Part 2 Data Collection Group 10-1
docx
keyboard_arrow_up
School
Pennsylvania State University *
*We aren’t endorsed by this school
Course
365
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
7
Uploaded by SuperHumanDiscovery13173
Part 2: Data Collection Group 10: Ryan Stauffer, Ali Aljaberi, Karl Rathslag, Scott Bartram, Zachary Dankwah, Rohit Walia, James Gans
Threat: Ransomware
1.
What is it?
The Department of Homeland Security's (DHS) operational division is the Cybersecurity and Infrastructure Security Agency (CISA). Under the direction of Director Jen Easterly, CISA aims to comprehend, manage, and reduce risk to the public and private sectors' physical and digital infrastructure across the country. By increasing stakeholder ability to reduce risks, CISA is responsible for contributing to the protection of the nation's vital infrastructure and public gatherings. As the real and digital worlds merge, CISA uses an integrated security strategy.
2.
Where and how did you find it?
After looking for reliable sources for the project, we came upon CISA.gov. The official website of the reputable federal organization known as the U.S. Cybersecurity and Infrastructure Security Agency is CISA.gov. We used the data from this website to finish my project, making sure we had accurate and current data to back up the study.
3.
What did you learn?
We learned that there is a task force created to help stop ransomware called the joint task force. “The Joint Ransomware Task Force (JRTF) is an interagency body established by Congress to achieve this goal. As designated in Section 106 of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), JRTF serves as the central body for coordinating an ongoing nationwide campaign against ransomware attacks in addition to identifying and pursuing opportunities for international cooperation. JRTF, co-chaired by CISA and the Federal Bureau of Investigation (FBI), coordinates existing interagency ransomware efforts and identifies new initiatives to effectively leverage the unique authorities and capabilities across the U.S. Government and the private sector to address ransomware threats.”
4.
What aspect of your problem does it pertain to?
Elderly individuals are often living on fixed incomes, such as retirement pensions or savings. Paying a ransom to recover their encrypted files can cause a severe financial burden, potentially depleting their savings or forcing them to make difficult financial choices. Elderly individuals may have valuable personal
data on their computers, including family photos, important documents, and records. Ransomware attacks can result in the loss of irreplaceable data, which can be emotionally distressing.
5.
Why is it deemed credible?
.gov maybe more trustworthy from an informational standpoint from a normal users because you cannot
buy a .gov domain unless you are a government organization. That's why the information on those websites tend to be more reliable, because they're held accountable by the public.
6.
What alternative views must you consider?
.edu, If it is from a department or research center at a educational institution, it can generally be taken as credible. 7.
What questions remain? (i.e., what else do you need to learn)
How do we get elderly people to become more Tech savvy as well as enlighten them with some cybersecurity education?
Vulnerability: Ransomware
1.
What is it?
The behavior of elderly individuals might make them more susceptible to ransomware attacks. This may include lack of cybersecurity awareness. The absence of cybersecurity awareness among elderly individuals is a vulnerability that arises from their increased likelihood to fall victim to phishing schemes, their susceptibility to social engineering tactics, failure to keep software updated, employment of weak passwords, limited understanding of evolving online threats, and the knowledge gap in modern technology. Their lack of digital literacy hinders their ability to identify the warning signs of cyber threats,
and this vulnerability extends to their devices and sensitive data. 2.
Where and how did you find it?
The paper titled “A SURVEY ON RANSOMEWARE: EVOLUTION, GROWTH, AND IMPACT” discusses the significant issue of ransomware in the context of Information and Communication Technology (ICT). It highlights how ransomware has evolved over the past two decades and emphasizes its increasing impact
on data security, especially due to a lack of awareness and preventive measures. 3.
What did you learn?
We learned that ransomware comes in three main types, each with varying levels of severity. The first, known as Scareware, is the least threatening and primarily aims to deceive users. It displays a pop-up message claiming the computer is locked and demands a ransom, but it doesn't actually encrypt any files
– it's essentially a hoax. The second type is Locker ransomware, which is more severe. It locks the user out of specific programs or the entire computer until a ransom is paid. The third and most dangerous type is Crypto-ransomware. This type encrypts the user's data, rendering it inaccessible until a ransom is paid.
4.
What aspect of your problem does it pertain to?
The vulnerabilities of ransomware are directly relevant to the aspect of cybersecurity and data protection in the context of ransomware attacks. These vulnerabilities pertain to the ease with which malicious actors can exploit security weaknesses to launch ransomware attacks, encrypt user data, and demand ransoms. They are a fundamental aspect of the broader issue of cybersecurity because understanding these vulnerabilities is crucial for developing effective strategies to prevent and mitigate ransomware attacks.
5.
Why is it deemed credible?
The research paper is considered a credible source based on several factors. First of all, the research paper is published in the PSU library system which only includes papers from reputable academic journals. Anything in the PSU library should satisfy categories to ensure its credibility. Also, the authors are experts in this domain, and the paper is published in a reputable academic journal.
6.
What alternative views must you consider?
While the vulnerabilities are well-documented, it is important to consider alternative views. Some may argue that the vulnerabilities are not solely due to the elderly's actions but are also a result of evolving and sophisticated ransomware tactics. Others might emphasize the role of broader societal factors.
7.
What questions remain? (i.e., what else do you need to learn)
Further research is needed to understand the following:
-
To what extent to which elderly individuals are targeted by ransomware attacks?
-
What are the specific tactics used to target elderly?
-
What is the effectiveness of the proposed countermeasures?
Countermeasure: Machine learning based phishing detection
1.
What is it? Phishing scams rely on tricking the individual into clicking or using a fraudulent link. One of the best methods of counteracting this is software-based detection systems, that alert the user to a phishing email, or prevent them from seeing it, before they can click the fraudulent link. Many of these systems use blacklists or other rules to detect phishing. The paper proposes a machine learning algorithm trained
on phishing email data to detect scam emails in real time.
2.
Where and how did you find it?
I looked for journals on phishing scam prevention on the PSU library website. There were a multitude of good resources on the PSU library website, however this journal also discusses the use of machine learning to counteract phishing, an evolving technology.
3.
What did you learn?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
We learned about the various applications of machine learning in order to prevent phishing scams. The paper highlights the current systems of phishing prevention and proposes a real-time phishing email detection system. It would use a massive amount of phishing email data as training and would be able to
accurately detect phishing emails, regardless of language. 4.
What aspect of your problem does it pertain to?
This is a countermeasure against phishing scams, one of the most common email scams, and one that is often used to prey upon the elderly, which pertains to the grandma in our example scenario. By using a countermeasure like this, it would be able to prevent the grandma from ever clicking the scam link.
5.
Why is it deemed credible?
It is a scholarly journal on the PSU university libraries website, it was also posted in 2019, so it is not outdated as a source.
6.
What alternative views must you consider?
The paper highlights more commonly used software based phishing prevention programs, that do not use machine learning. As these programs are more commonly used, and machine learning is a newer technology, it might be worth considering the benefits of those non-machine learning based prevention technologies.
7.
What questions remain? (i.e., what else do you need to learn)
The pricing and usability of these phishing prevention systems come into question. Would a grandma be able to effectively use these systems? Are they user friendly enough? Would basic training on manually spotting phishing emails be a better option?
How many are affected
1.
What is it? This is a document of statistics put together by the FBI for the 2022 calendar year. It breaks things down by age range, scam type, states, and goes into detail of how some of the most common scam’s work. 2.
Where and how did you find it?
I was looking at a different report for similar information, and the 2021 version of this report was one of its sources. I decided to find the most up-to-date report and use that as it is more current.
3.
What did you learn?
We learned a lot of valuable statistics that help put into view how big the problem really is. These statistics will help to break down a lot of the most common scams, help us learn about them, and allow us to really dive deep into the overall problem.
4.
What aspect of your problem does it pertain to?
This can pertain to most aspects of our problem. It pertains to our protector because it can give us data on who is actually being targeted, and how they are being targeted. It pertains to our asset because we know how much they tend to lose, and what they target. It pertains to the threat because it gives us data
on the different kinds of methods used by the scammers. 5.
Why is it deemed credible?
This document is deemed credible because it comes from the Federal Bureau of Investigation, and it’s data is the most current. 6.
What alternative views must you consider?
This document only pertains to United States victims. There may be different methods used in other countries, or different numbers being reported in those countries. 7.
What questions remain? (i.e., what else do you need to learn)
This document does not go into anything about prevention of these scams. This is an important detail that needs to be considered in the solution of our problem.
How its evolving
1.
What is it?
This is a document that contains information on how phishing scams are still working and how they are evolving over time. It only contains information about how to avoid these scams and identify them when
they appear.
2.
Where and how did you find it?
I found this document while looking for phishing scam-related topics in the PSU library. My goal was to find a document on how phishing scams have evolved since they first started becoming popular.
3.
What did you learn?
From this document, I have learned that although people have become more aware of phishing scams, only 53% of users were able to detect phishing websites when they came across them. Over time people have found ways to make their phishing scam websites/emails appear much more realistic and similar to what they are trying to imitate. 4.
What aspect of your problem does it pertain to?
This document pertains to phishing scam awareness which is the goal of our project. It covers how phishing is evolving, how to recognize these scams, and how to prevent them. Looking over each of these topics will greatly reduce the chances of someone falling for a phishing scam.
5.
Why is it deemed credible?
This document is deemed credible because it was found from our universities online library and it is published and written by Science Direct. They are known as a very reputable/credible science/technology news source by many researchers. 6.
What alternative views must you consider?
This is written by 3 different people, which give us a good amount of perspective, however, it is important that we view perspectives from various sources on this topics to ensure information is correct and accurate. 7.
What questions remain?
It talks about how it is evolving in our current timeframe, however, it does not talk about how phishing is
also involving in other areas in tech besides ML, such as AI, quantum computing, etc.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Work Cited
Federal Bureau of Investigation Elder Fraud Report 2022. (2022). Internet Crime Complaint Center, 2022. https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3ElderFraudReport.pdf
Sahingoz, O. K., Buber, E., Demir, O., & Diri, B. (2019). Machine learning based phishing detection from URLs.
Expert Systems with Applications, 117
, 345-357. https://doi.org/10.1016/j.eswa.2018.09.029
Sultan, H., Khalique, A., Tanweer, S., & Shah, I. A. (2018). A SURVEY ON RANSOMEWARE: EVOLUTION, GROWTH, AND IMPACT. International Journal of Advanced Research in Computer Science, 9(2), 802-810. https://doi.org/10.26483/ijarcs.v9i2.5858
United States. (2019) Cybersecurity and Infrastructure Security Agency. United States. [Web Archive] Retrieved from the Library of Congress, https://www.loc.gov/item/lcwaN0031136/
.
Why phishing still works: User strategies for combating phishing attacks. (n.d.). https://www-
sciencedirect-com.ezaccess.libraries.psu.edu/science/article/pii/S1071581915000993?via%3Dihub