It's more than just money: The real-world harms from ransomware attacks
- URL: http://arxiv.org/abs/2307.02855v1
- Date: Thu, 6 Jul 2023 08:46:16 GMT
- Title: It's more than just money: The real-world harms from ransomware attacks
- Authors: Nandita Pattnaik, Jason R. C. Nurse, Sarah Turner, Gareth Mott, Jamie
MacColl, Pia Huesch, James Sullivan
- Abstract summary: This article conducts a novel exploration into the multitude of real-world harms that can arise from cyber-attacks.
We draw on publicly-available case data on high-profile ransomware incidents to examine the types of harm that emerge at various stages after a ransomware attack.
- Score: 1.5391321019692432
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: As cyber-attacks continue to increase in frequency and sophistication,
organisations must be better prepared to face the reality of an incident. Any
organisational plan that intends to be successful at managing security risks
must clearly understand the harm (i.e., negative impact) and the various
parties affected in the aftermath of an attack. To this end, this article
conducts a novel exploration into the multitude of real-world harms that can
arise from cyber-attacks, with a particular focus on ransomware incidents given
their current prominence. This exploration also leads to the proposal of a new,
robust methodology for modelling harms from such incidents. We draw on
publicly-available case data on high-profile ransomware incidents to examine
the types of harm that emerge at various stages after a ransomware attack and
how harms (e.g., an offline enterprise server) may trigger other negative,
potentially more substantial impacts for stakeholders (e.g., the inability for
a customer to access their social welfare benefits or bank account). Prominent
findings from our analysis include the identification of a notable set of
social/human harms beyond the business itself (and beyond the financial payment
of a ransom) and a complex web of harms that emerge after attacks regardless of
the industry sector. We also observed that deciphering the full extent and
sequence of harms can be a challenging undertaking because of the lack of
complete data available. This paper consequently argues for more transparency
on ransomware harms, as it would lead to a better understanding of the
realities of these incidents to the benefit of organisations and society more
generally.
Related papers
- Taming the Ransomware Threats: Leveraging Prospect Theory for Rational Payment Decisions [0.0]
This paper adopts a novel approach, leveraging Prospect Theory, to elucidate the tactics employed by cyber attackers to entice organizations into paying the ransom.
It introduces an algorithm based on Prospect Theory and an Attack Recovery Plan, enabling organizations to make informed decisions on whether to consent to the ransom demands or resist.
arXiv Detail & Related papers (2024-09-15T14:20:03Z) - Security in IS and social engineering -- an overview and state of the art [0.6345523830122166]
The digitization of all processes and the opening to IoT devices has fostered the emergence of a new formof crime, i.e. cybercrime.
The maliciousness of such attacks lies in the fact that they turn users into facilitators of cyber-attacks, to the point of being perceived as the weak link'' of cybersecurity.
Knowing how to anticipate, identifying weak signals and outliers, detect early and react quickly to computer crime are therefore priority issues requiring a prevention and cooperation approach.
arXiv Detail & Related papers (2024-06-17T13:25:27Z) - Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication.
Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
arXiv Detail & Related papers (2024-05-21T13:34:23Z) - PsySafe: A Comprehensive Framework for Psychological-based Attack, Defense, and Evaluation of Multi-agent System Safety [70.84902425123406]
Multi-agent systems, when enhanced with Large Language Models (LLMs), exhibit profound capabilities in collective intelligence.
However, the potential misuse of this intelligence for malicious purposes presents significant risks.
We propose a framework (PsySafe) grounded in agent psychology, focusing on identifying how dark personality traits in agents can lead to risky behaviors.
Our experiments reveal several intriguing phenomena, such as the collective dangerous behaviors among agents, agents' self-reflection when engaging in dangerous behavior, and the correlation between agents' psychological assessments and dangerous behaviors.
arXiv Detail & Related papers (2024-01-22T12:11:55Z) - The New Frontier of Cybersecurity: Emerging Threats and Innovations [0.0]
The research delves into the consequences of these threats on individuals, organizations, and society at large.
The sophistication and diversity of these emerging threats necessitate a multi-layered approach to cybersecurity.
This study emphasizes the importance of implementing effective measures to mitigate these threats.
arXiv Detail & Related papers (2023-11-05T12:08:20Z) - On the Security Risks of Knowledge Graph Reasoning [71.64027889145261]
We systematize the security threats to KGR according to the adversary's objectives, knowledge, and attack vectors.
We present ROAR, a new class of attacks that instantiate a variety of such threats.
We explore potential countermeasures against ROAR, including filtering of potentially poisoning knowledge and training with adversarially augmented queries.
arXiv Detail & Related papers (2023-05-03T18:47:42Z) - Global Pandemics Influence on Cyber Security and Cyber Crimes [5.8010446129208155]
COVID-19 has caused widespread damage across many areas of life and has made humans more dependent on the internet and technology.
This paper examines the different types of security threats and cyber crimes that people faced in the pandemic time and the need for a safe and secure cyber infrastructure.
arXiv Detail & Related papers (2023-02-24T05:26:42Z) - Protect Against Unintentional Insider Threats: The risk of an employee's
cyber misconduct on a Social Media Site [3.2548794659022393]
This research project aims to collect and analyse open-source data from LinkedIn.
The final aim of the study is to understand if there are behavioral factors that can predicting one's attitude toward disclosing sensitive data.
arXiv Detail & Related papers (2021-03-08T13:30:01Z) - Overcoming Failures of Imagination in AI Infused System Development and
Deployment [71.9309995623067]
NeurIPS 2020 requested that research paper submissions include impact statements on "potential nefarious uses and the consequences of failure"
We argue that frameworks of harms must be context-aware and consider a wider range of potential stakeholders, system affordances, as well as viable proxies for assessing harms in the widest sense.
arXiv Detail & Related papers (2020-11-26T18:09:52Z) - Measurement-driven Security Analysis of Imperceptible Impersonation
Attacks [54.727945432381716]
We study the exploitability of Deep Neural Network-based Face Recognition systems.
We show that factors such as skin color, gender, and age, impact the ability to carry out an attack on a specific target victim.
We also study the feasibility of constructing universal attacks that are robust to different poses or views of the attacker's face.
arXiv Detail & Related papers (2020-08-26T19:27:27Z) - COVI White Paper [67.04578448931741]
Contact tracing is an essential tool to change the course of the Covid-19 pandemic.
We present an overview of the rationale, design, ethical considerations and privacy strategy of COVI,' a Covid-19 public peer-to-peer contact tracing and risk awareness mobile application developed in Canada.
arXiv Detail & Related papers (2020-05-18T07:40:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.