1 |
Vulnerability in a cyberattack : How DoS affects Swedish government authoritiesBurgos, Peter, Storsten, Julia January 2014 (has links)
With a growing development of technologies and the fact that many companies implements online services, an interruption in such service could cause problems for any kind of user by exploiting the vulnerabilities in these systems. The Swedish Armed Forces (SwAF) indicates that the development of the defensive ability must continue, since the vulnerability of the cyberenvironment becomes a greater interest for adversaries. A denial of service can create panic by e.g. force resources to look into the ongoing attack minimizing the awareness of the protection of other systems. Known attacking tools and statistics are presented in this thesis, but the scope is to generate a framework. The main aim is to look into the Swedish government authorities and give an insight of how a possible path for an increased resilience against a modern distributed denial of service attack could be and at the same time expand the knowledge and give a base for developing more secure systems. This thesis consists of a survey and simulations of network traffic behaviors in order to categorize and give a framework for a small, middle and large sized authority. The result shows that a small sized authority has a risk of 47% in not being able to survive an attack, while a middle sized authority only would have 17% as dangerous risk, since that is the risk of having attacks exceeding 60 Gbit/s. A large sized authority is defined by having a capacity of 100 Gbit/s. Therefore, an increased resilience is by exceeding 60 Gbit/s showing that 60% of the authorities within this thesis are prepared against a modern distributed denial of service attack. If an attack succeeds, the authorities are at greater risk to not be able to communicate externally and reach out to the society as impact. / Med en snabb teknikutveckling och det faktum att många företag genomför online-tjänster, kan ett avbrott i en sådan tjänst orsaka problem för alla typer av användare genom att utnyttja sårbarheter i dessa system. Försvarsmakten antyder att utvecklingen av den defensiva förmågan måste fortsätta, eftersom sårbarheten i cybermiljön blir ett större intresse för motståndare. En överbelastningsattack kan skapa panik genom att t.ex. tvinga resurser att undersöka en pågående attack vilket minimerar medvetenheten för skydd av andra system. Kända attackverktyg och statistik presenteras i denna studie men avgränsningen är att skapa ett ramverk. Det främsta syftet är att undersöka svenska myndigheter och ge en mall för en ökad motståndskraft mot överbelastningsattacker och att även öka kunskapen och ge en bas för att utveckla säkrare system. Studien består av en enkätundersökning och simuleringar om beteendet av nätverkstrafik för att kategorisera och ge en ram för en liten, medel och stor myndighet. Resultatet av denna studie visar att en liten myndighet har en risk på 47% att inte överleva en attack, medan en medelstor myndighet endast skulle ha en risk på 17% att inte överleva, eftersom det är risken för attacker som överstiger 60 Gbit/s. En stor myndighet definieras genom att ha en kapacitet på 100 Gbit/s. Ett ökat motstånd är därmed en kapacitet på över 60 Gbit/s som visar att 60% av myndigheterna inom denna studie är förberedda inför en överbelastningsattack. Om en attack lyckas, löper myndigheterna större risk att inte kunna kommunicera externt och nå ut till samhället som påverkan.
|
2 |
Successful Operational Cyber Security Strategies for Small BusinessesBarosy, Wileen 01 January 2019 (has links)
Cybercriminals threaten strategic and efficient use of the Internet within the business environment. Each year, cybercrimes in the United States cost business leaders approximately $6 billion, and globally, $445 billion. The purpose of this multiple case study was to explore the operational strategies chief information security officers of high-technology companies used to protect their businesses from cyberattacks. Organizational learning theory was the conceptual framework for the study. The population of the study was 3 high-technology business owners operating in Florida who have Internet expertise and successfully protected their businesses from cyberattacks. Member checking and methodological triangulation were used to valid the data gathered through semistructured interviews, a review of company websites, and social media pages. Data were analyzed using thematic analysis, which supported the identification of 4 themes: effective leadership, cybersecurity awareness, reliance on third-party vendors, and cybersecurity training. The implications of this study for positive social change include a safe and secure environment for conducting electronic transactions, which may result in increased business and consumer confidence strengthened by the protection of personal and confidential information. The creation and sustainability of a safe Internet environment may lead to increased usage and trust in online business activities, leading to greater online business through consumer confidence and communication.
|
3 |
Cybersecurity and The Resilience Measures in Critical Infrastructure in Sweden : A Comparative Desk Study Between Sweden and The United StatesIdengren, Pauline January 2024 (has links)
In an era marked by pervasive digitization, the reliance on interconnected information and communication technologies (ICTs) has become indispensable for the functioning of modern society. However, this digital transformation has exposed critical infrastructure sectors to a multitude of cyber threats, ranging from malicious cybercriminal activities to state-sponsored cyber espionage. As a result, ensuring the resilience of cybersecurity measures within critical infrastructure has emerged as a paramount concern for governments, organizations, and societies worldwide. This thesis investigates the approaches to cybersecurity resilience protection, with a comparative analysis between Sweden and the United States. Through an examination of cybersecurity risk management practices, threat intelligence sharing mechanisms, and public-private partnerships, the study aims to evaluate the resilience measures implemented in safeguarding vital sectors such as energy, healthcare and finance against cyber threats. Drawing upon complexity theory and human security theory as theoretical frameworks, the research explores the institutional dynamics and socio-political factors shaping cybersecurity resilience strategies in both countries. By synthesizing empirical data from government reports, literature, industry publications, and expert interviews, the thesis aims to identify strengths and weaknesses together with key challenges, best practices, and areas for improvement in enhancing cybersecurity resilience capabilities. The findings of this study contribute to the academic discourse on cybersecurity resilience and by understanding the comparative strengths and weaknesses of cybersecurity resilience approaches, decision-makers can formulate evidence-based strategies to mitigate cyber risks and foster greater resilience in the face of evolving cyber threats.
|
4 |
Informační a kybernetické hrozby v roce 2019 / Information and Cyber Threats in 2019Bača, Jonatán January 2020 (has links)
Diploma thesis focuses on information and cyber threats in 2019. It comprises theoretical basis for better understanding of the issue. Afterward the thesis describes the analysis of the current situation which combined several analyses primarily aimed on Czech companies. In the last part draft measures is created which contain predictions and preventive actions and recommendations for companies.
|
5 |
"More dangerous than guns and tanks" : How cybersecurity is framed by the EU and SwedenLindvall, Erik January 2020 (has links)
The purpose of this thesis is to study the way the European Union and Sweden respectively frame the subject of cybersecurity, to see whether their framing differs and what consequences that may have. In order to study this, the thesis will study the cybersecurity strategies of the European Union and Sweden through a discourse analysis according to the Copenhagen school’s theory of securitization. The purpose is to see what the two actors define as the object that needs to be secured, what threatens said object and what measures should be taken to secure it. To study the cybersecurity strategies, data will be gathered from the European Union’s Cybersecurity Act of 2019 and Sweden’s six cybersecurity priorities, alongside other policy papers deemed relevant. The two points will then be compared in order to see how the framing align or contrast, to see what consequences that may bring.
|
6 |
Lightweight Cyberattack Intrusion Detection System for Unmanned Aerial Vehicles using Recurrent Neural NetworksWei-Cheng Hsu (10929852) 30 July 2021 (has links)
<div>Unmanned aerial vehicles (UAVs) have gained more attention in recent years because of their ability to execute various missions. However, recent works have identified vulnerabilities in UAV systems that make them more readily prone to cyberattacks. In this work, the vulnerabilities in the communication channel between the UAV and ground control station are exploited to implement cyberattacks, specifically, the denial of service and false data injection attacks. Unlike other related studies that implemented attacks in simulations, we demonstrate the actual implementation of these attacks on a Holybro S500 quadrotor with PX4 autopilot firmware and MAVLink communication protocol.</div><div><br></div><div>The goal was to create a lightweight intrusion detection system (IDS) that leverages recurrent neural networks (RNNs) to accurately detect cyberattacks, even when implemented on a resource-constrained platform. Different types of RNNs, including simple RNNs, long short-term memory, gated recurrent units, and simple recurrent units, were trained and tested on actual experimental data. A recursive feature elimination approach was carried out on selected features to remove redundant features and to create a lighter RNN IDS model. We also studied the resource consumption of these RNNs on an Arduino Uno board, the lowest-cost companion computer that can be implemented with PX4 autopilot firmware and Pixhawk autopilot boards. The results show that a simple RNN has the best accuracy while also satisfying the constraints of the selected computer.<br></div>
|
7 |
Exploring the Implementation of Cloud Security to Minimize Electronic Health Records CyberattacksTyler, Lamonte Bryant 01 January 2018 (has links)
Health care leaders lack the strategies to implement cloud security for electronic medical records to prevent a breach of patient data. The purpose of this qualitative case study was to explore strategies senior information technology leaders in the healthcare industry use to implement cloud security to minimize electronic health record cyberattacks. The theory supporting this study was routine activities theory. Routine activities theory is a theory of criminal events that can be applied to technology. The study's population consisted of senior information technology leaders from a medical facility in a large northeastern city. Data collection included semistructured interviews, phone interviews, and analysis of organizational documents. The use of member checking and methodological triangulation increased the validity of this study's findings among all participants. There were 5 major themes that emerged from the study (a) requirement of coordination with the electronic health record vendor and the private cloud vendor, (b) protection of the organization, (c) requirements based on government and organizational regulations, (d) access management, (e) a focus on continuous improvement. The results of this study may create awareness of the necessity to secure electronic health records in the cloud to minimize cyberattacks. Cloud security is essential because of its social impact on the ability to protect confidential data and information. The results of this study will further serve as a foundation for positive social change by increasing awareness in support of the implementation of electronic health record cloud security.
|
8 |
Robustness, Resilience, and Scalability of State Estimation AlgorithmsShiraz Khan (8782250) 30 November 2023 (has links)
<p dir="ltr">State estimation is a type of an <i>inverse problem</i> in which some amount of observed data needs to be processed using computer algorithms (which are designed using analytical techniques) to infer or reconstruct the underlying model that produced the data. Due to the ubiquity of data and interconnected control systems in the present day, many engineering domains have become replete with inverse problems that can be formulated as state estimation problems. The interconnectedness of these control systems imparts the associated state estimation problems with distinctive structural properties that must be taken into consideration. For instance, the observed data could be high-dimensional and have a dependency structure that is best described by a graph. Furthermore, the control systems of today interface with each other and with the internet, bringing in new possibilities for large-scale collaborative sensor fusion, while also (potentially) introducing new sources of disturbances, faults, and cyberattacks. </p><p dir="ltr">The main thesis of this document is to investigate the unique challenges related to the issues of robustness, resilience (to faults and cyberattacks), and scalability of state estimation algorithms. These correspond to research questions such as, <i>"Does the state estimation algorithm retain its performance when the measurements are perturbed by unknown disturbances or adversarial inputs?"</i> and <i>"Does the algorithm have any bottlenecks that restrict the size/dimension of the problems that it could be applied to?".</i> Most of these research questions are motivated by a singular domain of application: autonomous navigation of unmanned aerial vehicles (UAVs). Nevertheless, the mathematical methods and research philosophy employed herein are quite general, making the results of this document applicable to a variety of engineering tasks, including anomaly detection in time-series data, autonomous remote sensing, traffic monitoring, coordinated motion of dynamical systems, and fault-diagnosis of wireless sensor networks (WSNs), among others.</p>
|
9 |
Analysing Perceptions of Six Cyberattacks / Analys av uppfattningar om sex olika cyber attackerLundén, Viktor January 2022 (has links)
The main topic of this degree project is the analysis of the general public’s perceptions on six different types of cyberattacks and their security measures taken against these cyberattacks. One of the goals of this degree project was to investigate if the perceptions of the cyberattacks were accurate and if lower educated people have different perceptions from higher educated people. While there may be plenty of research about cybersecurity and cyberattacks in general, there is little research in regards to the general public’s perceptions on different types of cyberattacks, especially regarding an international demographic. This degree project can help strengthen cybersecurity on different computer systems by analysing how people from an international demographic perceive these six different cyberattacks and how they counteract these cyberattacks. In order to collect data from international respondents, online surveys were used. Multiple websites were used to send the survey, with the main website being SurveySwap. The analysis contains comparisons between facts found in literature and perceptions of respondents and more. Two-sample t-tests and chi-squared tests were used to compare perceptions between lower educated people and higher educated people. According to the results, respondents in general seemed to have good understanding of some cyberattacks. However there were also some cyberattacks that the respondents in general did not have good understanding of. The results also indicated that there was probably no difference between perceptions from the lower educated respondents and higher educated respondents. The results of this degree project can be used in similar research to further investigate the perceptions among the general public of different cyberattacks. / Ämnet för denna examensarbete är analysen av allmänhetens uppfattningar omsex olika typer av cyberattacker och allmänhetens säkerhetsåtgärder vidtagnamot dessa cyberattacker. Ett av målen med denna examensarbete var attundersöka om uppfattningarna om cyberattackerna var korrekta och om lågutbildademänniskor har andra uppfattningar om cyberattackerna än högutbildade människor.Även om det kan finnas mycket forskning om cybersäkerhet och cyberattackeri allmänhet, finns det liten forskning om allmänhetens uppfattningar om olikatyper av cyberattacker, särskilt när det gäller en internationell demografi.Denna examensarbete kan hjälpa till att förstärka cybersäkerheten genom attanalysera hur demografisk internationella människor uppfattar dessa sex olikacyberattacker och hur de motverkar dessa cyberattacker.För att samla in data från internationella respondenter användes enkäter iInternet. Flera webbplatser användes för att skicka enkäten, huvudwebbplatsenvar SurveySwap. Analysen innehåller jämförelser mellan fakta som finns ilitteratur och uppfattningar från respondenter med mera. T-tester och chitvå-tester användes för att jämföra uppfattningar mellan lågutbildade ochhögutbildade människor.Enligt resultaten verkade respondenterna i allmänhet ha god förståelse förvissa typer av cyberattacker. Däremot hade respondenterna i allmänhet svagareförståelse för vissa andra typer av cyberattacker. Resultaten tydde också på attdet sannolikt inte fanns någon skillnad mellan uppfattningar om cyberattackermellan lågutbildade respondenter och högutbildade respondenter. Resultatenav denna examensarbete kan användas i liknande forskning för att ytterligareundersöka hur allmänheten uppfattar olika cyberattacker
|
10 |
Vulnerabilities in Outdated Content Management Systems : An Analysis of the Largest WordPress Websites.Ekstam Ljusegren, Hannes January 2023 (has links)
The rapid growth of the internet over the past two decades has been accompaniedby a significant increase in cyberattacks, including ones targeting websites. Among thevast number of websites, approximately 50% are built using popular Content ManagementSystems (CMS) such as WordPress, Shopify, and Wix. Furthermore, websites created usingCMS platforms may be more attractive targets for attackers due to common frameworksand shared vulnerabilities. This study examines the prevalence of security vulnerabilitiesin the category "Vulnerable and Outdated Components" in these CMS-created websiteswith a focus on the WordPress CMS. From scanning one million of the largest websites,version information of WordPress and related extensions is collected and matched againstexploits in publicly available databases (exploit databases). The study finds that approxi-mately 65% of the WordPress websites are up-to-date, and that approximately 1.1% of thelargest websites running WordPress are susceptible to severe vulnerabilities to the Word-Press Core, and more to plugin vulnerabilities. The study also finds that 70% of all severepublic exploits both recently and historically spawn from 3 categories, including cross-sitescripting attacks, cross-site request forgery, and SQL injection. Based on the results gath-ered, a well-designed demonstration showcasing two vulnerabilities is develo
|
Page generated in 0.0702 seconds