Cybersecurity is one of the most crucial challenges for Italian small and medium-sized enterprises (SMEs), especially in a context of increasing digitalization and complexity of cyber threats.
This essay examines the current situation, key issues, current practices, challenges in adopting cybersecurity frameworks and how SMEs often struggle with inefficiencies due to limited resources and poor security awareness. The research also explores future perspectives.
The present work summarizes all publicly available information surrounding the malicious action and provides a detailed technical analysis of all phases and types of attack.
The analysis spurs into the elaboration of several lessons learned from the attack and highlights the need to better inquire about all opportunities and criticalities coming from the increasing surge of private actors in the space sector.
Online radicalization is now a major challenge for national and international security, in an increasingly connected and technology-dependent world. With the advent of the Internet and social networks, the spread of extremist discourse and the radicalization of certain populations have reached alarming proportions, posing complex and multifaceted challenges to social and political stability. In this context, Belgium, as a European country that is very connected to social diversity, is no exception to this worrying reality.
This work aims to explore in depth the multiple facets of online radicalization and its implications, as well as the dynamics of online radicalization, highlighting the specific challenges that Belgium, but more specifically Europe, faces in this crucial area for security and social cohesion.
In parallel with the increased accessibility to technologies, crimes committed via information systems are also emerged and increasing with recursive interactions of communications technologies with their associated societal processes. Cybercrime is a type of crime that targets the security of an information system and/or its data and/or its user and is committed by using the information system. The cyber world, hosts these new problems, crimes, and actions as they are in the physical world. The aim of this study is to focus on issues of definitions from the cyber world that are often confused with each other such as cyberterrorism and hacktivism by interpreting them based on different layers of the cyber world, and to reinforce the difference of these definitions by giving examples of the definitions put into practice. The focus will be on the concepts of cyberspace, cybercrime, cyberterrorism, online activism, hacktivism and and finally the differences will be discussed. The important point to be noted is that the structure of the actions should be the determining factor, and no matter how the group defines itself or how it is defined by others, it is the structure that will give the real identity of the action.
New digital technologies make it increasingly difficult to distinguish real media from fake ones. One of the recent developments describing this problem is the appearance of defects that are hyperrealistic videos created with the use of artificial intelligence (AI). It is used to combine and overlay existing images and videos onto original images or videos using a machine learning technique called a "generative-adversarial network" (GAN). The combination of the existing and the original video leads to a fake video that shows a person or people performing an action that has never actually happened. Combined with the reach and speed of social media, plausible deepfakes can quickly reach millions of views from people and have a negative impact on the whole society. The use of deepfakes in such sphere as politics (especially during the war events or elections) can lead to unwanted and unexpected consequences. This article provides a comprehensive overview of deepfakes and their spread into the politics in recent days and suggests possible ways to detect fake videos in order to save stability and consciousness of society. Artificial Intelligence (AI) is the cause of the problem, but the problem can not be solved fully only from the technical point of view. The more useful and preventive decision should be found in cross-sectoral spheres: education, civil society, public policy.
Paper
In the 21st century, the familiar form of warfare, inflicting physical damage to opposing forces and infrastructure, has made room for a new and less visible form of attack. The use of cyberweapons has taken on a central role in modern warfare where nations increasingly launch non-lethal attacks on enemy information systems. We are witnessing the rise of an information warfare in cyberspace. Disinformation is central to the arsenal of current information warfare. Social networks tremendously increased the potency of disinformation and its manipulative power. In result, disinformation is being transmitted at an unprecedented pace, safeguarding nobody from any potential influence of the attacker. Our world is dominated by a flow of disinformation, with social networks being the main culprits of proliferation. Paradoxically, disinformation can be considered the most visible, yet invisible method of attack. Its ubiquity is precisely what makes it so hard to recognize. In consequence, disinformation attacks have been able to perpetrate every sphere of society and cause damage and polarization among citizens. Our democracy is succumbing to the current information warfare, with the citizens as the main victims. As the saying goes: a team is only as strong as its weakest link. This is not different in the context of the current information war. Therefore it is essential to arm the people themselves in order to stand firm against disinformation.
The active development of the informational technologies in the recent years leads not only to new opportunities, but also to new challenges. In the issue of informatization of society and the state, one of the main problems is cybercrime. In 2021, according to the data of the Federal Bureau of Investigation, only in the United States of America were registered 847,376 cybercrimes, which became an unprecedented increase of the cybercrimes the world ever encountered with. In comparison, in 2019, the number of committed cybercrimes were approximately 460,000. In 2021 if the damage from the cybercrime was measured as a country, then it will be totaling $6 trillion USD - would be the world’s third-largest economy after the U.S. and China. All this make a cybercrime one of the most dangerous threats in the modern world.
The digitalized world represents a perfect case of modern Goliath. A deeply interconnected system that lays itself open to an ever-increasing number of vulnerabilities that can be exploited with criminal intents. Within the mare magnum of malicious software used in the cyber domain, the category of ransomware has gained a singular interest among cybercriminals. This contribution is going to give an account of the recent spike in ransomware attacks targeting supply chains by presenting a multilevel analysis of the Kaseya VSA attack which embodies the quintessence of the current cyber-threat landscape. Based on these findings, the research is going to formulate guidelines as regards strategic measures to be taken at the national level so as to ensure the preparedness of a countrywide system for similar forthcoming threats. With reference to the Italian case, this paper is going to address the establishment of the National Cybersecurity Agency to assess whether this could represent the first step towards the right direction of lowering the overall domestic vulnerability to supply-chain attacks.
Even though there is now a relative awareness concerning the spread of fake news, there is a much stronger vulnerability towards fake images or video clips, because people tend to trust those types of information more. Indeed, a new technology of image modification is rapidly emerging and has a major disinformation potential due to its accessibility and its credibility. This new technology was named “deepfake”, a contraction between “deep learning'' and “fake”. The first paper dealing with deepfake technology was published in 2016, but it wasn't until the end of 2017 that deepfakes became widespread and raised public awareness after Reddit users used the deepfake technology to put faces of famous actresses on pornographic videos. Since then, deepfakes have been more realistic and easy to generate, with applications such as FaceApp or FakeApp, and open source softwares like TensorFlow and Keras. The progresses made by neural networks are posing a real challenge due to the impossibility of determining if a video is falsified, therefore creating a strong threat to our democracies. In this paper, we will first focus on the technical aspect of deepfakes and on the solutions we have to detect them. We will then propose a framework to study the impact of deepfakes as a disinformation tool by modeling the diffusion of a deepfake video in a social network, using graph theory. We will finally underline the dangers of deepfakes by examining different scenarios in which the deepfake technology is used as a weapon against a country or a company.
Artificial Intelligence (AI) is a new technology with many applications. Its development would eventually change the world technologies in all domains. The military field is highly interested in implementing AI technology. Machines’ ability to operate autonomously would develop a new way of using weapon systems. However, there are huge uncertainties about the increment of autonomy of weapon systems. Governments are trying to regulate it. Unmanned Aerial Vehicles (UAVs) – armed drones that are capable of conducting an operation completely autonomously – are quite discussed. They have multiple ethical and moral implications with regards to the International Humanitarian Law (IHL).
5G introduces new important challenges for cybersecurity, due to the increased vulnerabilities. The suspicion on Huawei of being China-backed has driven many nations to implement specific measures in order to protect their 5G network infrastructures. While considering this frame, it is argued that the Huawei case has been largely debated for strategic concerns, but not for technical ones. Specifically, three of the Five Eyes Intelligence—US, Australia and UK—have opted for banning Huawei from the country’s 5G infrastructure. In the case of the US-China trade-war reasons seem to be strongly political and commercial. Australia is mainly driven by geopolitical concerns, due to the fear of China’s presence in the Pacific area. The UK initial position was merely commercial, until the Government shifted from considering Huawei potential risks as mitigable, to respond to the US pressure on its allies and replicate the US ban on Huawei. With regard to the EU, the Toolbox of risk-mitigating measures proposes a softened approach that has merits, being able to bring together geopolitical, commercial and national security concerns. EU Member States—and some non-EU countries — should decisively pursue the measures suggested and break a standoff that resembles that of a Cold War between the US and China.
One of the latest victims of a serious ransomware attack is the University of Maastricht, that in December 2019 had to pay 30 bitcoins, which at that moment equalled to 220,000 American dollars, to restore its database. I decided to analyse this case study because it highlights, first of all, which are the most common mistakes in the planning of a business recovery plan and, in general, in the prevention of cyberattacks, but also the fact that Universities have become one of the primary targets for cybercriminals.
The aim of this paper is to investigate cyber-attacks that target industrial control systems. In the first section, the focus will be made on CIs security: an overview of the most relevant actors and the judicial framework. Then, the most serious attacks perpetrated against industries/infrastructures so far will follow to highlight the leitmotivs of a cyber-attack of this kind. Moving to the cyber layer, the second part of the paper describes Industrial Control Systems: how they work, their communication and control protocols and specifically their intrinsic vulnerabilities. In the final section a basic penetration test on a virtual lab is conducted to underline the typical modus operandi of a cyber-attack that targets ICSs. The conclusion provides a sum-up while the greatest security challenges are underlined.
By means of this paper, the cryptographic techniques that are relevant for data securitization will be technically analyzed. Moreover, it will be shown that even though these techniques are strong, they present some vulnerabilities to cyber-attacks and they would need to be improved. Thus, after having explained the role of cryptography for data security, I will expose this science in relation to the General Data Protection Regulation, or GDPR.
Therefore, the first section analyzes the relevance of cryptography for data security. The second section examines the broad varieties of cryptographic techniques based on symmetric and asymmetric key encryption algorithms. It is relevant to analyze these techniques from a technical point of view to understand how to implement them to secure data. Then, given the relevance of the topic for several organizations, in the third part, the paper analyzes the pros and cons of encryption at the organizational level. Finally, the last section focuses on data protection with regard to the GDPR for cryptography.
