Search Results (124)

The rapid proliferation of ransomware variants necessitates more effective detection mechanisms, as traditional signature-based methods are increasingly inadequate. These conventional methods rely on manual feature extraction and matching, which are time-consuming and limited to known threats. This study addresses the escalating challenge of ransomware threats in cybersecurity by proposing a novel deep learning model, LSTM-EDadver, which leverages Generative Adversarial Networks (GANs) and Carlini and Wagner (CW) attacks to enhance malware detection capabilities. LSTM-EDadver innovatively generates adversarial examples (AEs) using sequential features derived from ransomware behaviors, thus training deep learning models to improve their robustness and accuracy. The methodology combines Cuckoo sandbox analysis with conceptual lattice ontology to capture a wide range of ransomware families and their variants. This approach not only addresses the shortcomings of existing models but also simulates real-world adversarial conditions during the validation phase by subjecting the models to CW attacks. The experimental results demonstrate that LSTM-EDadver achieves a classification accuracy of 96.59%. This performance was achieved using a dataset of 1328 ransomware samples (across 32 ransomware families) and 519 normal instances, outperforming traditional RNN, LSTM, and GCU models, which recorded accuracies of 90.01%, 93.95%, and 94.53%, respectively. The proposed model also shows significant improvements in F1-score, ranging from 2.49% to 6.64% compared to existing models without adversarial training. This advancement underscores the effectiveness of integrating GAN-generated attack command sequences into model training. Full article

The COVID-19 pandemic exposed critical vulnerabilities in global healthcare systems, particularly in data security and interoperability. This paper introduces the blockHealthSecure Framework, which integrates blockchain technology with advanced cybersecurity measures to address these weaknesses and build resilient post-pandemic healthcare systems. Blockchain’s decentralized and immutable architecture enhances the accuracy, transparency, and protection of electronic medical records (EMRs) and sensitive healthcare data. Additionally, it facilitates seamless and secure data sharing among healthcare providers, addressing long-standing interoperability challenges. This study explores the challenges and benefits of blockchain integration in healthcare, with a focus on regulatory and ethical considerations such as HIPAA and GDPR compliance. Key contributions include detailed case studies and examples that demonstrate blockchain’s ability to mitigate risks like ransomware, insider threats, and data breaches. This framework’s design leverages smart contracts, cryptographic hashing, and zero-trust architecture to ensure secure data management and proactive threat mitigation. The findings emphasize the framework’s potential to enhance data security, improve system adaptability, and support regulatory compliance in the face of evolving healthcare challenges. By bridging existing gaps in healthcare cybersecurity, the blockHealthSecure Framework offers a scalable, future-proof solution for safeguarding health outcomes and preparing for global health crises. Full article

Universities hold and process vast amounts of financial, user, and research data, which makes them prime targets for cybercriminals. In addition to the usual external threat actors, universities face a unique insider threat from students, who—alongside staff—may lack adequate cyber security training despite having access to various sensitive systems. This paper provides a focused assessment of the current cyber security threats facing UK universities, based on a comprehensive review of available information. A chronological timeline of notable cyber attacks against universities is produced, with incidents classified according to the CIA triad (Confidentiality, Integrity, Availability) and incident type. Several issues have been identified. Limited disclosure of attack details is a major concern, as full information is often withheld for security reasons, hindering institutions’ abilities to assess vulnerabilities thoroughly and respond effectively. Additionally, universities increasingly rely on third-party service providers for critical services, meaning that an attack on these external providers can directly impact university operations and data security. While SQL injection attacks, previously a significant issue, appear to have declined in frequency—perhaps reflecting improvements in defences—other threats continue to persist. Universities report lower levels of concern regarding DDoS attacks, potentially due to enhanced resilience and mitigation strategies; however, ransomware and phishing attacks remain prevalent. Insider threats, especially from students with varied IT skills, exacerbate these risks, as insiders may unknowingly or maliciously facilitate cyber attacks, posing ongoing challenges for university IT teams. This study recommends that universities leverage these insights, along with other available data, to refine their cyber security strategies. Developing targeted policies, strengthening training, and implementing international standards will allow universities to enhance their security posture and mitigate the complex and evolving threats they face. Full article

Hospitals that store sensitive patient medical records have recently faced issues such as the inability to recover medical data and breaches of patient privacy due to hacker attacks. These attacks on medical data often involve ransomware, which obfuscates the entire hospital’s data, making them inaccessible, and can also occur when hospitals share patient information during transfers of care. In this study, we propose a new authentication protocol to prevent and address such issues within hospital systems. The proposed protocol encrypts medical records on a private blockchain, allowing them to be securely shared among institutions, hospitals, and insurance companies, ensuring data recovery even if a ransomware attack paralyzes the server. Additionally, the protocol facilitates the systematic sharing of patient medical records between hospitals or between hospitals and insurance companies by distributing session keys. In this study, we demonstrate that the proposed protocol provides 11 security properties, including forward and backward secrecy, user untraceability, and resistance to replay attacks. We also evaluate the communication and computational costs, proving that the protocol is feasible for practical use. Full article

This paper explores the overall picture regarding healthcare security systems through an extensive literature review. As the healthcare sector has now become digitalized, the security of healthcare systems and, by extension, the protection of patient data is a key concern in the modern era of technological advances. Therefore, a secure and integrated system is now essential. Thus, to evaluate the relationship between security systems and healthcare quality, we conducted literature research to identify studies reporting their association. The timeline of our review is based on published studies covering the period from 2018 to 2024, with entries identified through a search of the relevant literature, focusing on the most recent developments due to advances in artificial intelligence and algorithmic approaches. Thirty-two studies were included in our final survey. Our findings underscore the critical role of security systems in healthcare that significantly improve patient outcomes and maintain the integrity of healthcare services. According to our approach, the studies analyzed highlight the growing importance of advanced security frameworks, especially those incorporating artificial intelligence and algorithmic methodologies, in safeguarding healthcare systems while enhancing patient care quality. According to this study, most of the research analyzed uses algorithmic technology approaches, many researchers prove that ransomware is the most common threat to hospital information systems, and more studies are needed to evaluate the performance of the systems created against this kind of attack. Full article

The region of the Arab Gulf is marching ahead very fast toward digitalization in ways prompted by initiatives, such as Saudi Vision 2030 and the UAE’s strategy for Smart Government. Thus, both underscore the boundless movement toward the inclusion of advanced technologies into accounting practices, such as Business Intelligence and Enterprise Resource Planning systems. While these technologies enhance efficiency and facilitate informed decision-making, they also render financial data vulnerable to cybersecurity threats, such as phishing, ransomware, and insider attacks. This paper investigates the impact of cybersecurity practices, ethical accountability, regulatory frameworks, and emerging technologies on the adoption of and trust in digital accounting systems in the GCC region. A quantitative research approach was followed, wherein the responses from a randomly selected sample of 324 professionals representing the GCC nations were collected. The empirical analysis was completed using Partial Least Squares Structural Equation Modeling. Strong cybersecurity measures, AI-driven threat detection mechanisms, and custom-fit employee training programs facilitate the adoption of and faith in digital accounting information systems considerably. Ethical accountability acts as the partial mediator of those effects, and supportive regulatory frameworks enhance cybersecurity strategy effectiveness. This study examines the development of integrated cybersecurity strategies with respect to technology, ethics, and regulations. It makes several major recommendations, calling for bringing the GCC countries’ regulatory frameworks into line with international standards; encouraging workforce training programs; and utilizing AI-powered technologies for proactive threat detection and management. These findings can arm stakeholders with a holistic pathway toward developing secure, resilient, and future-oriented digital accounting infrastructures across the region. Full article

This paper provides the complete details of current challenges and solutions in the cybersecurity of cyber-physical systems (CPS) within the context of the IIoT and its integration with edge computing (IIoT–edge computing). We systematically collected and analyzed the relevant literature from the past five years, applying a rigorous methodology to identify key sources. Our study highlights the prevalent IIoT layer attacks, common intrusion methods, and critical threats facing IIoT–edge computing environments. Additionally, we examine various types of cyberattacks targeting CPS, outlining their significant impact on industrial operations. A detailed taxonomy of primary security mechanisms for CPS within IIoT–edge computing is developed, followed by a comparative analysis of our approach against existing research. The findings underscore the widespread vulnerabilities across the IIoT architecture, particularly in relation to DoS, ransomware, malware, and MITM attacks. The review emphasizes the integration of advanced security technologies, including machine learning (ML), federated learning (FL), blockchain, blockchain–ML, deep learning (DL), encryption, cryptography, IT/OT convergence, and digital twins, as essential for enhancing the security and real-time data protection of CPS in IIoT–edge computing. Finally, the paper outlines potential future research directions aimed at advancing cybersecurity in this rapidly evolving domain. Full article

Testing the vulnerability of information systems to cyberattacks is essential to ensure the operational security of organizations and industrial processes. In particular, it is essential to ensure the resilience of industrial processes, as a possible cyberattack can lead to process malfunctions and even process shutdowns, which can lead to substantial economic losses. The possibility of various attacks, e.g., ransomware, phishing, or advanced persistent threats (APTs), requires the evaluation of the effectiveness of cyberattack detection and incident response mechanisms. In industry, it is often impossible to carry out this type of test without risking system disruption, making it difficult to assess the true effectiveness of security features. This article discusses the issues concerned with testing the cyber resilience of a system operating in a real coal mine. First, this work briefly presents the hardware and software architecture used in the coal mine. Secondly, it describes the problem of replicating a real system in the laboratory and the necessary tools and methods used to implement a resilient system architecture. Finally, the scenarios of cyberattacks are detailed, and the obtained results are discussed. Full article

In the recent past, the level of cyber threats has changed drastically, leading to the current transformation of the cybersecurity landscape. For example, emerging threats like Zero-day and polymorphic malware cannot be detected by conventional detection methods like heuristic and signature-based methods, which have proven useful in the identification of malware. In view of this shift in the cybersecurity paradigm, this study proposes to discuss the utilization of transformer models to improve malware detection effectiveness and the accuracy and efficiency in detecting malicious software. In this regard, this study adopts the application of transformers in identifying different forms of malicious software: ransomware, spyware, and trojans. Transformers are endowed with the ability to handle sequential data and capture intricate patterns. By employing deep learning techniques and conducting thorough contextual analysis, these models enhance the detection process by identifying subtle indications of compromise, which traditional methods may overlook. This research also explains the challenges and limitations related to the application of transformer-based models in real-world cybersecurity settings, which include computing requirements and large-scale labeled datasets’ requirements. By the end, the article suggests potential future research avenues in order to improve and integrate these models into cybersecurity systems. Full article

The Android operating system has become increasingly popular, not only on mobile phones but also in various other platforms such as Internet-of-Things devices, tablet computers, and wearable devices. Due to its open-source nature and significant market share, Android poses an attractive target for malicious actors. One of the notable security challenges associated with this operating system is riskware. Riskware refers to applications that may pose a security threat due to their vulnerability and potential for misuse. Although riskware constitutes a considerable portion of Android’s ecosystem malware, it has not been studied as extensively as other types of malware such as ransomware and trojans. In this study, we employ machine learning techniques to analyze the behavior of different riskware families and identify similarities in their actions. Furthermore, our research identifies specific behaviors that can be used to distinguish these riskware families. To achieve these insights, we utilize various tools such as k-Means clustering, principal component analysis, extreme gradient boost classifiers, and Shapley additive explanation. Our findings can contribute significantly to the detection, identification, and forensic analysis of Android riskware. Full article

The evolving landscape of cyber threats necessitates continuous advancements in defensive strategies. This paper explores the potential of artificial intelligence (AI) as an emerging tool to enhance cybersecurity. While AI holds widespread applications across information technology, its integration within cybersecurity remains a recent development. We offer a comprehensive review of current AI applications in this domain, focusing particularly on their preventative capabilities against prevalent threats like phishing, social engineering, ransomware, and malware. To illustrate these concepts, the paper presents a case study showcasing a specific AI application in a cybersecurity context. This case study addresses a critical gap in securing communication within resource-constrained Internet of Things (IoT) networks using the IEEE 802.15.4 standard. We discussed the advantages and limitations of employing PN sequence encryption for this purpose. Full article

Mobile communication is ubiquitous in everyday life. The fifth generation of mobile networks (5G) introduced 5G New Radio as a radio access technology that meets current bandwidth, quality, and application requirements. Network steganographic channels that hide secret message transfers in an innocent carrier communication are a particular threat in mobile communications as these channels are often used for malware, ransomware, and data leakage. We systematically analyze the protocol stack of the 5G–air interface for its susceptibility to network steganography, addressing both storage and timing channels. To ensure large coverage, we apply hiding patterns that collect the essential ideas used to create steganographic channels. Based on the results of this analysis, we design and implement a network covert storage channel, exploiting reserved bits in the header of the Packet Data Convergence Protocol (PDCP). the covert sender and receiver are located in a 5G base station and mobile device, respectively. Furthermore, we sketch a timing channel based on a recent overshadowing attack. We evaluate our steganographic storage channel both in simulation and real-world experiments with respect to steganographic bandwidth, robustness, and stealthiness. Moreover, we discuss countermeasures. Our implementation demonstrates the feasibility of a covert channel in 5G New Radio and the possibility of achieving large steganographic bandwidth for broadband transmissions. We also demonstrate that the detection of the channel by a network analyzer is possible, limiting its scope to application scenarios where operators are unaware or ignorant of this threat. Full article

As the digital environment progresses, the complexities of cyber threats also advance, encompassing both hostile cyberattacks and sophisticated cyber espionage. In the face of these difficulties, cooperative endeavours between state and non-state actors have attracted considerable interest as crucial elements in improving global cyber resilience. This study examines cybersecurity governance’s evolving dynamics, specifically exploring non-state actors’ roles and their effects on global security. This highlights the increasing dangers presented by supply chain attacks, advanced persistent threats, ransomware, and vulnerabilities on the Internet of Things. Furthermore, it explores how non-state actors, such as terrorist organisations and armed groups, increasingly utilise cyberspace for strategic objectives. This issue can pose a challenge to conventional state-focused approaches to security management. Moreover, the research examines the crucial influence of informal governance processes on forming international cybersecurity regulations. The study emphasises the need for increased cooperation between governmental and non-governmental entities to create robust and flexible cybersecurity measures. This statement urges policymakers, security experts, and researchers to thoroughly examine the complex relationship between geopolitics, informal governance systems, and growing cyber threats to strengthen global digital resilience. Full article

This paper presents a comprehensive model for cyber security risk assessment using the PIPRECIA-S method within decision theory, which enables organizations to systematically identify, assess and prioritize key cyber threats. The study focuses on the evaluation of malware, ransomware, phishing and DDoS attacks, using criteria such as severity of impact, financial losses, ease of detection and prevention, impact on reputation and system recovery. This approach facilitates decision making, as it enables the flexible adaptation of the risk assessment to the specific needs of an organization. The PIPRECIA-S model has proven to be useful for identifying the most critical threats, with a special emphasis on ransomware and DDoS attacks, which represent the most significant risks to businesses. This model provides a framework for making informed and strategic decisions to reduce risk and strengthen cyber security, which are critical in a digital environment where threats become more and more sophisticated. Full article

Crypto-ransomware is a type of ransomware that encrypts the victim’s files and demands a ransom to return the files. This type of attack has been on the rise in recent years, as it offers a lucrative business model for threat actors. Research into developing solutions for detecting and halting the spread of ransomware is vast, and it uses different approaches. Some approaches rely on analyzing system calls made via processes to detect malicious behavior, while other methods focus on the affected files by creating a file integrity monitor to detect rapid and abnormal changes in file hashes. In this paper, we present a novel approach that utilizes hashing and can accommodate large files and dynamically take into account the amount of change within each file. Mainly, our approach relies on dividing each file into partitions and then performing selective hashing on those partitions to rapidly detect encrypted partitions due to ransomware. Our new approach addresses the main weakness of a previous implementation that relies on hashing files, not file partitions. This new implementation strikes a balance between the detection time and false positives based on the partition size and the threshold of partition changes before issuing an alert. Full article