The Human Element of Cybersecurity : A Literature Review of Social Engineering Attacks and Countermeasures

Broberg, Robert, Sinnott, Philip

January 2023

Social engineering attacks pose an escalating threat to organizations. This thesis conducted a semi-comprehensive literature review using the PRISMA method to address common attack methods, reducing susceptibility among employees, and the need for awareness training. Findings highlight severe consequences, exemplified by Yahoo and Sony data breaches. Phishing and spear-phishing are prevalent attack methods, exploiting the human element and bypassing high-techsecurity systems. To mitigate risks, organizations should adopt a multi-layered approach, combining technological solutions with employee awareness training. By enhancing employees' ability to identify and respond to social engineering attempts, susceptibility to attacks can be significantly reduced. Ongoing research and updated defense strategies are crucial to countering evolving attack vectors. The study emphasizes the collective responsibility in cybersecurity, combining technical and non-technical measures effectively. This thesis contributes to knowledge by providing insights into attack methods, countermeasures, and the importance of employee awareness training. The rigorous PRISMA method ensures a transparent approach, offering valuable guidance for organizations aiming to enhance their security posture against social engineering attacks.

Social engineering

attack

employee awareness

framework

policy

Computer and Information Sciences

Data- och informationsvetenskap

Risk-Averse Bi-Level Stochastic Network Interdiction Model for Cyber-Security Risk Management

Bhuiyan, Tanveer Hossain

10 August 2018

This research presents a bi-level stochastic network interdiction model on an attack graph to enable a risk-averse resource constrained cyber network defender to optimally deploy security countermeasures to protect against attackers having an uncertain budget. This risk-averse conditional-value-at-risk model minimizes a weighted sum of the expected maximum loss over all scenarios and the expected maximum loss from the most damaging attack scenarios. We develop an exact algorithm to solve our model as well as several acceleration techniques to improve the computational efficiency. Computational experiments demonstrate that the application of all the acceleration techniques reduces the average computation time of the basic algorithm by 71% for 100-node graphs. Using metrics called mean-risk value of stochastic solution and value of risk-aversion, numerical results suggest that our stochastic risk-averse model significantly outperforms deterministic and risk-neutral models when 1) the distribution of attacker budget is heavy-right-tailed and 2) the defender is highly risk-averse.

attack graph

stochastic network interdiction

risk-aversion

conditional-value-at-risk

mixed-integer-programming

Security in Rootless Containers : Measuring the Attack Surface of Containers

Engström Ericsson, Matilda

January 2022

Rootless containers are commonly perceived as more secure, as they run without added privileges. To the best of my knowledge, this hypothesis has never been proven.  This thesis aims to contribute to addressing knowledge gaps in research by measuring the attack surface of Rootless Podman, Rootless Docker, as well as Rootful Docker for comparison. Furthermore, different Rootless Container Engines are analysed in a prestudy to summarise what current options exist on the market today. The attack surface is systematically measured using the Attack Surface Measurement Method. The method identifies resources and groups them into different attack classes, based on the resource attackability. The authors of the method defines attackability as the likelihood of a successful attack. Finally, the total attackability of the container engines is computed.  The study concludes that attack surface is significantly reduced when a local container image is used, instead of downloading one. In addition, the design choice of the container engine influences the attack surface more than whether the container is rootless or rootful.

rootless container

container security

attack surface

Docker

Podman

Computer and Information Sciences

Data- och informationsvetenskap

Cyber attacks against small companies that outsource their services

Haji Akbar, Mahan, Babar, Shahryar Khan

January 2022

Companies outsource a lot of their development tasks. The use of external development teams introduces security problems which may lead to data breaches and even corporate espionage where business ideas are used in other companies, leading to leaking of trade secrets. A detailed explanation of the security implications of outsourcing is given, with ways to mitigate such risks in the first section of the report. The report also explains some basics theory in cyber security such as information gathering, vulnerability scanning, exploitation and post exploitation. We also look at some software tools used in the field. Due to the lack of knowledge and awareness about cyber security, most small companies do not have enough protection against these malicious attacks. The proposed intrusion detection system is capable of recognizing various kinds of cyber attacks including denial of serviceattack, spoofing attack, sniffing attack and so on. The proposed system employs ensemble learning and feature selection techniques to reduce the computational cost and improve the detection rate simultaneously. This paper presents an intelligent intrusion detection system based on tree-structure machine learning models. After the implementation of the proposed intrusion detection system on standard data sets, the system has achieved high detection rate and low computational cost simultaneously. The method used to bring results is python with scikit library that can help with machine learning. The results will show figures of heatmap and scores of models that will explain how likely it will identify a cyber attack.

Outsourcing

Cyber attack

Cyber security

Intrusion detection system

Computer and Information Sciences

Data- och informationsvetenskap

Patienters upplevelser under och efter en hjärtinfarkt

Svensson, Amanda, Hussain, Hivin

January 2016

Bakgrund: Hjärt- och kärlsjukdomar är den vanligaste folksjukdomen och dödsorsaken idet svenska samhället. Sjukdomen beror på en tilltäppning av hjärtats stora kärl. Att entilltäppning inträffar och en hjärtinfarkt uppstår beror på ateroskleros vilket orsakats avindividens levnadsvanor; tobaksrökning, fysisk inaktivitet, dåliga kostvanor, stress ochövervikt. Tilltäppningen av kärlet leder till ischemi vilket medför bröstsmärta. I detakuta förloppet upplever patienter känslor av stress, nedstämdhet och ilska. Efterutskrivning upplevs blandade känslor av patienterna och en oro skapas över att drabbasav en ny hjärtinfarkt.Syftet: Syftet med denna litteraturstudie är att belysa patienters upplevelser under ochefter en hjärtinfarkt.Metod: Den metod som används till litteraturstudien är enligt Polit & Becks (2014). Tillden kvalitativa litteraturstudien gjordes ett flertal sökningar efter tio kvalitativavetenskapliga studier som genomfördes i databaserna CINAHL och PUBMED.Användning av MeSH- termer och Headings har utnyttjats.Resultat: Patienterna upplever känslomässiga reaktioner efter att ha insjuknat i enhjärtinfarkt. Reaktionerna omfattar både det akuta tillståndet och efterförloppet. Detrespondenterna uppfattade var upplevelser från kropp & själ och upplevelser frånomgivningen. Upplevelser från kropp & själ inkluderar symtom, rädsla och ångest,förändringar, insjuknandet och coping. Upplevelser från omgivningen innefattarpatienternas stöd från anhöriga, patienternas syn på vården samt deras roll iåterhämtningsprocessen. / Background: Heart - and vascular diseases are the most common national disease andthe leading cause of death in Swedish society. The disease occurs due to a blockage ofthe heart's large vessels. The reason that a blockage and a heart attack occur depends onatherosclerosis causes by individual lifestyles that includes smoking, physical inactivity,poor diet, stress and being overweight. The occlusion of the vessel leading to ischemiacauses chest pain. In the acute process the patients experience feelings of stress,depression and anger. After discharge from the hospital the patients experience mixedfeelings and concerns of developing another heart attack.The aim: The aim of this study is to illustrate patients' experiences during and after amyocardial infarction.Methods: The method which is used to the literature study is according to Polit & Beck(2014). To the qualitative literature study was several searches after ten qualitativescientific studies was made conducted by the databases PUBMED and CINAHL.MeSH- terms and Headings have been used.Results: The result shows that patients experience emotional reactions after beingdiagnosed with a myocardial infarction. The reactions include both the acute processand after the illness. The respondents expressed experiences from the body & soul andexperiences from the environment. The experiences from the body & soul includesymptoms, fear and anxiety, changes, becoming ill and coping. Experiences from theenvironment include patients support from relatives and the health care’s affect on theirrecovery.

Patient

Upplevelse

Psykologi

Hjärtinfarkt

Hjärtattack

Experience

Psychology

Myocardial infarction

Heart attack

Medical and Health Sciences

Medicin och hälsovetenskap

What is an Attack? : A Study on the Necessary Prerequisite in Crimes Against Humanity

Ottosson, Nathalie

January 2022

The purpose of this thesis is to determine the meaning of the necessary prerequisite attack in the international core crime crimes against humanity. Based on this, the thesis also aims to determine how a Swedish court should interpret the necessary prerequisite attack. Lastly, the thesis aims to assess the necessary prerequisite attack from an external gender perspective. Cases from the International Criminal Tribunal for the former Yugoslavia, the International Criminal Tribunal for Rwanda, and the International Criminal Court were analysed to fulfill this purpose. Two methods are applied: the doctrinal study and the gender perspective. Three incidents from the ongoing Russian invasion of Ukraine have been used to exemplify and discuss some of the theoretical aspects of this thesis. These are the extensive sexual violence against women, the mass executions of men in Bucha, and the forced deportation and illegal adoptions of Ukrainian children. The thesis shows that the necessary prerequisite attack consists of several elements, which all have to be present for the necessary prerequisite to be considered fulfilled. There must be an attack, the attack must be widespread or systematic, the attack must be directed against a civilian population and the perpetrator’s acts must constitute part of an attack that they are aware of and knowingly participates in. An attack no longer needs to occur within the context of an armed conflict or with discriminatory intent, except for the specific act of persecution. An element that appears required for a course of events to constitute an attack is that of a policy, though there is a lack of consensus on this matter. The international views of the necessary prerequisite attack differs, especially regarding the policy element, and the next question that has to be answered is therefore how a Swedish court should interpret the necessary prerequisite attack. Which case law or legal sources should they use, and why? The thesis argues that the Swedish International Crimes Act should be used first, and the Swedish preparatory work has clear indications to follow the International Criminal Courts case law. This means that it is likely that a Swedish court would apply the policy element. The thesis ends with an analysis of the necessary prerequisite attack and acts of sexual violence from a gender perspective. The thesis shows that there has been a positive development in the last 30 years in how acts of sexual violence are viewed and handled within the field of international criminal law.

Public International Law

International Criminal Law

Crimes Against Humanity

Attack

Gender Perspective

Law

Juridik

Control of Cardiac Extracellular Matrix Degradation and Cardiac Fibrosis after Myocardial Infarction

Fan, Zhaobo

January 2016

No description available.

Biomedical Engineering

Materials Science

Drug delivery

thermosensitive hydrogel

polymer synthesis

cardiac fibrosis

myocardial remodeling

heart attack

Inhibitory synpatic transmission in striatal neurons after transient cerebral ischemia

Li, Yan

08 December 2009

Large aspiny neurons are the only non-GABAergic neurons in the striatum. After transient cerebral ischemia, large aspiny neurons survive while medium spiny neurons die. Previous studies have shown that differential changes in the intrinsic membrane properties and excitatory synaptic transmission play a role in this selective vulnerability. However, the role of inhibitory synaptic transmission in this selective vulnerability is still unknown. Since inhibitory tone is very important in the control of neuronal excitability, the present study is aimed at examining if there are any changes in inhibitory synaptic transmission in striatal neurons after ischemia and the possible mechanisms. We also examined if facilitation of inhibitory synaptic transmission by muscimol could attenuate ischemic neuronal injury in the striatum after ischemia. Results from this study will improve the understanding of the mechanisms underlying selective neuronal injury after transient cerebral ischemia. We hope this study could contribute to the translational studies for the stroke patients after cardiac arrest. / Indiana University-Purdue University Indianapolis (IUPUI) / In the striatum, large aspiny (LA) interneurons survive transient cerebral ischemia while medium spiny (MS) neurons die. Excitotoxicity is believed to be the major cause for neuronal death after ischemia. Since inhibitory tone plays an important role in the control of neuronal excitability, the present study is aimed at examining if there are any changes in inhibitory synaptic transmission in striatal neurons after ischemia and the possible mechanisms. Transient forebrain ischemia was induced in male Wistar rats using the four-vessel occlusion method. Inhibitory postsynaptic currents (IPSCs) were evoked intrastriatally and whole-cell voltage-clamp recording was performed on striatal slices. The expression of glutamate decarboxylase65 (GAD65) was analyzed using immunohistochemical studies and Western blotting. Muscimol (a specific GABAA receptor agonist) was injected intraperitoneally to the rats (1 mg/kg) to observe ischemic damage, evaluated by counting the survived cells in the striatum after hematoxylin & eosin (HE) staining. The amplitudes of evoked IPSCs were significantly increased in LA neurons while depressed in MS neurons after ischemia. This enhancement was due to the increase of presynaptic release. Muscimol (1 μM) presynaptically facilitated inhibitory synaptic transmission in LA neurons at 24 h after ischemia. The optical density of GAD65-positive terminals and the number of GAD65-positive puncta was significantly increased in the striatum at both 1 day and 3 days after ischemia. Consistently, data from western blotting suggested an increased expression of GAD65 in the striatum after ischemia. For the rats treated with muscimol, the number of survived cells in the striatum was greatly increased compared to the non-treatment group. The present study demonstrates an enhancement of inhibitory synaptic transmission in LA neurons after ischemia, which is contributed by two mechanisms. One is the increased presynaptic release of GABA mediated by presynaptic GABAA receptors. The other is the increased expression of GAD. Facilitation of inhibitory synaptic transmission by muscimol protects striatal neurons against ischemia. Therefore, the enhancement of inhibitory synaptic transmission might reduce excitotoxicity and contribute to the selective survival of LA neurons after ischemia.

inhibitory synaptic transmission

large aspiny neurons

transient cerebral ischemia

striatum

Transient ischemic attack

Cerebral ischemia

Potentiella triggers till hjärtinfarkt under julhelgen : en enkätstudie / Potential triggers of myocardial infarction during christmas : a survey study

Olsson, Anneli, Thorén, Ida

January 2021

SAMMANFATTNING: Kranskärlssjukdom är en av de vanligaste orsakerna till död globalt. Kunskap idag påvisar att det finns ett antal modifierbara riskfaktorer där sjuksköterskan tillsammans med det multiprofessionella teamet har en nyckelroll i det sekundärpreventiva arbetet. De senaste årens forskning har påvisat att det akuta insjuknandet kan påverkas av inre eller yttre faktorer. Som ett exempel har studier visat att risken att insjukna i en hjärtinfarkt under julhelgen är kraftigt ökad. Syftet med studien var att studera förekomsten av potentiella triggers till hjärtinfarkt under julhelgen som kan ha betydelse för sekundärpreventiv vård. Studien genomfördes med en kvantitativ metod i form av en tvärsnittsstudie. En egenkonstruerad enkät användes för att identifiera förekomsten av aktuella triggers. Respondenterna fick själva uppskatta förekomsten av dessa dygnet innan hjärtinfarkten jämfört med vid ett normaltillstånd. I tillägg efterfrågades orsak till eventuell stress som fritextssvar. Enkäten skickades ut via post till en kohort av 135 deltagare från hela landet. Urvalet var konsekutivt. Alla som insjuknat i hjärtinfarkt med symtomdebut under föregående julhelg och som registrerats i det nationella kvalitetsregistret Riks-HIA och var levande vid tid för datauttag inkluderades. Svarsfrekvensen var 66 procent. Studiens resultat påvisar förekomst av en rad negativa faktorer som sömnlöshet, ökat matintag, lägre grad av fysisk aktivitet samt ökad stress. En liten del uppgav stress som var direkt knuten till julhelgen exempelvis i form av upplevt påtvingat umgänge samt allmänt julstök med matlagning och städning. Slutsatsen är att studien har ökat kunskapen kring i vilken utsträckning patienter har upplevt potentiella triggers dygnet före sitt insjuknande. Framträdande var den psykosociala ohälsan hos den undersökta populationen. Kunskapen om att vissa faktorer kan agera som akuta triggers bör införlivas i den sekundärpreventiva vården. Ett personcentrerat förhållningssätt med personens berättelse i centrum är av stor betydelse för att nå bestående livsstilsförändringar och utarbeta strategier för att undvika nya händelser. / ABSTRACT: Coronary heart disease is one of the most common causes of death worldwide. Knowledge of today demonstrates that there are a number of modifiable risk factors where the nurse together with the multi-professional team has a key role in the secondary preventive work. In recent years, research has shown that the disease can be acutely affected by internal or external factors. For example, the risk of having a heart attack during Christmas holiday is significantly increased. The purpose of the study was to study the occurrence of potential triggers for heart attack during Christmas holiday that may be of importance for secondary preventive care. The study was conducted using a quantitative method as a cross-sectional study. A self-designed survey was used to identify the presence of triggers. The respondents themselves were able to estimate the presence of these the day before the heart attack compared with a normal condition. In addition, the reason for any stress was requested as a free text reply. The questionnaire was sent by post to a cohort of 135 participants from all over the country. The selection was consecutive. All patients with myocardial infarction with a symptom onset during the previous Christmas weekend registered in the national quality register Riks-HIA and was alive at the time of data collection, were included.The response rate was 66 percent. The results of the study show the presence of a number of negative factors such as insomnia, increased food intake, lower degree of physical activity and increased stress. A small number stated stress that was directly linked to the Christmas weekend in the form of experienced forced socialization or caused by general Christmas disturbances such as cooking and cleaning.In our conclusion, the study has increased the knowledge about into what extent patients experience potential triggers the day before their illness. Prominent was the psychosocial ill health of the population studied. The knowledge that certain factors can act as acute triggers should be incorporated into secondary preventive care. A person-centered approach with the person's story at the center, is of great importance for achieving lasting lifestyle changes and developing strategies to avoid new events.

Trigger

Heart attack

Secondary prevention

Person-centered care

Trigger

Hjärtinfarkt

Sekundärprevention

Personcentrerad vård

Nursing

Omvårdnad

Efficient Logic Encryption Techniques for Sequential Circuits

Kasarabada, Yasaswy V.

15 July 2021

No description available.

Computer Engineering

Logic Encryption

Sequential Circuits

SAT Attack

Circuit Simulation

Model Checking

Dynamic Keys