Abstract
Cybercrime is not only a social ill but it does also pose a tremendous threat to our virtual world of personal, corporate and national data security. The recent global cyberattack of WannaCry ransomware has created an adverse effect on worldwide financials, healthcare and educational sectors, highlighting the poor state of cyber security and its failure. This growing class of cyber attackers is gradually becoming one of the fundamental security concerns that require immediate attention of security researchers. This paper explores why the volume and severity of cyberattacks are far exceeding with the capabilities of their mitigation techniques and how the preventive safety measures could reduce the losses from cybercrime for such type of attacks in future. It further expresses the need to have a better technological vision and stronger defenses, to change the picture where human cognition might be the next big weapon as a security assurance toolkit.
On Sabbatical leave from DXC Techology.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Adham, M., Azodi, A., Desmedt, Y., Karaolis, I.: How to attack two-factor authentication internet banking. In: International Conference on Financial Cryptography and Data Security, pp. 322–328. Springer, Heidelberg (2013)
Arlitsch, K., Edelman, A.: Staying safe: cyber security for people and organizations. J. Lib. Admin. 54(1), 46–56 (2014)
Bergman, M.K.: White paper: the deep web: surfacing hidden value. J. Electron. Publ. 7(1) (2001)
Collier, R.: NHS ransomware attack spreads worldwide. CMAJ 189, E786–E787 (2017). https://doi.org/10.1503/cmaj.1095434
Everett, C.: Ransomware: to pay or not to pay? Comput. Fraud Secur. 4, 8–12 (2016)
Gandhi, K.A.: Survey on ransomware: a new era of cyber attack. Int. J. Comput. Appl. 168(3), 38–41 (2017)
Greenleaf, G.: Philippines Appoints Privacy Commission in Time for Mass Electoral Data Hack (2016)
Jøsang, A., et al.: Local user-centric identity management. J. Trust. Manag. 2(1), 1 (2015)
Kirlappos, I., Parkin, S., Sasse, M.A.: Learning from ‘Shadow Security’: why understanding noncompliant behaviors provides the basis for effective security. In: USEC Workshop on Usable Security (2014)
Laszka, A., Farhang, S., Grossklags, J.: On the economics of ransomware (2017). arXiv preprint arXiv:1707.06247
Levchenko, K., et al.: Click trajectories: end-to-end analysis of the spam value chain. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 431–446 (2011)
Lunker, M.: Cyber laws: a global perspective. Internet Source (2005). http://unpanl.un.org/intradoc/groups/public/documents/APCITY/UNPAN005846.pdf
Mansfield-Devine, S.: The Ashley Madison affair. Netw. Secur. 9, 8–16 (2015)
Martin, G., Kinross, J., Hankin, C.: Effective cyber security is fundamental to patient safety (2017)
Minkus, T., Ross, K.W: I know what you’re buying: privacy breaches on ebay. In: International Symposium on Privacy Enhancing Technologies Symposium, pp. 164–183. Springer International Publishing (2014)
Mohurle, S., Patil, M.: A brief study of Wannacry Threat: ransomware attack. Int. J. 8(5), 1938–1940 (2017)
Net Losses: Estimating the Global Cost of Cybercrime McAfee, Center for Strategic and International Studies (2014). http://go.nature.com/15nom3
OBrien, D.: Dridex: Tidal waves of spam pushing dangerous financial trojan. Symantec, White Paper (2016)
OWASP: AppSec Europe HTTP Parameter Pollution (2009). http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf. Accessed 20 Apr 2014
Perlroth, N.: Hackers in China attacked The Times for last 4 months. NY Times, 30 January 2013
Rehman, H., Nazir, M., Mustafa, K.: Security of web application: state of the art. In: International Conference of Information, Communication and Computer Technology ICICCT 2017 likely to be appear soon in Springer CCIS series (2017)
Robert S., Philip S.: Client-side attacks and defense. In: Syngress (2012). ISBN: 978-1-59749-590-5
Rudman, L., Irwin, B.: Dridex: analysis of the traffic and automatic generation of IOCs. In: Information Security for South Africa (ISSA), IEEE 2016, pp. 77–84, August 2016
Scaife, N., Carter, H., Traynor, P., Butler, K.R.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312. IEEE, June 2016
Shields, K.: Cybersecurity: recognizing the risk and protecting against attacks. NC Banking Inst. 19, 345 (2015). http://scholarship.law.unc.edu/ncbi/vol19/iss1/18
Turpe, S.: Security testing: turning practice into theory. In: IEEE International Conference on Proceedings of Software Testing Verification and Validation Workshop, ICSTW 2008, pp. 294–302 (2008)
Waldrop, M.M.: How to hack the hackers: the human side of cybercrime. Nature 533(7602), 164–167 (2016)
Walters, R.: Cyber attacks on US companies in 2014. Heritage Foundation Issue Brief, vol. 4289 (2014).
Web Application Attack and Audit Framework. http://w3af.sourceforge.net. Accessed 20 Apr 2014
Weinberger, S.: Is this the start of cyberwarfare? Nature 474(7350), 142 (2011). Chicago
Wilkinson, C.: Cyber Risks: The Growing Threat (2013)
Zhang, H., Yao, D.D., Ramakrishnan, N.: Detection of stealthy malware activities with traffic causality and scalable triggering relation discovery. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications security, pp. 39–50, June 2014
https://www.mcafee.com/in/resources/reports/rp-threats-predictions-2016.pdf. Accessed 27 Jun 2018
https://www.webroot.com/shared/pdf/reinventing-antivirus.pdf
https://www.mcafee.com/in/resources/reports/rp-threats-predictions-2016.pdf. Accessed 27 Jun 2018
Bruza, P.D., Wang, Z., Busemeyer, J.R.: Quantum cognition: a new theoretical approach to psychology. Trends Cogn. Sci. 19(7), 383–393 (2015)
Rehman, H., Khan, U., Nazir, M., Mustafa, K.: Strengthening the Bitcoin safety: a graded span based key partitioning mechanism. In: International Journal of Information Technology (selected for publication in vol. 10) (2018)
Alexander, R., Hawkins, R., Kelly, T.: Security assurance cases: motivation and the state of the art. High Integrity Systems Engineering, Department of Computer Science, University of York, York, UK (2011)
Almasri, A.H., Zuhairi, M.F., Darwish, M.A., Yafi, E.: Privacy and security of cloud computing: a comprehensive review of techniques and challenges. J. Eng. Appl. Sci. (Under Review)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Rehman, H.u., Yafi, E., Nazir, M., Mustafa, K. (2019). Security Assurance Against Cybercrime Ransomware. In: Vasant, P., Zelinka, I., Weber, GW. (eds) Intelligent Computing & Optimization. ICO 2018. Advances in Intelligent Systems and Computing, vol 866. Springer, Cham. https://doi.org/10.1007/978-3-030-00979-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-00979-3_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00978-6
Online ISBN: 978-3-030-00979-3
eBook Packages: EngineeringEngineering (R0)