CYBERWAR - Det virtuella kriget

Jusufovic, Almin

January 2014

Syftet med denna uppsats är bland annat att utforskabegreppet cyber-war. Cyber-attacker utgör stora hot mot infrastrukturen,datorstyrda system och nätverksbaserade tjänster, enligt tidigare forskning. Menhur hotfulla är dessa attacker egentligen? Ska vi frukta att framtida krig blirvirtuella? Kan en ond grupp av människor med några rader av kod få kontroll övervår nation? För att få en bättre förståelse och för att kunna svara på frågorna, harjag med hjälp av tidigare publicerade publikationer gjort en litteraturanalys.Analysen bygger på sammanställning och jämförelse av åtta olika publikationer.Enligt forskningen så tyder tecken på att cyber-war kan vara ett framtida hot. / The purpose of this paper is to explore the concept of cyber-war. Cyber-attacks pose major threats to infrastructure, computer systems and network-based services, according to previous research. But how threatening are these attacks? Should we fear that future wars will be virtual? Can a group of people with a few lines of code get control of our nation? To get a better understanding and be able to answer these questions, I have used previously published publications and have made a literature analysis. The analysis is based on a compilation and comparison of eight different publications. According to the research, cyber-war may be a future threat.

Cyber-war

Cyber-threat

Cyber-attack

Cyber-terrorism

Virtuella Attacker

Cyber krig

Virtuellt krig

Cyber war

Cyber threat

Cyber terrorism

Engineering and Technology

Teknik och teknologier

Analysis, evaluation, measurements and implementation of network security systems and their critical points of failure during COVID-19 / Analys, utvärdering, mätningar och implementering av nätverkssäkerhetssystem och deras kritiska felpunkter under COVID-19

Olmedilla Belinchón, Adrián

January 2023

This study analyses the evolution of the COVID-19 pandemic from a cybersecurity perspective, highlighting the different types of cyber-attacks experienced that happened around the world. In addition, this thesis shows the different types of cyber-attacks produced due to the lack of security employed during the pandemic crisis and how were the reactions of the different organizations to solving the problem. Furthermore, there are different statistics and graphical tables that show the evolution and how it covered the main types of cyber-attacks by the majority of organizations. The analysis reveals a view of those different attacks that can show in various forms. How the cybercriminals leverage the different vulnerabilities of corporate networks in a never-explored perspective makes this review different from other present papers on the COVID-19 pandemic. In addition, the study manifests the different recommendations proposed by the different experts to avoid a similar situation in times of crisis, making that study a guide to avoid similar situations in the future. In fact, the information extracted from different specialized sources will be used to carry out an objective study. / Den här studien analyserar utvecklingen av covid-19-pandemin ur ett cybersäkerhetsperspektiv, och lyfter fram de olika typer av cyberattacker som upplevts runt om i världen. Dessutom visar denna avhandling de olika typerna av cyberattacker som skapats på grund av bristen på säkerhet som användes under pandemikrisen och hur de olika organisationerna reagerade på att lösa problemet. Dessutom finns det olika statistik och grafiska tabeller som visar utvecklingen och hur den täckte huvudtyperna av cyberattacker från majoriteten av organisationer. Analysen visar en syn på de olika attackerna som kan visa sig i olika former. Hur cyberbrottslingarna utnyttjar de olika sårbarheterna i företagsnätverk i ett aldrig utforskat perspektiv gör att denna recension skiljer sig från andra nuvarande artiklar om covid-19-pandemin. Dessutom visar studien de olika rekommendationerna som föreslagits av de olika experterna för att undvika en liknande situation i kristider, vilket gör den studien till en guide för att undvika liknande situationer i framtiden. Faktum är att informationen från olika specialiserade källor kommer att användas för att genomföra en objektiv studie. / Este estudio analiza la evolución de la pandemia de COVID-19 desde una perspectiva de ciberseguridad, destacando los diferentes tipos de ciberataques experimentados en todo el mundo. Además, esta tesis muestra los diferentes tipos de ciberataques producidos por la falta de seguridad empleada durante la crisis de la pandemia y cómo fueron las reacciones de las diferentes organizaciones ante la solución del problema. Además, existen diferentes estadísticas y tablas gráficas que muestran la evolución y cómo se cubrieron los principales tipos de ciberataques por parte de la mayoría de las organizaciones. El análisis revela una visión de esos diferentes ataques que pueden manifestarse de diversas formas. La forma en que los ciberdelincuentes aprovechan las diferentes vulnerabilidades de las redes corporativas en una perspectiva nunca explorada hace que esta revisión sea diferente de otros documentos actuales sobre la pandemia de COVID-19. Además, el estudio pone de manifiesto las diferentes recomendaciones propuestas por los diferentes expertos para evitar una situación similar en tiempos de crisis, convirtiendo dicho estudio en una guía para evitar situaciones similares en el futuro. De hecho, se utilizará la información extraída de diferentes fuentes especializadas para realizar un estudio objetivo.

COVID-19

Cyber-attack

Internet security

Cybersecurity threats

Remote Work

Cybersecurity Awareness

COVID-19

cyber-attack

Internetsäkerhet

Cybersäkerhetshot

Fjärrarbete

Cybersäkerhetsmedvetenhet

COVID-19

Ataque cibernético

Seguridad en Internet

Amenazas a la seguridad cibernética

Trabajo remoto

Computer Sciences

Datavetenskap (datalogi)

Computer Engineering

Datorteknik

Computer and Information Sciences

Data- och informationsvetenskap

Increasing Effectiveness of U.S. Counterintelligence: Domestic and International Micro-Restructuring Initiatives to Mitigate

Ferguson, Cody J.

20 August 2012

Approved for public release; distribution is unlimited. / Cyberespionage is a prolific threat that undermines the power projection capacity of the United States through reduced economic prowess and a narrowing of the technical advantage employed by the American military. International attempts to limit hostile cyber activity through the development of institutions, normative patterns of behavior, or assimilation of existing laws do not provide the American national security decision maker with a timely or effective solution to address these threats. Unfortunately, the stove-piped, redundant and inefficient nature of the U.S. counterintelligence community does not deliver a viable alternative to mitigating cyberespionage in an effective manner. Instituting a domestic and international micro-restructuring approach within the Department of Defense (DoD) addresses the need for increased effectiveness within an environment of fiscal responsibility. Domestic restructuring places emphasis on developing a forcing mechanism that compels the DoD counterintelligence services to develop joint approaches for combating cyberespionage by directly addressing the needs of the Combatant Commands. International restructuring places an emphasis on expanding cybersecurity cooperation to like-minded nations and specifically explores the opportunity and challenges for increased cyber cooperation with Taiwan. This approach recognizes that Taiwan and the United States are both negatively affected from hostile cyber activity derived from within the People’s Republic of China.

Counterintelligence

Reform

Restructuring

Effectiveness

Counterespionage

Counter-espionage

Cyberespionage

Cyber-espionage

Cybersecurity

Cyber-security

Cyberattack

Cyber-attack

Taiwan

Naval Criminal Investigative Service

NCIS

AFOSI

Law Enforcement

Micro-restructing

Nový MHP rámec pro kybernetickou válku / New IHL Framework for Cyber Warfare

Knopová, Eva

January 2016

NEW IHL FRAMEWORK FOR CYBER WARFARE - ABSTRACT Regarding the increasing number of revealed cyber-attacks aimed at public facilities including the governmental ones by who seems to be other state actors, this thesis aims to reveal the major importance of cyber warfare, point out the fatal vacuum regarding the IHL framework currently in force and suggests its completion by a new IHL convention, which would regulate cyberwarfare in International Armed Conflicts. In order to provide a well-structured and pertinent arguments to support its main points, the thesis uses methods of qualitative analysis of the current IHL sources including international treaties, customary law and work of the main institutions of international justice along with work of judicial scholars and cyber experts. The work contains five main chapters. The first chapter presents the underlining principles of Laws of Wars, including its theory, history and development; and focuses on one of its three main regimes - the International Humanitarian Law. The second part is dedicated to the topic of cyber warfare, defines its scope as computer network attacks, explains their classification system, analyses their effects and provides examples of such attacks. The third chapter focuses on the issue of the current legal vacuum in relation to cyber...

Hacking for the State? : The Use of Private Persons in Cyber Attacks and State Responsibility

Olovson, Natali

January 2020

While there are many examples to turn to regarding the thriving phenomenon of private persons being exploited to launch cyber attacks on behalf of states, this thesis will direct it’s attention onto two special cases. Russia has been accused of being the state actor behind the cyber attacks on Estonia in 2007 and Georgia in 2008. The cases are chosen as Estonia have been recognised as the first coordinated cyber attack on a foreign country, and Georgia being the first case were cyber attacks have been utilised in synchronisation with military action. The purpose of the thesis is to analyse the facts of each case in relation to the International Law Commission’s Draft Articles on Responsibility of States for Internationally Wrongful Acts (DARSIWA). The analysis will work through article 4, article 5, article 8 and article 11. The main question is how Russia may be hold as legally responsible under international law for the private conduct of ’patriotic’ hackers, the Nashi Youth Group and the Russian Business Network. The thesis concludes that while the circumstances of each case highly indicate state-involvement, this cannot be proven under the respective criterias of the articles and Russia does therefore not bear legal responsibility.

state responsibility

cyber attack

Russia

hacktivism

Nashi

Russian Business Network

effective control

adoption of act

government authority

Estonia

Georgia

DDoS

Law (excluding Law and Society)

Students’ Perception of Cyber Threat Severity : Investigating Alignment with Actual Risk Levels

Erfani Torbaghani, Ramtin

January 2023

This study aims to investigate the alignment between students’ perception of cyber threats and their actual risk levels. A mixed-method approach was used, where data was collected from Swedish university students through questionnaires, capturing their perception, familiarity, experience, and protective behaviors. Information regarding the actual risk levels of cyber attacks was obtained from interviews with cyber security professionals and other expert sources, such as cyber security reports. The results showed that students perceive malware, ransomware, phishing, and insecure passwords as the most dangerous threats to society, while denial of service (DoS) attacks and packet sniffing were considered less severe. These findings align somewhat with the suggested threat levels. However, notable proportions of students perceived these threats as moderately dangerous or less severe, suggesting room for improvement in their understanding. The results also showed that protective behaviors among students are generally low, particularly in regards to IoT security. Future work should therefore explore the public’s perception, protective behavior and knowledge of IoT security, but also attacks that are common against such devices. / Denna studie jämför universitetsstudenters uppfattning om hur farliga olika cyberhot är med de faktiska risknivåerna för dessa hot. Data på studenternas uppfattning, bekantskap, erfarenhet och beteenden samlades in genom frågeformulär, medans information om cyberhotens faktiska risknivåer inhämtades från intervjuer med cybersäkerhetsproffs och andra experskällor som cybersäkerhetsrapporter och artiklar. Resultaten visade att studenterna uppfattar malware, ransomware, phishing och osäkra lösenord som de farligaste hoten mot samhället, medan denial of service (DoS)-attacker och packet sniffing ansågs vara mindre allvarliga. Dessa fynd överensstämde något med de föreslagna risknivåerna. Dock ansåg en anmärkningsvärd andel av studenterna dessa hot som måttligt farliga eller mindre allvarliga, vilket tyder på utrymme för förbättringar i deras förståelse. Resultaten visade också att skyddande beteenden bland studenter generellt är låga, särskilt när det gäller IoT-säkerhet. Framtida studier bör därför utforska allmänhetens uppfattning, skyddsbeteende och kunskap om IoT-säkerhet, men även attacker som är vanliga mot sådana enheter.

Cyber Security

Cyber Threat

Perception

Cyber Attack

Ransomware

Malware

Phishing

Packet Sniffing

Denial of Service

Insecure Passwords

IoT

Vulnerability Scanning

Brute Force Attacks

Awareness

Behaviour

Familiarity

University Students

Computer and Information Sciences

Data- och informationsvetenskap

Modellering av en cyberattack på ett industriellt säkerhetssystem

Eriksson, Alma, Lindh, Oskar

January 2020

Stuxnet, Havex, BlackEnergy, Crashoverride, and now Triton/Trisis are all examples of cyber security incidents where industrial systems were targeted. The incident Triton/Trisis is new in it’s kind, as the attacker got all the way into the safety industrial system of an oil and gas refinery. Even if the final goal of the attack is still unknown the attacker had the power to put human life directly at risk. Details of the attack are still unknown and research and reverse engineering is still going on of the attack. The purpose of this study is to create an attack graph of the case. By collecting and combining information from publicly available material and grade all the sources by its trustworthiness the study resulted in a two-layered attack graph. Each node and vector in the graph have specified trustworthiness and the nodes contain related sources, tools, and network segments. The study shows that it is possible to construct an attack graph of the case even if details are still missing. Furthermore, it shows that the specific malicious code was tailor-made, but the steps needed to reach the safety industrial system itself were largely possible with the help of publicly available tools. As a result, the whole industrial industry needs to prepare for an escalation of cyber security incidents. / Stuxnet, Havex, BlackEnergy, Crashoverride och Triton/Trisis är alla exempel på cybersäkerhetsincidenter där industrisystem blivit angripna. Händelsen Triton/Trisis är ny i sitt slag, eftersom angriparen kom hela vägen in i det industriella säkerhetssystemet i ett olje- och gasraffinaderi. Ä ven om det slutliga målet för attacken fortfarande är okänt, hade angriparen möjlighet att sätta människor i fara. Detaljer av attacken är fortfarande okända och forskning samt rekonstruktion av attacken pågår. Syftet med denna studie är att skapa en attackgraf över incidenten. Genom att samla in och kombinera information från allmänt tillgängligt material och betygsätta alla källor genom dess tillförlitlighet resulterade studien i en attackgraf med två lager. Varje nod och vektor i grafen har givits en tillförlitlighet och noderna innehåller relaterade källor, verktyg och nätverkssegment. Studien visar att det är möjligt att konstruera en attackgraf av incidenten även om det saknas detaljer. Dessutom visar den att den specifika skadliga koden var skräddarsydd, men stegen som behövdes för att nå det industriella säkerhetssystemet var till stor del möjliga med hjälp av offentligt tillgängliga verktyg. Som ett resultat behöver hela den industriella industrin förbereda sig för en upptrappning av cybersäkerhetsincidenter. / Kandidatexjobb i elektroteknik 2020, KTH, Stockholm

Triton/Trisis

Trisis malware

Cyber security

IT-s ̈akerhet

Cyber attack

Industrial control systems

Cyber ware-fare

ICS malware

ICS attack

Elektroteknik och elektronik

Memory Efficient Regular Expression Pattern Matching Architecture For Network Intrusion Detection Systems

Kumar, Pawan

08 1900

The rampant growth of the Internet has been coupled with an equivalent growth in cyber crime over the Internet. With our increased reliance on the Internet for commerce, social networking, information acquisition, and information exchange, intruders have found financial, political, and military motives for their actions. Network Intrusion Detection Systems (NIDSs) intercept the traffic at an organization’s periphery and try to detect intrusion attempts. Signature-based NIDSs compare the packet to a signature database consisting of known attacks and malicious packet fingerprints. The signatures use regular expressions to model these intrusion activities. This thesis presents a memory efficient pattern matching system for the class of regular expressions appearing frequently in the NIDS signatures. Proposed Cascaded Automata Architecture is based on two stage automata. The first stage recognizes the sub-strings and character classes present in the regular expression. The second stage consumes symbol generated by the first stage upon receiving input traffic symbols. The basic idea is to utilize the research done on string matching problem for regular expression pattern matching. We formally model the class of regular expressions mostly found in NIDS signatures. The challenges involved in using string matching algorithms for regular expression matching has been presented. We introduce length-bound transitions, counter-based states, and associated counter arrays in the second stage automata to address these challenges. The system uses length information along with counter arrays to keep track of overlapped sub-strings and character class based transition. We present efficient implementation techniques for counter arrays. The evaluation of the architecture on practical expressions from Snort rule set showed compression in number of states between 50% to 85%. Because of its smaller memory footprint, our solution is suitable for both software based implementations on network chips as well as FPGA based designs.

Access Control (Computer Networks)

Cryptography

Network Intrusion Detection System

Computer Security

Cyber-attack

Cascaded Automata Architecture

Deterministic Finite Automata

Modified Word-based NFA (M-WNFA)

Network Security

Pattern Matching

Computer Science

Skydd och incidentrespons inom IT-säkerhet : En studie kring utvecklingen av ransomware / Protection and incident response within IT-security: A study about the development of ransomware

Ericson, Christoffer, Derek, Nick

January 2023

Cybersäkerhet är ett konstant växande hot mot organisationer, genom det ständigt ökade digitaliserade samhället, dock finns tecken på att medvetenheten hos organisationer ökar vad gäller cyberattacker och cybersäkerhet. Cyberattacker kan skapa konsekvenser som kan förhindra organisationens verksamhet. Detta lägger grunden till arbetet, att se hur försvarsförmågan har utvecklats. I värsta fall medför en cyberattack konsekvenser som kan äventyra en organisations överlevnadsförmåga. I och med det nya hotet ransomware, där hotaktören krypterar offrets filer och sedan kräver en lösensumma, har konsekvenserna kraftigt kommit att bli mer fatala. Metoderna för ransomware utvecklas av hotaktörerna vilket kan bidra till mer än bara ekonomiska konsekvenser för organisationen. Mot ransomware gäller i stort samma skyddsåtgärder som mot alla former av cyberattacker, däremot finns en del särskilt viktiga aspekter som belyses i detta arbete, till exempel implementering av backups, adekvat dataskydd samt god Patch Management (d.v.s. protokoll för att åtgärda sårbarheter i programvara). I arbetet sammanställs en branschkonsensus för hur organisationer skall arbeta gentemot cyberattacker, specifikt ransomwareattacker. Detta har gjorts genom en litteratur- och kvalitativ intervjustudie, som sedan har analyserats och diskuterats. Intervjustudien har genomförts hos organisationer som bedöms lämpliga för detta då de dagligen arbetar med cybersäkerhet. En av rekommendationerna är att ha en bra backuprutin, där man skapar, distribuerar och testar dessa. Genom arbetet belyses även hur god patch management bör implementeras. Slutligen presenteras även en ny metod, Ransomware 3.0 där hotaktörer stjäl en organisations IT-miljö för att sedan radera denna lokalt hos organisationen och sedan säljer tillbaka denna, som används av hotaktörerna, som hittills varit okänd, där vidare forskning bör vidtas. / Cybersecurity is a constantly growing threat against organisations due to the increasingly digitalisation of society, although there are signs that the consciousness at organisations has increased regarding cyberattacks and cybersecurity. Cyberattacks can create consequences that can restrain an organisations operations. This creates the foundation for this study, to see how the defence capabilities has developed. A cyberattack can, in the worst case scenario, threaten an organisations ability to survive. In regards to the new threat, ransomware, where the threat actor encrypts the victim’s files and demands a ransom, the consequences can be fatal. The new methods associated with ransomware, where the threat actor also exfiltrates the victim’s files, strongly impact the organisations ability to operate. This could lead to economic consequences, as well as damages towards stakeholder relations. Most protective measures applies towards ransomware, however there are some especially important aspects that are presented in this paper, such as implementation of backups, sufficient data protection as well as good Patch Management (protocol to patch vulnerabilities in software). In this paper, an industry consensus on how organisations should work against cyberattacks, especially ransomware, is compiled. This was performed through a litterature and a qualitative interview study. Both studies has been analysed and discussed.The interview study has been accomplished by interviewing appropriate organisations that work with cyber security daily. One of the recommendations is to have a good backup protocol, which implies creating, distributing and testing these backups. This paper also presents how a good patch management should be implemented. Finally, this paper presents a new method, Ransomware 3.0 where the threat actor steals an organisations IT environment, and then destroys the local copy at the organisation to then sell it back, that is used by the threat actors, that is still uncommon knowledge, where continued research have to be conducted.

IT-security

Cyber Security

Data Security

IT Attack

Cyber Attack

Data Exfiltration

Ransomware

Backup

Encryption

Patch Management

Risk Management

Incident Response

Compliance.

IT-säkerhet

Cybersäkerhet

Datasäkerhet

IT-angrepp

Cyberattack

Dataläcka

Ransomware

Backup

Kryptering

Patch Management

Riskhantering

Incidentrespons

Regelefterlevnad.

Engineering and Technology

Teknik och teknologier

Waging Wars in Cyberspace: How International Law On Aggression And Self-Defense Falls Short Of Addressing Cyber Warfare.Could Iran Legally Retaliate For The Stuxnet Attack?

Rubin, Willa

16 June 2016

No description available.

International Law

International Relations

Law

Legal Studies

Political Science

cyber

cyber security

cyber warfare

cyber crime

cyber

cyber attack

cyber operation

stuxnet

article 51

un

un charter

jus ad bellum

jus in bello

international law

rome statute

aggression

self-defense

international court of justice

icj