The cybersecurity threat of deepfake

Brandqvist, Johan

January 2024

The rapid advancement of deepfake technology, utilizing Artificial Intelligence (AI) to create convincing, but manipulated audio and video content, presents significant challenges to cybersecurity, privacy, and information integrity. This study explores the complex cybersecurity threats posed by deepfakes and evaluates effective strategies, to prepare organizations and individuals for these risks. Employing a qualitative research approach, semi-structured interviews with cybersecurity- and AI experts were conducted to gain insights into the current threat landscape, the technological evolution of deepfakes, and strategies for their detection and prevention. The findings reveal that while deepfakes offer opportunities in various sectors, they predominantly also pose threats such as misinformation, identity theft, and fraud. This study highlights the dual-use nature of deepfake technology, where improvements in creation and detection are continually evolving in a technological arms race. Ethical and societal implications are examined, emphasizing the need for enhanced public awareness and comprehensive regulatory frameworks to manage these challenges. The conclusions drawn from this research underscore the urgency of developing robust, AI-driven detection tools, advocating for a balanced approach that considers both technological advancements and the ethical dimensions of these innovations. Recommendations for policymakers and cybersecurity professionals include investing in detection technologies, promoting digital literacy, and fostering international collaboration to establish standards for ethical AI use. This thesis contributes to the broader discourse on AI ethics and cybersecurity, providing a foundation for future research and policy development in the era of digital manipulation.

Deepfake

cybersecurity

artificial intelligence

experts

Information Systems, Social aspects

Comparative Analysis and Development of Security Tools for Vulnerability Detection : Exploring the Complexity of Developing Robust Security Solutions

Wiklund, Milton

January 2024

Detta examensarbete ålägger en omfattande studie riktad mot att granska de komplexiteter och utmaningar som förekommer vid utveckling av robusta och effektiva verktyg som upptäcker säkerhetsrisker i kod. Genom att bestyra en jämförande analys av redan existerande säkerhetsverktyg, och engagera sig i ett försök av att utveckla ett säkerhetsverktyg från en grundläggande nivå, strävar detta arbete efter att uppenbara de underliggande anledningarna bakom varför det, inom cybersäkerhet, ännu är en stor utmaning att ligga steget före skadliga aktörer. Inledande bidrar forskningen med en överblick av aktuella säkerhetsverktyg, och samtidigt undersöks deras effektivitet, metoder, samt de typer av sårbarheter som verktygen är designade för att upptäcka. Genom systematiska mätningar betonar studien styrkor och svagheter av säkerhetsverktygen, och samtidigt dokumenteras utvecklingsprocessen av ett nytt säkerhetsverktyg med syfte att upptäcka liknande sårbarheter som de jämförda verktygen. De bemötta utmaningarna vid utvecklande—som att behandla moderna säkerhetshot, och integrera komplexa upptäckningsalgoritmer—diskuteras för att förevisa de övertygande hinder som utvecklare påträffar. Därutöver bedöms viktigheten av att effektivt kunna upptäcka sårbarheter, och hur det kan hjälpa att bevara integritet och pålitlighet av applikationer. Examensarbetet siktar mot att bidra med viktig insyn i området cybersäkerhet, samt stödja fortsatt utveckling i mån av att mildra säkerhetshot. Sammanfattningsvis visar resultatet från denna studie att det krävs både kunskap och ambition för att utveckla ett säkerhetsverktyg från grunden, eftersom nya hot uppstår nästan varenda dag. Studien avslöjar också att skadliga aktörer är kända för att regelbundet leta efter sårbarheter i system, och är en av de ledande anledningarna till varför det är så svårt att bekämpa cyberhot. / This thesis stipulates a comprehensive study aimed at examining the complexities and challenges in developing robust and effective tools for detecting security vulnerabilities in code. By performing a comparative analysis of already existing security tools, and engaging in an attempt of developing a security tool from a foundational level, this work strives to disclose the underlying reasons as to why staying one step ahead of malicious actors remains a difficult challenge in cybersecurity. Introductory, the study provides an overview of current security tools while examining their effectiveness, methodologies, and the types of vulnerabilities they are designed to detect. Through systematic measurements, the study highlights strengths and weaknesses of the security tools while, simultaneously, documenting the process of developing a new security tool designed to detect similar vulnerabilities to the compared tools. The challenges faced during development—such as treating modern security threats, and integrating complex detection algorithms—are discussed to portray the compelling hurdles that developers encounter. Moreover, this thesis assesses the importance of effectively detecting vulnerabilities, and how it can aid in maintaining integrity and trustworthiness of applications. The thesis aims to contribute with valuable insight into the field of cybersecurity and support continued development for mitigating cyber threats. In conclusion, the outcome from this study shows that developing a security tool from a foundational level requires both knowledge and ambition, since new threats occur almost every day. The study also reveals that malicious actors are known for frequently looking for vulnerabilities in systems, making it one of the leading reasons why it is difficult to fight cyber threats.

Cybersecurity

security tools

security threats

threat mitigation.

Cybersäkerhet

säkerhetsverktyg

säkerhetshot

reducering av hot.

Software Engineering

Programvaruteknik

Getting the general public to create phishing emails : A study on the persuasiveness of AI-generated phishing emails versus human methods

Ekekihl, Elias

January 2024

Artificial Intelligence (AI) is ever increasingly becoming more and more widespread, and is available, for the most part freely to anyone. While AI can be used for both good and bad, the potential for misuse exists. This study focuses on the intersection of AI and cybersecurity, with a focus on AI-generated phishing emails. In this study a mixed-method approach was applied and, an experiment, interviews, and a survey were conducted. Experiments and interviews were conducted with 9 participants with various backgrounds, but novices in phishing. In the experiment, phishing emails were created in three distinct ways: Human-Crafted, Internet-aided, and AI-generated. Emails were evaluated during semi-structured interviews, and each participant reviewed six emails in total, where two of these, were real phishing emails. The results from the interviews indicate that AI-generated phishing emails are as persuasive as those created in the Human-Crafted task. On the contrary, in the survey, participants ranked the AI-generated phishing email as the most persuasive, followed by Human-Crafted. The survey was answered by 100 participants. Familiarity plays a crucial part in both persuasiveness and also willingness to go along with the requests in the phishing emails, this was highlighted during interviews and the survey. Urgency was seen as very negative by both the respondents and interviewees. The results from the study highlight the potential for misuse, specifically with the creation of AI-generated phishing emails, research into protection measures should not be overlooked. Adversaries have the potential to use AI, as it is right now, to their advantage.

AI

ChatGPT

cybersecurity

GenAI

persuasiveness

phishing

Information Systems, Social aspects

An Examination of the Audit Implications of Third-Party Risk

Filosa, Jessica Rose

23 May 2024

Doctor of Philosophy / This study explores whether companies that engage in outsourcing suffer negative audit-related consequences. Outsourcing exposes companies to third-party risk, which is the risk associated with outsourcing IT systems and/or business operations to external companies. Publicly traded companies in the United States are required to file a financial report with the Securities and Exchange Commission each year that includes a discussion of significant risks the company faces. I use this disclosure to identify companies that reveal third-party risk as a major threat to their organization and use machine learning to develop a measure that distinguishes companies exposed to third-party risk from those that are not. Using this measure, I examine whether companies exposed to third-party risk arrangements are more likely to suffer from low quality internal controls, to experience a cybersecurity incident, or to pay higher fees to their external auditor. The results do not show an association between my measure of third-party risk and the likelihood that a company reports a problem with internal controls. However, I do find that companies exposed to third-party risk are more likely to experience a cybersecurity incident. Lastly, I find that companies exposed to third-party risk pay higher fees to their external auditors in the initial year that this risk appears in their annual report. Overall, these results provide initial empirical evidence on the existence and consequences of third-party risk. The findings may be of interest to accounting professionals and managers who are in the early stages of learning to identify and manage their third-party risk exposure. Regulators may also benefit from this study as they contemplate updating the auditing standards related to outsourcing.

third-party risk

outsourcing

internal control

cybersecurity

audit fees

operational efficiency

COMPLY OR DIE : A case study of conditions for NIS2-compliance

Burström, Ludvig, Petersson, André

January 2024

Cybersecurity is increasingly becoming more pervasive and prevalent due in part to ongoing conflicts in the world as well as increased reliance on digital technologies. To combat the emerging threats posed by this, the European Union introduced NIS2, a legislation aimed at increasing the lowest level of cybersecurity across its member states. Thus, the research question this study set out to answer was “How can conditions for organizational compliance with NIS2 be evaluated?” This case study has utilized a Delphi-panel with experts within the field, conducted interviews, analyzed internal documents, and established cybersecurity standards. The study has found several crucial conditions for reaching compliance with this new legislation, it has also developed a means of evaluation for organizations forced to comply. The findings further the field of cybersecurity by uncovering ownership as an important and generally overlooked condition for compliance. As well as providing a tool for practitioners and researchers to help evaluate conditions for NIS2 compliance.

Cybersecurity

Compliance

Readiness

Ownership

NIS2

Information Systems, Social aspects

Investigation of Post-Quantum Cryptography (FIPS 203 & 204) Compared to Legacy Cryptosystems, and Implementation in Large Corporations.

Marmebro, Alma, Stenbom, Kristin

January 2024

As quantum computing advances, there is a critical need to develop quantum resistant cryptographic algorithms. The precise timeline for quantum computers to challenge current encryption methods is uncertain, yet the potential risk to global data security is clear. This study addresses the necessity to prepare for these future threats by evaluating and enhancing the security of proposed quantum safe systems. The National Institute of Standards and Technology (NIST) has been proactive in addressing these challenges, proposing a set of quantum safe cryptographic systems, including ML-KEM (Module Lattice-based Key Encapsulation Mechanism) and ML-DSA (Module Lattice-based Digital Signature Algorithm). These systems are believed to be resilient against the computational capabilities of quantum computers, offering a pathway to secure cryptographic practices in the forthcoming quantum era. We have conducted a detailed analysis of ML-KEM and ML-DSA, focusing on their mathematical foundations and the inherent hardness of these systems. This examination helps clarify why they are considered secure against quantum computing. Our study involves implementing an Module-Learning With Errors (MLWE)-based cryptosystem, the foundational hardness of which underpins the security of ML-KEM and ML-DSA. In this implementation, we test two distributions to evaluate the impact of their parameters, as the choice of distribution is crucial since poor distribution choices can lead to significant errors. We carefully track these errors to determine their onset and rate of increase. Furthermore, we assess the readiness of organizations for the quantum era, finding that some have already begun their transition. However, our analysis suggests that security personnel within a well known company may not be as prepared as NIST’s recommendations would suggest. It is imperative for organizations to start preparing now to ensure the future security of their data in the face of quantum computing advancements.

Encryption

Post-quantum cryptography

Cybersecurity

Decryption

Other Mathematics

Annan matematik

Other Engineering and Technologies

Annan teknik

Cyber Activity in Sweden : A study on the digital threat landscape in Sweden

Brandt, Samuel

January 2024

Due to erupting conflict within the European region, State officials and newspaper outlets have spoken about the ever-decreasing safety of the Swedish nation in several aspects with the digital threat being one of the forthcoming concerns. To be able to act in a proportional manner and safeguard our digitalized society we first need to gauge the digital threat landscape and uncover how much the situation has changed with the coming of this conflict. We created a wide set of questions based on the published works of academia and grey literature that are related to Cybersecurity and the digital threat landscape. We used this information to interview IT personnel that work in cybersecurity to get a perspective on how the situation looks like for the people at the forefront of this propagated threat. The interviews uncovered that the situation had indeed changed and for the worse. A more digitalized society and advancing technology combined with the existence of skillful hackers result in more frequent and sophisticated attacks. The IT personnel tasked with safeguarding their networks are very aware of this and provide some insight on how they perceive the digital threat landscape in this investigation.

Cybersecurity

Digital threat landscape

Threat landscape

Sweden

Computer Sciences

Datavetenskap (datalogi)

The Influence of Institutional Factors on AI adoption in EU banking cybersecurity: : A narrative literature review.

Engvall, Nazgul

January 2024

The adoption of artificial intelligence (AI) in the European Union (EU) banking sector for cybersecurity purposes presents a complex interplay of promise and challenge. This study employs a qualitative narrative review to investigate how institutional pressures, including regulatory requirements, industry norms, and the pursuit of legitimacy, shape banks' decisions to integrate AI. Analyzing both academic and grey literature, this study reveals how these institutional forces influence banks' decision-making, highlighting the tension between the potential for enhanced security through AI and the need to mitigate risks, address ethical concerns, and maintain public trust. Ultimately, this research contributes to a deeper understanding of the complex institutional dynamics that shape AI adoption in the highly regulated context of EU banking. / Tillämpningen av artificiell intelligens (AI) inom EU:s banksektor för cybersäkerhet innebär en komplex balansgång mellan möjligheter och risker. Denna kvalitativa narrativa litteraturstudie undersöker hur institutionella faktorer – regleringar, branschnormer och strävan efter legitimitet – påverkar bankernas beslut att implementera AI. Genom att analysera både akademisk forskning och branschrapporter belyser studien hur dessa faktorer formar bankernas strategier och beslutsprocesser kring AI. Studien lyfter fram spänningen mellan potentialen för ökad säkerhet genom AI och behovet av att hantera risker, etiska överväganden och upprätthålla förtroendet hos allmänheten. Genom att granska den komplexa institutionella dynamiken som präglar AI-adoption inom den hårt reglerade europeiska banksektorn bidrar denna forskning till en fördjupad förståelse för de utmaningar och möjligheter som AI innebär för cybersäkerheten i denna bransch.

artificial intelligence

cybersecurity

AI in banking

European banks

institutional theory

Social Sciences

Samhällsvetenskap

Cyberattack Evaluation of Cloud-controlled Energy Storage / Utvärdering av cyberattacker mot molnstyrda energilagringssystem

Oscarsson, Joakim, Öhrström, Frans

January 2024

The demand for electricity is rising rapidly, with more power generated through re-newable energy sources. Renewable energy sources can fluctuate in their power output atshort notice, making it more difficult to maintain the balance between electricity consump-tion and production in the short term. A solution that has gained increased interest recentlyis to connect battery energy storage systems to the grid as a means of maintaining balance.However, such systems are often controlled remotely by a cloud control system, creatingtime-critical control loops over the internet that are partly responsible for the stability andcontinued function of the electrical grid. Cyberattacks against these closed-loop systemscould devastate the electrical grid and the apparatus connected to it.In this thesis, a reference model is designed for an electrical grid load-balancing cloudcontrol system connected to remote battery energy storage systems and remote grid fre-quency sensors (measuring the balance between production and consumption). The modelis evaluated from a cybersecurity perspective by implementing a simulator and applyingdifferent cyberattacks on the simulated system.The results show that some of the most critical attack methods that a threat actor couldutilize are: disrupting the connections over the internet that are part of the closed-loopsystem, abusing remote access links from the outside to gain access to subsystems (suchas seizing control of batteries), or disturbing external dependencies to the cloud such asdomain name system (DNS) and network time protocol (NTP) servers or the contractsrelated to electricity trading. The most important cyberattacks identified in the thesis are:time delay switch (delays of messages), denial of service (disturbing message availability),false data injection (modifying message contents), replay (replaying old messages), andload altering (affecting the grid balance through direct altering of electricity consumptionand production).The simulated cyberattacks differ in how they affect the grid frequency, i.e. the gridproduction-consumption balance. Large enough network packet delays caused oscilla-tions in the simulated frequency. Denial of service attacks caused unpredictable behavior,and a high enough packet drop rate caused oscillations. For false data injection, the re-sults depend on which internet link was attacked and what injection strategy was used;some attacks caused oscillations, while others caused a steady state error or even an in-creasingly deviating frequency. Replay attacks were able to cause a deviation during thereplay window when used effectively. Finally, large enough load altering caused oscilla-tions, especially when an attacker had control over at least 15% of the system’s balancingpower.Overall, attacks on the simulated system are serious and precautions must be carefullyconsidered before such a system is implemented in the real world.

battery energy storage systems

cloud control systems

load frequency control

cybersecurity

Computer Systems

Datorsystem

Možnosti zlepšení strategií pro kybernetickou bezpečnost / The potential improvement of the cyber security strategies

Jandura, Lukáš

January 2016

The thesis focusses on central nodes' dynamics in cyberspace, representing its key elements. Such approach derives from the theory of networks developed by Albert-László Barabási and it is conceptualised along with cyberspace in security studies and the role of a state in cyberspace. Main question, which is how to improve cybersecurity strategies, is answered by well-structured package of possible positions of a state towards central nodes. It asses the level of involvement in cyberspace, boundaries of intrusion into central nodes and acceptable tools usable against those which are not directly accessible. Powered by TCPDF (www.tcpdf.org)