Cyber attacks are increasingly menacing businesses. Based on the literature review and publicly available reports, this article conducts an extensive and consistent survey of the services used by the ...cybercrime business, organized using the value chain perspective, to understand cyber attack in a systematic way. Understanding the specialization, commercialization, and cooperation for cyber attacks helps us to identify 24 key value-added activities and their relations. These can be offered “as a service” for use in a cyber attack. This framework helps to understand the cybercriminal service ecosystem and hacking innovations. Finally, a few examples are provided showing how this framework can help to build a more cyber immune system, like targeting cybercrime control-points and assigning defense responsibilities to encourage collaboration.
The COVID-19 pandemic was a remarkable, unprecedented event which altered the lives of billions of citizens globally resulting in what became commonly referred to as the new-normal in terms of ...societal norms and the way we live and work. Aside from the extraordinary impact on society and business as a whole, the pandemic generated a set of unique cyber-crime related circumstances which also affected society and business. The increased anxiety caused by the pandemic heightened the likelihood of cyber-attacks succeeding corresponding with an increase in the number and range of cyber-attacks.
This paper analyses the COVID-19 pandemic from a cyber-crime perspective and highlights the range of cyber-attacks experienced globally during the pandemic. Cyber-attacks are analysed and considered within the context of key global events to reveal the modus-operandi of cyber-attack campaigns. The analysis shows how following what appeared to be large gaps between the initial outbreak of the pandemic in China and the first COVID-19 related cyber-attack, attacks steadily became much more prevalent to the point that on some days, three or four unique cyber-attacks were being reported. The analysis proceeds to utilise the UK as a case study to demonstrate how cyber-criminals leveraged salient events and governmental announcements to carefully craft and execute cyber-crime campaigns.
Cybercrime is becoming ever more pervasive and yet the lack of consensus surrounding what constitutes a cybercrime has a significant impact on society, legal and policy response, and academic ...research. Difficulties in understanding cybercrime begin with the variability in terminology and lack of consistency in cybercrime legislation across jurisdictions. In this review, using a structured literature review methodology, key cybercrime definitions, typologies and taxonomies were identified across a range of academic and non-academic (grey literature) sources. The findings of this review were consolidated and presented in the form of a new classification framework to understand cybercrime and cyberdeviance. Existing definitions, typologies and taxonomies were evaluated, and key challenges were identified. Whilst conceptualizing cybercrime will likely remain a challenge, this review provides recommendations for future work to advance towards a universal understanding of cybercrime phenomena as well as a robust and comprehensive classification system.
The growing threat of cyber-crime poses significant challenges for police organisations. This paper presents original, empirical research on specialist cyber-crime units in Australia to report on the ...issues and problems faced by police staff at the frontline of cyber-policing. Using a mix of survey data and in-depth interviewing with supervisors, key investigators, and civilian staff from two specialist cyber-crime units, this paper outlines the priority challenges as identified by members of these units. While staff report generally positive levels of job satisfaction working in the field of cyber-crime, three major themes emerged: (a) the accelerating quantity of the workload as cyber-crime becomes a bigger social problem; (b) the resourcing of the units has not developed commensurate with demand and (c) the level of skills and training within units are insufficient to address the unique nature and growing complexities of policing cyber-crime. Suggestions by staff regarding how to improve this situation are considered.
Cyber threats are becoming more sophisticated with the blending of once distinct types of attack into more damaging forms. Increased variety and volume of attacks is inevitable given the desire of ...financially and criminally-motivated actors to obtain personal and confidential information, as highlighted in this paper. We describe how the Routine Activity Theory can be applied to mitigate these risks by reducing the opportunities for cyber crime to occur, making cyber crime more difficult to commit and by increasing the risks of detection and punishment associated with committing cyber crime. Potential research questions are also identified.
Cybercrimes are often viewed as technical offenses that require technical solutions, such as antivirus programs or automated intrusion detection tools. However, these crimes are committed by ...individuals or networks of people which prey upon human victims and are detected and prosecuted by criminal justice personnel. As a result, human decision-making plays a substantial role in the course of an offence, the justice response, and policymakers' attempts to legislate against these crimes. This book focuses on the human factor in cybercrime: its offenders, victims, and parties involved in tackling cybercrime. The distinct nature of cybercrime has consequences for the entire spectrum of crime and raises myriad questions about the nature of offending and victimization. For example, are cybercriminals the same as traditional offenders, or are there new offender types with distinct characteristics and motives? What foreground and situational characteristics influence the decision-making process of offenders? Which personal and situational characteristics provide an increased or decreased risk of cybercrime victimization? This book brings together leading criminologists from around the world to consider these questions and examine all facets of victimization, offending, offender networks, and policy responses.
Tindakan peretasan terhadap situs milik Dewan Kehormatan Penyelenggara Pemilu (DKPP) dan analisis hukumnya berdasarkan Undang-Undang Informasi dan Transaksi Elektronik (UU ITE). H, pelaku peretasan, ...dijerat dengan Pasal 32 ayat (1) jo. Pasal 48 ayat (1) UU ITE. H memenuhi unsur sebagai warga negara Indonesia yang sengaja, tanpa hak, mengubah informasi elektronik DKPP. Situs pemerintah tersebut diretas dan diubah tampilannya menjadi melanggar norma. Putusan pengadilan menyatakan H bersalah, namun terdapat kekhilafan dalam penerapan pasal yang tidak mempertimbangkan situs milik pemerintah. Analisis hukum menyoroti pemberatan pidana berdasarkan Pasal 52 ayat (3) UU ITE, mempertimbangkan dampak cybercrime pada sistem pemerintah dan layanan publik. Penelitian juga mengeksplorasi konsep informasi elektronik dan urgensi UU ITE dalam memberikan perlindungan hukum. Terbukti bahwa perbuatan H melawan hukum, tidak ada alasan pembenar yang menghapuskan sifat melawan hukum, sehingga H dapat dipertanggungjawabkan pidana sesuai UU ITE.
This study aims to identify effective responses to cyber crime in the insurance industry. Survey responses from Moscow-based employees holding key positions in the leading insurance companies have ...been collected. The study analyses awareness of, attitudes to, and approaches to cyber security, as well as the incidence and impact of breaches or attacks. According to the experts, complying with laws or regulations and preventing fraud or theft are the main reasons for investing in cyber security. Phishing, viruses, and unauthorised use of computers, networks or servers by staff are the most widely spread threats to cyber security. Russian insurers often undertake additional staff training or change their policies in response to cyber breaches. Strategic recommendations were elaborated for industry professionals.
Cyber security has become a priority issue for all countries in the world since information and communication technology is used in various aspects of life, both in social, economic, legal, ...organizational, health, education, culture, government, security, defense, and other aspects. In direct proportion to the high level of utilization of information and communication technology, the level of risk and threat of misuse of information and communication technology is also getting higher and more complex. In response to these events, Indonesia then formed the National Cyber and Crypto Agency (BSSN) as a model for national cyber security institutions. This study uses a qualitative method with a descriptive approach. The purpose of this research is to find out how Indonesia's strategy in establishing cyber security in dealing with the threat of cyber crime through the National Cyber and Crypto Agency.
The notion that the human user is the weakest link in information security has been strongly, and, we argue, rightly contested in recent years. Here, we take a step further showing that the human ...user can in fact be the strongest link for detecting attacks that involve deception, such as application masquerading, spearphishing, WiFi evil twin and other types of semantic social engineering. Towards this direction, we have developed a human-as-a-security-sensor framework and a practical implementation in the form of Cogni-Sense, a Microsoft Windows prototype application, designed to allow and encourage users to actively detect and report semantic social engineering attacks against them. Experimental evaluation with 26 users of different profiles running Cogni-Sense on their personal computers for a period of 45 days has shown that human sensors can consistently outperform technical security systems. Making use of a machine learning based approach, we also show that the reliability of each report, and consequently the performance of each human sensor, can be predicted in a meaningful and practical manner. In an organisation that employs a human-as-a-security-sensor implementation, such as Cogni-Sense, an attack is considered to have been detected if at least one user has reported it. In our evaluation, a small organisation consisting only of the 26 participants of the experiment would have exhibited a missed detection rate below 10%, down from 81% if only technical security systems had been used. The results strongly point towards the need to actively involve the user not only in prevention through cyber hygiene and user-centric security design, but also in active cyber threat detection and reporting.
PDF
