazil, to prevent such attacks, a legal provision is established that criminally typifies the invasion of computer devices connected to the World Wide Web, which includes attacks on the DNS service. Still, cyber-attack identification is difficult as it depends on the correct application of means of protection, monitoring of network services and extraction and interpretation of data that allow the identification of criminal factors. The present work proposes a computational forensics approach to automatically detect the occurrence of a DNS cache poisoning attack, subsuming the elements that constitute the attack to the legal device, thus identifying the occurrence of a crime.

Risk-based contingency analysis for power systems considering a combination of different types of cyber-attacks

Substation with various communication and control devices has become a major target of cyber-attacks. In general, two main types of cyber-attacks can be performed on substations through direct intelligent electronic device connections from remote accesses or via compromising local substation supervisory control center and data acquisition systems, thus respectively resulting in different damage to the power systems. In this paper, the combination of two types of cyber-attacks on the power systems are considered. The generalized stochastic Petri net is utilized to simulate dynamic intrusion processes of these two types of cyber-attacks. Furthermore, the successful attack probabilities of cyber-attacks are calculated based on simulation results. Then, a probabilistic bi-level optimization model is proposed to identify critical components with the maximum cyber risk and the types of cyber-attacks. The two types of cyber-attacks initiated from substation space to individual components are particularly modeled in the proposed model. Finally, a two-stage algorithm using the network flow is proposed to solve the proposed model more efficiently. Simulation results tested on the IEEE RTS 24-bus and the 118-bus systems validate the effectiveness of the proposed model. Results also show that the devised algorithm can improve the computation performance in dealing with larger-scale power systems.

A hybrid ensemble machine learning model for detecting APT attacks based on network behavior anomaly detection

SummaryA persistent, targeted cyber attack is called an advanced persistent threat (APT) attack. The attack is mainly launched to gain sensitive information, take over the system, and for financial gain, which creates nowadays more hurdles and challenges for the organization in preventing, detecting, and recovering from such attacks. Due to the nature of APT attacks, it is difficult to detect them quickly. Therefore machine learning techniques come into these research areas. This study uses deep and machine learning models such as random forest, decision tree, convolutional neural network, multilayer perceptron and so forth to categorize and effectively detect APT attacks by utilizing publicly accessible datasets. The datasets used in this study are CSE‐CIC‐IDS2018, CIC‐IDS2017, NSL‐KDD, and UNSW‐NB15. This study proposes the hybrid ensemble machine learning model, a mixed approach of random forest and XGBoost classifiers. It has obtained the maximum prediction accuracy of 98.92%, 99.91%, 99.24%, and 97.11% for datasets CSE‐CIC‐IDS2018, CIC‐IDS2017, NSL‐KDD, and UNSW‐NB15, with a false positive rate of 0.52%, 0.12%, 0.62%, and 5.29% respectively. These results are compared to other closely related recent studies in the literature. Our experiment's findings show that our model has performed significantly better for all datasets.

Systematization of Cyber Threats in Maritime Transport

The paper proposes a classification of cyber-attacks at the present stage of maritime transport development. A classification system for ship blocks and port infrastructure has been developed. The vulnerabilities of the global navigation satellite system are analyzed; this system is the most important subcategory of maritime vehicles and may be a target for cyber-attacks. The paper shows that the rapid spread of cybercrime occurs due to the rapid development of new technologies and their integration into ship and port infrastructures. The main elements of the maritime transport infrastructure are considered: port infrastructure and ship infrastructure. IoT and Big Data can be examples of the spread of such systems. The ship's IT infrastructure, ship's electromechanical and electronic systems, communication systems, automatic identification systems, ship information system are considered. In the port infrastructure, port security systems, port equipment systems, port communication systems are analyzed. The main types of cyber-attacks to which the ship and port parts of the industry are exposed are considered. The signs of attacks on the Internet of things systems on ships and in ports are considered. The trend towards greater system integration cannot be reversed for economic reasons. Such integration makes it possible to reduce the size of the team, build autonomous ships, work in the smart ports system, and makes it possible to save various resources (time, human, fuel and organizational). The paper considers the practical directions and challenges facing the industry in terms of improving the security of maritime transport in cyberspace.

A Survey on National Cyber Emergency Plans

Operators of Essential services (OESs) and Critical infrastructures (CIs), whether private companies or public organizations are going through a digital transformation to pace with the evolution of technology and to bring better services to customers and countries’ citizens. Operational Technology (OT) systems like Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) used to control and monitor functions in such infrastructures are converging with Information Technology (IT) environments. This convergence has exposed infrastructures to new cyber risks. For this reason, EU Member States have been trying to build resilience against cyber-attacks to ensure the stable operation of their states. Several countries have established cybersecurity incident response procedures as well as steps or phases of response before, during, and after a cyber incident. The sum of these procedures and guidelines constitutes their national cyber emergency plans (NCEPs). Still, these NCEPs differ widely in their approaches. These differences manifest as both managerial, governmental, legal, and technical, creating a complex environment worldwide. In this paper, we gather four major NCEPs worldwide to analyze and compare them with prominent standards and industry guidelines in cybersecurity, like the ISO 27001 and NIST 800 series. We investigate NCEP approaches to building cyber resilience based on their response models, their involved entities, the cooperation between agencies and other countries, and their risk-based categorization for cyber incidents. We elaborate on their differences, potential issues and divergences and argue whether these plans can be combined to bridge potential weaknesses. We selected and surveyed four (4) cyber emergency plans from four (4) countries that are frequent targets of cyber-attacks and have long experience in managing and responding to cyber incidents.

Demand Analysis of the Cybersecurity Knowledge Areas and Skills for the Nurses: Preliminary Findings

The purpose of this paper is to present a preliminary analysis of the cybersecurity market demand in the nursing and health sector. Currently, the market demand study is ongoing under the Digital Europe Programme CyberSecPro project, which strengthens the role of higher education institutions as a provider of practical and working life skills. The project promotes reliable digital transformation in critical sectors, such as healthcare. The rapid development of e-health emphasizes the central position of cybersecurity in healthcare organizations that are increasingly the targets of cyber-attacks. This descriptive literature review explores what a nurse needs to know about cybersecurity. Our results show that awareness of cyber risks is weak in the healthcare sector. Understanding cyber risks and recognizing the effects of one's own activities increases the cybersecurity of the entire organization, therefore cybersecurity training for nurses should be increased. Our study suggested that nurses’ most important cyber skills are their own cyber-safe way of operations, identifying cyber threats related to equipment, identifying the effects of cyber disruptions, and acting in a cyber disruption situation. Future nurse training programs should be updated to include these skills. Additionally, the teaching of nurses must be developed so that it meets these competence needs.

Brute Force Attacks Detection on IoT Networks using Deep Learning Techniques

The Internet of Things (IoT) sector is expanding quickly, and its applications are becoming more prevalent in our day-to-day lives. Various protocols are used to control communication between IoT devices. The Message Queue Telemetry Protocol (MQTT), a simple and trustworthy communication protocol, is a well-known illustration of these protocols. However, MQTT-IoT networks have been the target of cyberattacks, which highlights the need for an effective intrusion detection system for spotting such attempts. The brute force attack is a common sort of such attacks. We suggest deep learning in this study as a means of automatically identifying brute force assaults on MQTT-IoT networks. We train the deep learning model with a large number of instances and a flow-based feature using the MQTT-IoT-IDS2020 dataset. With more than 99% accuracy in differentiating between regular and brute force attacks, the classification model is quite accurate in detecting such attempts

Remote Penetration Testing with Telegram Bot

The widespread of websites and web applications makes them the main target of cyber attacks. One way to increase security is to perform a penetration test. This test is carried out using the attacker's point of view to find out vulnerabilities on a website or web application and then exploit these vulnerabilities. The results of the penetration test can be used as recommendations to close the gaps that have been known through testing. Because penetration testing requires special resources such as tools and operating systems, a solution is needed to make penetration testing possible with low resources. Telegram bots that are open source offer a solution to overcome these problems. Using the SDLC waterfall approach, this bot was built to provide penetration testing services by connecting the Kali Linux server as a tools provider and the Telegram bot as an interface to users. As a result, users can access penetration testing tools anywhere and anytime via the Telegram bot. To ensure that the bot can run well, testing is carried out through black box testing and load testing. Telegram bot is a solution for integrated compact automatic mobile penetration tester with low resources. Based on load testing, the maximum limit of users who can access Telegram bots simultaneously is 35 users with the highest load average of 5.4. Based on the results of the User Acceptance Test, the Telegram bot has an acceptance rate score of 88,457 % and a questionnaire score of 774 which is an agreed area.

DATA SECURITY AND DATA BREACHES

: This research paper focuses on the topic of data security and data breaches specifically in web applications. As more businesses and organizations move their operations online, web applications have become a prime target for cyber attacks. This paper examines common vulnerabilities in web applications such as SQL injection, cross-site scripting, and insecure session management and how they can be exploited to gain unauthorized access to sensitive data. Venmo, a popular peer-to-peer mobile payment app, has faced several data breaches in recent years, raising concerns about the safety of user information. This research paper will also examine the causes and consequences of these data breaches and discusses best practices for secure web application development.