Advertisement

Security Assurance Against Cybercrime Ransomware

  • Habib ur RehmanEmail author
  • Eiad Yafi
  • Mohammed Nazir
  • Khurram Mustafa
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 866)

Abstract

Cybercrime is not only a social ill but it does also pose a tremendous threat to our virtual world of personal, corporate and national data security. The recent global cyberattack of WannaCry ransomware has created an adverse effect on worldwide financials, healthcare and educational sectors, highlighting the poor state of cyber security and its failure. This growing class of cyber attackers is gradually becoming one of the fundamental security concerns that require immediate attention of security researchers. This paper explores why the volume and severity of cyberattacks are far exceeding with the capabilities of their mitigation techniques and how the preventive safety measures could reduce the losses from cybercrime for such type of attacks in future. It further expresses the need to have a better technological vision and stronger defenses, to change the picture where human cognition might be the next big weapon as a security assurance toolkit.

Keywords

Cybercrime WannaCry ransomware Human cognition Cybersecurity Cyberintrusions Cyberattack 

References

  1. 1.
    Adham, M., Azodi, A., Desmedt, Y., Karaolis, I.: How to attack two-factor authentication internet banking. In: International Conference on Financial Cryptography and Data Security, pp. 322–328. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  2. 2.
    Arlitsch, K., Edelman, A.: Staying safe: cyber security for people and organizations. J. Lib. Admin. 54(1), 46–56 (2014)CrossRefGoogle Scholar
  3. 3.
    Bergman, M.K.: White paper: the deep web: surfacing hidden value. J. Electron. Publ. 7(1) (2001)Google Scholar
  4. 4.
    Collier, R.: NHS ransomware attack spreads worldwide. CMAJ 189, E786–E787 (2017).  https://doi.org/10.1503/cmaj.1095434CrossRefGoogle Scholar
  5. 5.
    Everett, C.: Ransomware: to pay or not to pay? Comput. Fraud Secur. 4, 8–12 (2016)CrossRefGoogle Scholar
  6. 6.
    Gandhi, K.A.: Survey on ransomware: a new era of cyber attack. Int. J. Comput. Appl. 168(3), 38–41 (2017)Google Scholar
  7. 7.
    Greenleaf, G.: Philippines Appoints Privacy Commission in Time for Mass Electoral Data Hack (2016)Google Scholar
  8. 8.
    Jøsang, A., et al.: Local user-centric identity management. J. Trust. Manag. 2(1), 1 (2015)Google Scholar
  9. 9.
    Kirlappos, I., Parkin, S., Sasse, M.A.: Learning from ‘Shadow Security’: why understanding noncompliant behaviors provides the basis for effective security. In: USEC Workshop on Usable Security (2014)Google Scholar
  10. 10.
    Laszka, A., Farhang, S., Grossklags, J.: On the economics of ransomware (2017). arXiv preprint arXiv:1707.06247
  11. 11.
    Levchenko, K., et al.: Click trajectories: end-to-end analysis of the spam value chain. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 431–446 (2011)Google Scholar
  12. 12.
    Lunker, M.: Cyber laws: a global perspective. Internet Source (2005). http://unpanl.un.org/intradoc/groups/public/documents/APCITY/UNPAN005846.pdf
  13. 13.
    Mansfield-Devine, S.: The Ashley Madison affair. Netw. Secur. 9, 8–16 (2015)CrossRefGoogle Scholar
  14. 14.
    Martin, G., Kinross, J., Hankin, C.: Effective cyber security is fundamental to patient safety (2017)Google Scholar
  15. 15.
    Minkus, T., Ross, K.W: I know what you’re buying: privacy breaches on ebay. In: International Symposium on Privacy Enhancing Technologies Symposium, pp. 164–183. Springer International Publishing (2014)Google Scholar
  16. 16.
    Mohurle, S., Patil, M.: A brief study of Wannacry Threat: ransomware attack. Int. J. 8(5), 1938–1940 (2017)Google Scholar
  17. 17.
    Net Losses: Estimating the Global Cost of Cybercrime McAfee, Center for Strategic and International Studies (2014). http://go.nature.com/15nom3
  18. 18.
    OBrien, D.: Dridex: Tidal waves of spam pushing dangerous financial trojan. Symantec, White Paper (2016)Google Scholar
  19. 19.
    OWASP: AppSec Europe HTTP Parameter Pollution (2009). http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf. Accessed 20 Apr 2014
  20. 20.
    Perlroth, N.: Hackers in China attacked The Times for last 4 months. NY Times, 30 January 2013Google Scholar
  21. 21.
    Rehman, H., Nazir, M., Mustafa, K.: Security of web application: state of the art. In: International Conference of Information, Communication and Computer Technology ICICCT 2017 likely to be appear soon in Springer CCIS series (2017)Google Scholar
  22. 22.
    Robert S., Philip S.: Client-side attacks and defense. In: Syngress (2012). ISBN: 978-1-59749-590-5Google Scholar
  23. 23.
    Rudman, L., Irwin, B.: Dridex: analysis of the traffic and automatic generation of IOCs. In: Information Security for South Africa (ISSA), IEEE 2016, pp. 77–84, August 2016Google Scholar
  24. 24.
    Scaife, N., Carter, H., Traynor, P., Butler, K.R.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312. IEEE, June 2016Google Scholar
  25. 25.
    Shields, K.: Cybersecurity: recognizing the risk and protecting against attacks. NC Banking Inst. 19, 345 (2015). http://scholarship.law.unc.edu/ncbi/vol19/iss1/18
  26. 26.
    Turpe, S.: Security testing: turning practice into theory. In: IEEE International Conference on Proceedings of Software Testing Verification and Validation Workshop, ICSTW 2008, pp. 294–302 (2008)Google Scholar
  27. 27.
    Waldrop, M.M.: How to hack the hackers: the human side of cybercrime. Nature 533(7602), 164–167 (2016)CrossRefGoogle Scholar
  28. 28.
    Walters, R.: Cyber attacks on US companies in 2014. Heritage Foundation Issue Brief, vol. 4289 (2014).Google Scholar
  29. 29.
    Web Application Attack and Audit Framework. http://w3af.sourceforge.net. Accessed 20 Apr 2014
  30. 30.
    Weinberger, S.: Is this the start of cyberwarfare? Nature 474(7350), 142 (2011). ChicagoGoogle Scholar
  31. 31.
    Wilkinson, C.: Cyber Risks: The Growing Threat (2013)Google Scholar
  32. 32.
    Zhang, H., Yao, D.D., Ramakrishnan, N.: Detection of stealthy malware activities with traffic causality and scalable triggering relation discovery. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications security, pp. 39–50, June 2014Google Scholar
  33. 33.
  34. 34.
  35. 35.
  36. 36.
    Bruza, P.D., Wang, Z., Busemeyer, J.R.: Quantum cognition: a new theoretical approach to psychology. Trends Cogn. Sci. 19(7), 383–393 (2015)CrossRefGoogle Scholar
  37. 37.
    Rehman, H., Khan, U., Nazir, M., Mustafa, K.: Strengthening the Bitcoin safety: a graded span based key partitioning mechanism. In: International Journal of Information Technology (selected for publication in vol. 10) (2018)Google Scholar
  38. 38.
    Alexander, R., Hawkins, R., Kelly, T.: Security assurance cases: motivation and the state of the art. High Integrity Systems Engineering, Department of Computer Science, University of York, York, UK (2011)Google Scholar
  39. 39.
    Almasri, A.H., Zuhairi, M.F., Darwish, M.A., Yafi, E.: Privacy and security of cloud computing: a comprehensive review of techniques and challenges. J. Eng. Appl. Sci. (Under Review) Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Habib ur Rehman
    • 1
    • 3
    Email author
  • Eiad Yafi
    • 2
  • Mohammed Nazir
    • 1
  • Khurram Mustafa
    • 1
  1. 1.Department of Computer ScienceJamia Millia IslamiaNew DelhiIndia
  2. 2.Malaysian Institute of Information TechnologyUniversiti Kuala LumpurKuala LumpurMalaysia
  3. 3.DXC TechnologyNoidaIndia

Personalised recommendations