Assessing cybersecurity within game companies : An interview study

Ginman, Johan

January 2023

This study examines the understanding of cybersecurity, with a distinct focus on the culture and awareness of cybersecurity within the Swedish game development industry. Utilising a qualitative research design, five semi-structured interviews were conducted with professionals in the domain, and the results are discussed and compared with relevant prior studies. The findings reveal a variance in cybersecurity cultures between larger and smaller organisations, largely dictated by resource availability; security measures are frequently implemented in a reactive rather than proactive manner. Moreover, the study identifies ransomware as the most significant threat in the studio’s threat landscapes. Companies’ perceptions and responses to this threat differ; smaller enterprises often rely on informal security policies, while larger organisations implement regular backup procedures and more sophisticated security measures.

Cybersecurity

awareness

culture

game development

ransomware

distance work

security

threats

Information Systems, Social aspects

Skydd och incidentrespons inom IT-säkerhet : En studie kring utvecklingen av ransomware / Protection and incident response within IT-security: A study about the development of ransomware

Ericson, Christoffer, Derek, Nick

January 2023

Cybersäkerhet är ett konstant växande hot mot organisationer, genom det ständigt ökade digitaliserade samhället, dock finns tecken på att medvetenheten hos organisationer ökar vad gäller cyberattacker och cybersäkerhet. Cyberattacker kan skapa konsekvenser som kan förhindra organisationens verksamhet. Detta lägger grunden till arbetet, att se hur försvarsförmågan har utvecklats. I värsta fall medför en cyberattack konsekvenser som kan äventyra en organisations överlevnadsförmåga. I och med det nya hotet ransomware, där hotaktören krypterar offrets filer och sedan kräver en lösensumma, har konsekvenserna kraftigt kommit att bli mer fatala. Metoderna för ransomware utvecklas av hotaktörerna vilket kan bidra till mer än bara ekonomiska konsekvenser för organisationen. Mot ransomware gäller i stort samma skyddsåtgärder som mot alla former av cyberattacker, däremot finns en del särskilt viktiga aspekter som belyses i detta arbete, till exempel implementering av backups, adekvat dataskydd samt god Patch Management (d.v.s. protokoll för att åtgärda sårbarheter i programvara). I arbetet sammanställs en branschkonsensus för hur organisationer skall arbeta gentemot cyberattacker, specifikt ransomwareattacker. Detta har gjorts genom en litteratur- och kvalitativ intervjustudie, som sedan har analyserats och diskuterats. Intervjustudien har genomförts hos organisationer som bedöms lämpliga för detta då de dagligen arbetar med cybersäkerhet. En av rekommendationerna är att ha en bra backuprutin, där man skapar, distribuerar och testar dessa. Genom arbetet belyses även hur god patch management bör implementeras. Slutligen presenteras även en ny metod, Ransomware 3.0 där hotaktörer stjäl en organisations IT-miljö för att sedan radera denna lokalt hos organisationen och sedan säljer tillbaka denna, som används av hotaktörerna, som hittills varit okänd, där vidare forskning bör vidtas. / Cybersecurity is a constantly growing threat against organisations due to the increasingly digitalisation of society, although there are signs that the consciousness at organisations has increased regarding cyberattacks and cybersecurity. Cyberattacks can create consequences that can restrain an organisations operations. This creates the foundation for this study, to see how the defence capabilities has developed. A cyberattack can, in the worst case scenario, threaten an organisations ability to survive. In regards to the new threat, ransomware, where the threat actor encrypts the victim’s files and demands a ransom, the consequences can be fatal. The new methods associated with ransomware, where the threat actor also exfiltrates the victim’s files, strongly impact the organisations ability to operate. This could lead to economic consequences, as well as damages towards stakeholder relations. Most protective measures applies towards ransomware, however there are some especially important aspects that are presented in this paper, such as implementation of backups, sufficient data protection as well as good Patch Management (protocol to patch vulnerabilities in software). In this paper, an industry consensus on how organisations should work against cyberattacks, especially ransomware, is compiled. This was performed through a litterature and a qualitative interview study. Both studies has been analysed and discussed.The interview study has been accomplished by interviewing appropriate organisations that work with cyber security daily. One of the recommendations is to have a good backup protocol, which implies creating, distributing and testing these backups. This paper also presents how a good patch management should be implemented. Finally, this paper presents a new method, Ransomware 3.0 where the threat actor steals an organisations IT environment, and then destroys the local copy at the organisation to then sell it back, that is used by the threat actors, that is still uncommon knowledge, where continued research have to be conducted.

IT-security

Cyber Security

Data Security

IT Attack

Cyber Attack

Data Exfiltration

Ransomware

Backup

Encryption

Patch Management

Risk Management

Incident Response

Compliance.

IT-säkerhet

Cybersäkerhet

Datasäkerhet

IT-angrepp

Cyberattack

Dataläcka

Ransomware

Backup

Kryptering

Patch Management

Riskhantering

Incidentrespons

Regelefterlevnad.

Engineering and Technology

Teknik och teknologier

Ransomware-hotet mot svenska sjukhus : – en intervju- och litteraturstudie

Ahl, Josefin, Djurklou, Julia

January 2021

Statistik visar att ransomware har ökat lavinartat de senaste åren, inte minst under den rådande Covid-19-pandemin. Cyberkriminella har kommit att utnyttja sjukhus runt om i världen som redan är överbelastade med att ta hand om patienter svårt sjuka i Covid-19. I denna uppsats undersöks det hur de svenska sjukhusen upplever och hanterar det ökade hotet av ransomware. Den utgörs av en litteraturstudie och några djupintervjuer. Litteraturstudien görs för att utforska fenomenet ransomware och ta reda på varför ransomware är en framgångsrik metod för kriminella att använda vid utpressning. Syftet är även att undersöka hur svenska sjukhus förhåller sig till att hälso- och sjukvårdssektorn har blivit attraktiva mål för cyberangrepp. I intervjustudien undersöks sjukhusens IT-säkerhet för att kartlägga om de är tillräckligt motståndskraftiga mot ransomware-angrepp. Intervjusvaren diskuteras och analyseras mot bakgrund av litteraturen. Slutsatsen av denna analys ligger till grund för åtgärdsförslag. Resultatet visar att sjukhusen/regionerna som tillfrågats har en bra IT-säkerhet. De mest centrala säkerhetsmekanismerna för verksamheterna är deras backup- och återställningsrutiner i kampen mot ransomware. Diskussionen i arbetet sammanfogar resultatet från både litteraturstudien och intervjustudien som genomförts. Utifrån diskussionen dras sedan slutsatsen att regionerna som tillfrågats har bra säkerhet och uppfyller de flesta av rekommendationer som publicerats av svenska myndigheter. Inte desto mindre resulterar studien i några uppslag till förbättringar i säkerhetsrutiner. / Statistics show an increase in ransomware activity in recent years. The increase is mainly due to the ongoing Covid-19 pandemic. Cybercriminals take advantage of the fact that hospitals worldwide are overloaded with caring for seriously ill patients in Covid-19 and perform ransomware attacks. This thesis examines how Swedish hospitals experience and handle the increased threat of ransomware. The bachelor’s thesis consists of a literature study and some in-depth interviews. The literature study is investigating ransomware as a phenomenon and finding out why it is a successful method for cybercriminals to use in digital extortion. The purpose is also to investigate how Swedish hospitals relate to the fact that the healthcare sector has become an attractive target for cyber-attacks. The interview study examines the hospitals' IT security to determine whether they are sufficiently resistant to ransomware attacks. The interview results are discussed and analyzed against the background of the literature. The conclusion of this analysis is the basis for the proposed countermeasure. The results show that the hospitals surveyed have suitable IT security. The most central security mechanisms for the hospitals are their backup and recovery routines in the fight against ransomware. The discussion in this work combines the results from the literature and interview studies carried out. Based on the discussion, the conclusion is that the hospitals surveyed have good security and meet most of the recommendations published by Swedish authorities. Still, there is room for some improvement which is indicated.

Ransomware

IT-säkerhet

Backup-rutiner

Cyberkriminella

Hälso- och sjukvårdssektorn

Utpressningsvirus

Computer and Information Sciences

Data- och informationsvetenskap

Information Systems

Practice-Oriented Cybersecurity Training Framework

Podila, Laxmi Mounika

January 2020

No description available.

Academic Guidance Counseling

Computer Engineering

Computer Science

Curriculum Development

Education

Students’ Perception of Cyber Threat Severity : Investigating Alignment with Actual Risk Levels

Erfani Torbaghani, Ramtin

January 2023

This study aims to investigate the alignment between students’ perception of cyber threats and their actual risk levels. A mixed-method approach was used, where data was collected from Swedish university students through questionnaires, capturing their perception, familiarity, experience, and protective behaviors. Information regarding the actual risk levels of cyber attacks was obtained from interviews with cyber security professionals and other expert sources, such as cyber security reports. The results showed that students perceive malware, ransomware, phishing, and insecure passwords as the most dangerous threats to society, while denial of service (DoS) attacks and packet sniffing were considered less severe. These findings align somewhat with the suggested threat levels. However, notable proportions of students perceived these threats as moderately dangerous or less severe, suggesting room for improvement in their understanding. The results also showed that protective behaviors among students are generally low, particularly in regards to IoT security. Future work should therefore explore the public’s perception, protective behavior and knowledge of IoT security, but also attacks that are common against such devices. / Denna studie jämför universitetsstudenters uppfattning om hur farliga olika cyberhot är med de faktiska risknivåerna för dessa hot. Data på studenternas uppfattning, bekantskap, erfarenhet och beteenden samlades in genom frågeformulär, medans information om cyberhotens faktiska risknivåer inhämtades från intervjuer med cybersäkerhetsproffs och andra experskällor som cybersäkerhetsrapporter och artiklar. Resultaten visade att studenterna uppfattar malware, ransomware, phishing och osäkra lösenord som de farligaste hoten mot samhället, medan denial of service (DoS)-attacker och packet sniffing ansågs vara mindre allvarliga. Dessa fynd överensstämde något med de föreslagna risknivåerna. Dock ansåg en anmärkningsvärd andel av studenterna dessa hot som måttligt farliga eller mindre allvarliga, vilket tyder på utrymme för förbättringar i deras förståelse. Resultaten visade också att skyddande beteenden bland studenter generellt är låga, särskilt när det gäller IoT-säkerhet. Framtida studier bör därför utforska allmänhetens uppfattning, skyddsbeteende och kunskap om IoT-säkerhet, men även attacker som är vanliga mot sådana enheter.

Cyber Security

Cyber Threat

Perception

Cyber Attack

Ransomware

Malware

Phishing

Packet Sniffing

Denial of Service

Insecure Passwords

IoT

Vulnerability Scanning

Brute Force Attacks

Awareness

Behaviour

Familiarity

University Students

Computer and Information Sciences

Data- och informationsvetenskap

The Dark Flows of Cryptocurrency : an overview of money flow behaviors in Bitcoin transactions related to online criminal activities and Bitcoin mixers

Olsson, Anton, Andersson, Daniel

January 2024

The decentralized and pseudonymous nature of cryptocurrencies like Bitcoin has made it easier for criminal entities to engage in illicit activities online compared to relying on traditional currency systems. Detecting these activities is vital to preventing and combating such abuse. We employ a data collection tool based on a Depth First Search algorithm to follow the largest receivers from 10 illicit starting addresses in each abuse type; Darknet, Blackmail, Tumbler, and Ransomware. The results from our two searches showed that money tends to be concentrated to one or two receivers and that all abuse types rely heavily on so-called Two-Transaction addresses. These addresses are only used once, likely as intermediaries to obfuscate money flow, potentially within the inner layer of Bitcoin Tumblers. The results also showed behaviors within the abuse types that were both consistent with and divergent from existing research. Furthermore, similarities and unique behaviors across the abuse types were identified. Expanding the dataset with deeper searches could yield clearer patterns in money flow behavior. Additionally, increasing the number of data collection points could enhance the analysis. Finally, the starting addresses significantly impacted the trustworthiness and reliability of our results. We hope our findings, lessons, and developed tools will aid future research and the development of strategies to combat online abuse.

crypto

darknet

blackmail

bitcoin

cryptocurrency

mixer

mixers

tumbler

tumblers

malware

ransomware

flow of money

flow of bitcoin

dark flows

dark flow

criminal activity

criminals

online abuse

abuse

python

depth first search

dfs

following money

follow the money

Computer and Information Sciences

Data- och informationsvetenskap