Skip to main content
SpringerLink
Log in

Security Assurance Against Cybercrime Ransomware

  • Conference paper
  • First Online:
Intelligent Computing & Optimization (ICO 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 866))

Included in the following conference series:

Abstract

Cybercrime is not only a social ill but it does also pose a tremendous threat to our virtual world of personal, corporate and national data security. The recent global cyberattack of WannaCry ransomware has created an adverse effect on worldwide financials, healthcare and educational sectors, highlighting the poor state of cyber security and its failure. This growing class of cyber attackers is gradually becoming one of the fundamental security concerns that require immediate attention of security researchers. This paper explores why the volume and severity of cyberattacks are far exceeding with the capabilities of their mitigation techniques and how the preventive safety measures could reduce the losses from cybercrime for such type of attacks in future. It further expresses the need to have a better technological vision and stronger defenses, to change the picture where human cognition might be the next big weapon as a security assurance toolkit.

On Sabbatical leave from DXC Techology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Adham, M., Azodi, A., Desmedt, Y., Karaolis, I.: How to attack two-factor authentication internet banking. In: International Conference on Financial Cryptography and Data Security, pp. 322–328. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  2. Arlitsch, K., Edelman, A.: Staying safe: cyber security for people and organizations. J. Lib. Admin. 54(1), 46–56 (2014)

    Article  Google Scholar 

  3. Bergman, M.K.: White paper: the deep web: surfacing hidden value. J. Electron. Publ. 7(1) (2001)

    Google Scholar 

  4. Collier, R.: NHS ransomware attack spreads worldwide. CMAJ 189, E786–E787 (2017). https://doi.org/10.1503/cmaj.1095434

    Article  Google Scholar 

  5. Everett, C.: Ransomware: to pay or not to pay? Comput. Fraud Secur. 4, 8–12 (2016)

    Article  Google Scholar 

  6. Gandhi, K.A.: Survey on ransomware: a new era of cyber attack. Int. J. Comput. Appl. 168(3), 38–41 (2017)

    Google Scholar 

  7. Greenleaf, G.: Philippines Appoints Privacy Commission in Time for Mass Electoral Data Hack (2016)

    Google Scholar 

  8. Jøsang, A., et al.: Local user-centric identity management. J. Trust. Manag. 2(1), 1 (2015)

    Google Scholar 

  9. Kirlappos, I., Parkin, S., Sasse, M.A.: Learning from ‘Shadow Security’: why understanding noncompliant behaviors provides the basis for effective security. In: USEC Workshop on Usable Security (2014)

    Google Scholar 

  10. Laszka, A., Farhang, S., Grossklags, J.: On the economics of ransomware (2017). arXiv preprint arXiv:1707.06247

  11. Levchenko, K., et al.: Click trajectories: end-to-end analysis of the spam value chain. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 431–446 (2011)

    Google Scholar 

  12. Lunker, M.: Cyber laws: a global perspective. Internet Source (2005). http://unpanl.un.org/intradoc/groups/public/documents/APCITY/UNPAN005846.pdf

  13. Mansfield-Devine, S.: The Ashley Madison affair. Netw. Secur. 9, 8–16 (2015)

    Article  Google Scholar 

  14. Martin, G., Kinross, J., Hankin, C.: Effective cyber security is fundamental to patient safety (2017)

    Google Scholar 

  15. Minkus, T., Ross, K.W: I know what you’re buying: privacy breaches on ebay. In: International Symposium on Privacy Enhancing Technologies Symposium, pp. 164–183. Springer International Publishing (2014)

    Google Scholar 

  16. Mohurle, S., Patil, M.: A brief study of Wannacry Threat: ransomware attack. Int. J. 8(5), 1938–1940 (2017)

    Google Scholar 

  17. Net Losses: Estimating the Global Cost of Cybercrime McAfee, Center for Strategic and International Studies (2014). http://go.nature.com/15nom3

  18. OBrien, D.: Dridex: Tidal waves of spam pushing dangerous financial trojan. Symantec, White Paper (2016)

    Google Scholar 

  19. OWASP: AppSec Europe HTTP Parameter Pollution (2009). http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf. Accessed 20 Apr 2014

  20. Perlroth, N.: Hackers in China attacked The Times for last 4 months. NY Times, 30 January 2013

    Google Scholar 

  21. Rehman, H., Nazir, M., Mustafa, K.: Security of web application: state of the art. In: International Conference of Information, Communication and Computer Technology ICICCT 2017 likely to be appear soon in Springer CCIS series (2017)

    Google Scholar 

  22. Robert S., Philip S.: Client-side attacks and defense. In: Syngress (2012). ISBN: 978-1-59749-590-5

    Google Scholar 

  23. Rudman, L., Irwin, B.: Dridex: analysis of the traffic and automatic generation of IOCs. In: Information Security for South Africa (ISSA), IEEE 2016, pp. 77–84, August 2016

    Google Scholar 

  24. Scaife, N., Carter, H., Traynor, P., Butler, K.R.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303–312. IEEE, June 2016

    Google Scholar 

  25. Shields, K.: Cybersecurity: recognizing the risk and protecting against attacks. NC Banking Inst. 19, 345 (2015). http://scholarship.law.unc.edu/ncbi/vol19/iss1/18

  26. Turpe, S.: Security testing: turning practice into theory. In: IEEE International Conference on Proceedings of Software Testing Verification and Validation Workshop, ICSTW 2008, pp. 294–302 (2008)

    Google Scholar 

  27. Waldrop, M.M.: How to hack the hackers: the human side of cybercrime. Nature 533(7602), 164–167 (2016)

    Article  Google Scholar 

  28. Walters, R.: Cyber attacks on US companies in 2014. Heritage Foundation Issue Brief, vol. 4289 (2014).

    Google Scholar 

  29. Web Application Attack and Audit Framework. http://w3af.sourceforge.net. Accessed 20 Apr 2014

  30. Weinberger, S.: Is this the start of cyberwarfare? Nature 474(7350), 142 (2011). Chicago

    Google Scholar 

  31. Wilkinson, C.: Cyber Risks: The Growing Threat (2013)

    Google Scholar 

  32. Zhang, H., Yao, D.D., Ramakrishnan, N.: Detection of stealthy malware activities with traffic causality and scalable triggering relation discovery. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications security, pp. 39–50, June 2014

    Google Scholar 

  33. https://www.mcafee.com/in/resources/reports/rp-threats-predictions-2016.pdf. Accessed 27 Jun 2018

  34. https://www.webroot.com/shared/pdf/reinventing-antivirus.pdf

  35. https://www.mcafee.com/in/resources/reports/rp-threats-predictions-2016.pdf. Accessed 27 Jun 2018

  36. Bruza, P.D., Wang, Z., Busemeyer, J.R.: Quantum cognition: a new theoretical approach to psychology. Trends Cogn. Sci. 19(7), 383–393 (2015)

    Article  Google Scholar 

  37. Rehman, H., Khan, U., Nazir, M., Mustafa, K.: Strengthening the Bitcoin safety: a graded span based key partitioning mechanism. In: International Journal of Information Technology (selected for publication in vol. 10) (2018)

    Google Scholar 

  38. Alexander, R., Hawkins, R., Kelly, T.: Security assurance cases: motivation and the state of the art. High Integrity Systems Engineering, Department of Computer Science, University of York, York, UK (2011)

    Google Scholar 

  39. Almasri, A.H., Zuhairi, M.F., Darwish, M.A., Yafi, E.: Privacy and security of cloud computing: a comprehensive review of techniques and challenges. J. Eng. Appl. Sci. (Under Review)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Jamia Millia Islamia, New Delhi, India

    Habib ur Rehman, Mohammed Nazir & Khurram Mustafa

  2. Malaysian Institute of Information Technology, Universiti Kuala Lumpur, Kuala Lumpur, Malaysia

    Eiad Yafi

  3. DXC Technology, Noida, India

    Habib ur Rehman

Authors
  1. Habib ur Rehman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eiad Yafi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammed Nazir
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Khurram Mustafa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Habib ur Rehman .

Editor information

Editors and Affiliations

  1. Department of Fundamental and Applied Sciences, Universiti Teknologi Petronas, Tronoh, Perak, Malaysia

    Pandian Vasant

  2. Faculty of Electrical Engineering and Computer Science, VÅ B TU Ostrava, Ostrava, Czech Republic

    Ivan Zelinka

  3. Institute of Applied Mathematics, METU, Ankara, Ankara, Turkey

    Gerhard-Wilhelm Weber

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rehman, H.u., Yafi, E., Nazir, M., Mustafa, K. (2019). Security Assurance Against Cybercrime Ransomware. In: Vasant, P., Zelinka, I., Weber, GW. (eds) Intelligent Computing & Optimization. ICO 2018. Advances in Intelligent Systems and Computing, vol 866. Springer, Cham. https://doi.org/10.1007/978-3-030-00979-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-00979-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00978-6

  • Online ISBN: 978-3-030-00979-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation