Our Students Papers

Alessandro Pigoni, The harder they fall: A multilevel analysis of the Kaseya supply chain ransomware attack, September 2021

Abstract
The digitalized world represents a perfect case of modern Goliath. A deeply interconnected system that lays itself open to an ever-increasing number of vulnerabilities that can be exploited with criminal intents. Within the mare magnum of malicious software used in the cyber domain, the category of ransomware has gained a singular interest among cybercriminals. This contribution is going to give an account of the recent spike in ransomware attacks targeting supply chains by presenting a multilevel analysis of the Kaseya VSA attack which embodies the quintessence of the current cyber-threat landscape. Based on these findings, the research is going to formulate guidelines as regards strategic measures to be taken at the national level so as to ensure the preparedness of a countrywide system for similar forthcoming threats. With reference to the Italian case, this paper is going to address the establishment of the National Cybersecurity Agency to assess whether this could represent the first step towards the right direction of lowering the overall domestic vulnerability to supply chain attacks.

Benedetta Simonini, CRYPTOGRAPHY AND DATA SECURITY: FROM CRYPTOGRAPHIC TECHNIQUES TO DATA PROTECTION, July 2020

By means of this paper, the cryptographic techniques that are relevant for data securitization will be technically analyzed. Moreover, it will be shown that even though these techniques are strong, they present some vulnerabilities to cyber-attacks and they would need to be improved. Thus, after having explained the role of cryptography for data security, I will expose this science in relation to the General Data Protection Regulation, or GDPR.
Therefore, the first section analyzes the relevance of cryptography for data security. The second section examines the broad varieties of cryptographic techniques based on symmetric and asymmetric key encryption algorithms. It is relevant to analyze these techniques from a technical point of view to understand how to implement them to secure data. Then, given the relevance of the topic for several organizations, in the third part, the paper analyzes the pros and cons of encryption at the organizational level. Finally, the last section focuses on data protection with regard to the GDPR for cryptography.

Giulia Antonini, ANALYSIS OF THE 2019 RANSOMWARE ATTACK AT THE MAASTRICHT UNIVERSITY, 2020/2021

One of the latest victims of a serious ransomware attack is the University of Maastricht, that in December 2019 had to pay 30 bitcoins, which at that moment equalled to 220,000 American dollars, to restore its database. I decided to analyse this case study because it highlights, first of all, which are the most common mistakes in the planning of a business recovery plan and, in general, in the prevention of cyberattacks, but also the fact that Universities have become one of the primary targets for cybercriminals.

Irene Parodi, Autonomous Weapon Systems and Ethical Issues. A Focus on Targeted Killings, Cybersecurity and Cybercrime course. February, 2021

Abstract
Artificial Intelligence (AI) is a new technology with many applications. Its development would eventually change the world technologies in all domains. The military field is highly interested in implementing AI technology. Machines’ ability to operate autonomously would develop a new way of using weapon systems. However, there are huge uncertainties about the increment of autonomy of weapon systems. Governments are trying to regulate it. Unmanned Aerial Vehicles (UAVs) – armed drones that are capable of conducting an operation completely autonomously – are quite discussed. They have multiple ethical and moral implications with regards to the International Humanitarian Law (IHL).

Lorenzo Visaggio, Hacking the infrastructure Cyber-attack, Physical Damage, Cybersecurity and Cybercrime course, 2020

The aim of this paper is to investigate cyber-attacks that target industrial control systems. In the first section, the focus will be made on CIs security: an overview of the most relevant actors and the judicial framework. Then, the most serious attacks perpetrated against industries/infrastructures so far will follow to highlight the leitmotivs of a cyber-attack of this kind. Moving to the cyber layer, the second part of the paper describes Industrial Control Systems: how they work, their communication and control protocols and specifically their intrinsic vulnerabilities. In the final section a basic penetration test on a virtual lab is conducted to underline the typical modus operandi of a cyber-attack that targets ICSs. The conclusion provides a sum-up while the greatest security challenges are underlined.

Martina Gambacorta, Understanding the Huawei case: a cybersecurity challenge?, September 2020

Abstract
5G introduces new important challenges for cybersecurity, due to the increased vulnerabilities. The suspicion on Huawei of being China-backed has driven many nations to implement specific measures in order to protect their 5G network infrastructures. While considering this frame, it is argued that the Huawei case has been largely debated for strategic concerns, but not for technical ones. Specifically, three of the Five Eyes Intelligence—US, Australia and UK—have opted for banning Huawei from the country’s 5G infrastructure. In the case of the US-China trade-war reasons seem to be strongly political and commercial. Australia is mainly driven by geopolitical concerns, due to the fear of China’s presence in the Pacific area. The UK initial position was merely commercial, until the Government shifted from considering Huawei potential risks as mitigable, to respond to the US pressure on its allies and replicate the US ban on Huawei. With regard to the EU, the Toolbox of risk-mitigating measures proposes a softened approach that has merits, being able to bring together geopolitical, commercial and national security concerns. EU Member States—and some non-EU countries— should decisively pursue the measures suggested and break a standoff that resembles that of a Cold War between the US and China.

Tangui Reltgen, At the dawn of a post-truth era: The threat of Deepfakes on our democratic societies, Cybersecurity and Cybercrime course, September 2021

Even though there is now a relative awareness concerning the spread of fake news, there is a much stronger vulnerability towards fake images or video clips, because people tend to trust those types of information more. Indeed, a new technology of image modification is rapidly emerging and has a major disinformation potential due to its accessibility and its credibility. This new technology was named “deepfake”, a contraction between “deep learning'' and “fake”. The first paper dealing with deepfake technology was published in 2016, but it wasn't until the end of 2017 that deepfakes became widespread and raised public awareness after Reddit users used the deepfake technology to put faces of famous actresses on pornographic videos. Since then, deepfakes have been more realistic and easy to generate, with applications such as FaceApp or FakeApp, and open source softwares like TensorFlow and Keras. The progresses made by neural networks are posing a real challenge due to the impossibility of determining if a video is falsified, therefore creating a strong threat to our democracies. In this paper, we will first focus on the technical aspect of deepfakes and on the solutions we have to detect them. We will then propose a framework to study the impact of deepfakes as a disinformation tool by modeling the diffusion of a deepfake video in a social network, using graph theory. We will finally underline the dangers of deepfakes by examining different scenarios in which the deepfake technology is used as a weapon against a country or a company.

Valeriia Lymishchenko, How to Not Get Away with Cybercrime? The Techniques and Challenges of Cybercrime Investigation, June 2022

Introduction
The active development of the informational technologies in the recent years leads not only to new opportunities, but also to new challenges. In the issue of informatization of society and the state, one of the main problems is cybercrime. In 2021, according to the data of the Federal Bureau of Investigation, only in the United States of America were registered 847,376 cybercrimes, which became an unprecedented increase of the cybercrimes the world ever encountered with. In comparison, in 2019, the number of committed cybercrimes were approximately 460,000. In 2021 if the damage from the cybercrime was measured as a country, then it will be totaling $6 trillion USD - would be the world’s third-largest economy after the U.S. and China. All this make a cybercrime one of the most dangerous threats in the modern world.