The Danger of Ransomware Threats: A Comprehensive Analysis
Kriativ-tech Volume 1, Issue 10, February 2025, Pages: xxx Received: Fev. 25, 2025; Accepted: Fev. 25, 2025. Published: Fev. 25, 2025.
Authors
Pedro Brandao, Full Professor ISTEC, Assistent Professor – Universidade Lusíada de Lisboa - FCEE
Isabel Mendonça. Computer Science Degree Student, Universidade Lusíada de Lisboa - FCEE
Media
To cite this article
Pedro Brandao, Isabel Mendonça The Danger of Ransomware Threats: A Comprehensive Analysis
DOI: 10.31112/kriativ-tech-2023-06-96
Abstract
Ransomware is a type of threat to computer security which involves a program that, when executed, holds a computer system or the user’s data ransom by making them inactive, encrypted, and hidden from the user. After the user’s data is completely encrypted, the attacker will demand a ransom from the victim in exchange for the decryption key. The victim has to obtain and send the payment to the attacker within the given period, or the key will be lost forever. There have been numerous ransomware attacks targeting ordinary users, companies, public sectors, and even high profile medical facilities, to name a few instances [1].
What makes ransomware a dangerous threat is the different types that can be built: including file-encrypting, data-hiding, and lockscreen ransomware. Each of these types is designed to target different aspects of a computer system, and they are typically delivered through various methods as well. This makes it difficult for an average user to understand how ransomware works and how to protect against it. Additionally, since the dawn of Bitcoin, these attacks have spiked. Prior to this modern advancement, attackers needed to ask for bank information, which left a traceable paper trail; therefore, criminals were more afraid of being caught.
There is always something to take away from a ransomware incident whenever it happens. It is important to think ahead and do the R&D to analyze and understand the threat, know how it infects the system, what kind of ransomware was used, where are the encrypted keys stored, can the attack be stopped at any point, etc., while also being careful about how high-risk fields operate. No organization would ever want to lend itself liable to a lawsuit because of negligence due to insufficient security measures and potential harm to other third parties connected to that particular environment.
Keywords
Cybersecurity, Ransomware, Malware.
References
[1] S. M Aziz, "Ransomware in High-Risk Environments," 2016. [PDF]
[2] A. Zimba, M. Chishimba, and S. Chihana, "A Ransomware Classification Framework Based on File-Deletion and File-Encryption Attack Structures," 2021. [PDF]
[3] N. Pattnaik, J. R. C. Nurse, S. Turner, G. Mott et al., "It's more than just money: The real-world harms from ransomware attacks," 2023. [PDF]
[4] J. Ahn, D. Park, C. G. Lee, D. Min et al., "KEY-SSD: Access-Control Drive to Protect Files from Ransomware Attacks," 2019. [PDF]
[5] N. Dugan, "Security awareness training in a corporate setting," 2018. [PDF]
[6] C. J.W. Chew and V. Kumar, "Behaviour based ransomware detection," 2019. [PDF]
[7] K. Cabaj, M. Gregorczyk, and W. Mazurczyk, "Software-Defined Networking-based Crypto Ransomware Detection Using HTTP Traffic Characteristics," 2016. [PDF]
[8] H. Ghayoomi, K. Laskey, E. Miller-Hooks, C. Hooks et al., "Assessing resilience of hospitals to cyberattack," 2021. ncbi.nlm.nih.gov
[9] A. Laszka, S. Farhang, and J. Grossklags, "On the Economics of Ransomware," 2017. [PDF]
[10] J. Pont, O. Abu Oun, C. Brierley, B. Arief et al., "A Roadmap for Improving the Impact of Anti-Ransomware Research," 2019. [PDF]
Using Unreal Engine 5 to realistic rendering of scenes
Kriativ-tech Volume 1, Issue 9, January 2023, Pages: xxx Received: Jan. 22, 2023; Accepted: Jan. 27, 2023. Published: Mar. 13, 2023.
Authors
Luísa Orvalho - Professor Coordinator and Research at CITECA- ISTEC Porto
Carlos Couto - Assistant Professor at ISTEC Porto Specialist in Computer Sciences, Researcher at CITECA|ISTEC Porto
Duarte Costa - 3rd year student of the degree in Multimedia Engineering at ISTEC Porto
Gonçalo Leite - 3rd year student of the degree in Multimedia Engineering at ISTEC Porto
Media
To cite this article
Luísa Orvalho, Carlos Couto, Duarte Costa, Gonçalo Leite Using Unreal Engine 5 to realistic rendering of scenes
DOI: 10.31112/kriativ-tech-2023-06-93
Abstract
This scientific paper discusses the Unreal Engine 5 (EU5) game engine and its tools in the field of realistic scene rendering. This real-time 3D image creation tool is used by developers to create photorealistic visuals and immersive experiences. Some of the main features of this graphics engine are presented, such as Nanite, Lumen and MetaHuman Creator, as well as the contributions that its use can bring to the industry of video games, film, architecture, virtual reality.
Keywords
Unreal Engine 5, 3D, Realistic Render Technologies, Nanite, Lumen, MetaHuman Creator, Live Link, ArchViz,Virtual Reality
References
[1] Lumen Technical Details. (2023). https://docs.unrealengine.com/5.0/en-US/lumen-technical-details-in-unreal-engine/. [website]. Unreal Engine.
[2] Hu, A. (2023). How to Use Lumen in Unreal Engine 5. Vertex Mode. https://vertexmode.com/how-to-use-lumen-in-unreal-engine-5/
[3] Epic Games. (2023). Nanite Virtualized Geometry. https://docs.unrealengine.com/5.0/en-US/nanite-virtualized-geometry-in-unreal-engine/. [website]. Unreal Engine.
[4] SkyReal (2023). Nanite, a revolution for virtualized geometry with Unreal Engine 5. SkyReal. https://sky-real.com/news/nanite-a-revolution-for-virtualized-geometry-with-unreal-engine-5/
[5] Fang, Z. Cai, L. & Wang, G. (2021, June 1). MetaHuman Creator The starting point of the metaverse. IEEE Conference Publication | IEEE DOI: 10.1109/ISCTIS51085.2021.00040
[6] Shannon, T. (2017) Unreal Engine 4 for Design Visualization. Addison-Wesley Professional.
[7] Epic Games. (2023). Live Link. [website]. Unreal Engine.https://docs.unrealengine.com/5.0/en-US/live-link-in-unreal-engine/
[8] Salli, M. (2023). 3D Game Character Animations in Unreal Engine 5: Creation and Implementation. Master´s Thesis of Culture and Art submitted to South- Eastern Finland University of Applied Science https://www.theseus.fi/bitstream/handle/10024/796958/Marika_Salli.pdf?sequence=2
[9] https://docs.unrealengine.com/4.27/en-US/AnimatingObjects/SkeletalMeshAnimation/FacialRecordingiPhone/
[10] SkyReal .(2023). SAFRAN: The SkyReal solution accompanies the development of immersive training modules of Safran Engineering Services.[Website]. SkyReal. https://sky-real.com/news/the-skyreal-solution-accompanies-the-development-of-immersive-training-modules-of-safran-engineering-services/
[11] Thomsen, M. (2012b). History of the Unreal Engine - IGN. [Website]. IGN. https://www.ign.com/articles/2010/02/23/history-of-the-unreal-engine
Digital Marketing in the age of Sustainability
Kriativ-tech Volume 1, Issue 9, January 2023, Pages: xxx Received: Jan. 22, 2023; Accepted: Jan. 27, 2023. Published: Mar. 13, 2023.
Authors
Luísa Orvalho - Professor Coordinator and Research at CITECA- ISTEC Porto
Rúben Moleiro - 3rd year undergraduate student in Multimedia Engineering at ISTEC Porto
André Meireles - 3rd year undergraduate student in Multimedia Engineering at ISTEC Porto
Media
To cite this article
Luísa Orvalho Digital Marketing in the age of Sustainability
DOI: 10.31112/kriativ tech 2023 06 94
Abstract
Sustainability, known as one of the pillars of digital transformation, combined with the growing recognition of importance of environmental, social and economic sustainability, creates the need for companies to integrate sustainable practices into their business strategies and into the company's culture and philosophy. This scientific review article explores digital marketing opportunities and challenges in the sustainability era, as a set of strategies that promote sustainable actions and products for a company, this article analyzes the impact of sustainable practices on business strategies and addresses Green IT it also has some examples of good practices of companies that use green marketing.
Keywords
Digital Marketing, Sustainability, Sustainable Practices, Green IT, Green Marketing, Companies with Good Practices.
References
[1] Kotler, P., & Keller, K. L. (2016). Marketing management (15th Ed.). Pearson.
[2] Peattie, S. (2001). Golden goose or wild goose? The hunt for the green consumer. Business strategy and the environment, 10 (4), 187-199.
[3] Chabowski, B. R., Mena, J. A., & Gonzalez-Padron, T. L. (2011). The structure of sustainability research in marketing, 1958–2008: A basis for future research opportunities. Journal of the Academy of Marketing Science, 39 (1), 55-70.
[4] Fuller, D. A. (2012). Sustainable marketing: Managerial- ecological issues (2nd Ed.). SAGE Publications.
[5] Ramus, C. A., & Montiel, I. (2005). When are corporate environmental policies a form of greenwashing? Business & Society, 44 (4), 377-414.
[6] Luchs, M. G., & Swan, K. S. (2011). Perspective: The emergence of sustainable marketing as a discipline. Journal of Public Policy & Marketing, 30(1), 13-17.
[7] Melville, N. (2010). Information Systems Innovation for Environmental Sustainability. MIS Quarterly, 34(1), 1-21.
[8] Murugesan, S. (2008). Harnessing Green IT: Principles and Practices. IT Professional, 10(1), 24-33.
[9] Symons, C. R. (Ed.). (2010). Green IT for Sustainable Business Practice: An ISEB Foundation Guide. BCS, The Chartered Institute for IT.
[10] Zhu, X., & Kraemer, K. L. (2005). Post-Adoption Variations in Usage and Value of E-Business by Organizations: Cross-Country Evidence from the Retail Industry. Information Systems Research, 16(1), 61-84.
[11] United Nations Environment Programme (UNEP). (2011). Greening ICT: Towards a Sustainable World.UNEP.
[12] Höjer, M., & Wangel, J. (2015). Smart sustainable cities: definitions, dimensions, and divergence. Sustainable Development, 23(1), 27-39.
[13] Zutshi, A., Sohal, A., & Al-Ghassani, A. (2019). Towards sustainable digital transformation. Journal of Enterprise Information Management, 32(1), 75-97.
[14] Molla, A., & Abareshi, A. (2018). Green information technology: A comprehensive review on policies, practices, and strategies. Journal of Cleaner Production, 185, 60-82.
[15] Mont, O. K. (2004). Institutionalization of sustainable consumption patterns based on shared use. Ecological Economics, 50(1-2), 135-153. https://doi.org/10.1016/j.ecolecon.2004.03.030
Inf ormation Technologies and Cyber security
Kriativ-tech Volume 1, Issue 9, January 2023, Pages: xxx Received: Jan. 22, 2023; Accepted: Jan. 27, 2023. Published: Mar. 13, 2023.
Authors
Luísa Orvalho - Professor Coordinator and Research at CITECA- ISTEC Porto
Mariana Lopes - 3rd year Student of the degree in Multimedia Engineering ISTEC Porto
Francisco Santos - 3rd year Student of the degree in Multimedia Engineering ISTEC Porto
Media
To cite this article
Luísa Orvalho, Mariana Lopes, Francisco Santos Information Technologies and Cyber security
DOI: 10.31112/kriativ tech 2023 06 92
Abstract
The rapid evolution of Information Technology (IT) and the growing use of connected devices have driven the need for enhanced cybersecurity measures. This scientific article examines the interaction between IT and cybersecurity, highlighting the challenge s faced in the current era due to the emergence of cyber threats and the need to protect data and systems. It emphasizes best practices in cybersecurity, including technical measures, awareness and training, as well as the industry standards, legi slation, and regulations in this field. The article concludes that a holistic approach is essential to address the challenges of cybersecurity and ensure trust in the digital era.
Keywords
Information Technologies, Cybersecurity, Data Security Types of Cyber A ttacks, Security measures, GDPR, CNCS C DAYS
References
[1] Martins, J. C. (2021). Gestão de Segurança da Informação e cibersegurança nas organizações (1ª Edição). Silabas & Desafios.
[2] Infoprotect. (2023). 5 maiores tecnologias de cibersegurança. [Web Page]. https://infoprotect.com.br/5 maiores tecnologias da ciberseguranca/
[3] Cecyber. (2022). Diferenças entre TI e Cibersegurança. [Web Page]. https://cecyber.com/diferencas-entre-ti-eciberseguranca/
[4] Iubenda. (2023). O que é GDPR? Um guia completo com tudo que você precisa saber para estar em conformidade. [Web Page]. https://www.iubenda.com/pt-br/help/43925-oque-e-o-gdpr-um-guia-completo-sobre-tudo-oque-voce-saber-para-estar-em-conformidade
[5] Kelvin Zimmer. (2020, setembro 9). 8 tipos de ataques cibernéticos e como se proteger. [Web Page]. https://www.lumiun.com/blog/8-tiposde-ataques-ciberneticos-e-como-se-proteger/
[6] NAU. (2021, 30 de novembro). Boas práticas de cibersegurança – os cinco pontos críticos [Web Page].https://www.nau.edu.pt/pt/2021/11/30/boaspraticas-de-ciberseguranca-os-cinco-pontoscriticos/
[7] CGD. (2020 setembro 25). Como minimizar os efeitos dos ciber-riscos: seguros e medidas. Lumiun. [Web Page]. https://www.cgd.pt/Site/SaldoPositivo/protecao/Pages/ciber-riscos-segurose-medidas.aspx.
[8] Álvarez, Irene Iglesias (2023). Investimentos em cibersegurança deverão crescer 13% em 2023. Computerworld. [Web Page].
https://www.computerworld.com.pt/2023/ 01/19/investimento-em-cibersegurancadevera-crescer-13-em-2023/
[9] Bruce, G., & Dempsy, R. (1997). Security in Distributed Computing. Hewllett Packard Professional Books.
[10] Pplware (2022). Ciberataques – Portugal é um alvo preferido dos criminosos? [Web Page].
https://pplware.sapo.pt/informacao/ciberataque s-portugal-e-um-alvo-preferido-doscriminosos/
[11] Forbes Portugal (2020). Gastos com cibersegurança aumentam cerca de 10% em 2021. [Web Page] https://www.forbespt.com/gastos-com-ciberseguranca-aumentam-cerca-de-10-em-2021/
[12] Antunes, M., & Rodrigues, B. (2018). Introdução à Cibersegurança. FCA
[13] Agência Lusa. (2022). Ciberataques: cronologia de outros ataques em Portugal além da Vodafone. CNN Portugal. [Web Page].
https://cnnportugal.iol.pt/mariovaz/ataqueinfor matico/vodafone-e-a-maisrecente-vitimaemseis-anos-de-ciberataques/%2020500208/62028bd00cf2184
7f0a9ddfa
Digital Inclusion: Accessibility of websites and mobile applications
Kriativ-tech Volume 1, Issue 9, January 2023, Pages: xxx Received: Jan. 22, 2023; Accepted: Jan. 27, 2023. Published: Mar. 13, 2023.
Authors
Luísa Orvalho - Professor Coordinator and Research at CITECA- ISTEC Porto
Carlos Couto - Assistant Professor at ISTEC Porto
Diogo Faria - 3rd year Student of the degree in Multimedia Engineering – ISTEC Porto
Diogo Dias - 3rd year Student of the degree in Multimedia Engineering- ISTEC Porto
Media
To cite this article
Luísa Orvalho, Carlos Couto, Diogo Faria, Diogo Dias Digital Inclusion: Accessibility of websites and mobile applications
DOI: 10.31112/kriativ-tech-2023-06-95
Abstract
This scientific article analyzes the state of the art on web accessibility and highlights users with disabilities or impairments, taking into account usability and user experience. It presents the four pillars related to accessibility on the web, some practical suggestions to be taken into account for the design and construction of websites and also refers to the competent entity for the development of actions to monitor compliance with the legislation. As a reference example of good digital inclusion practice, the Apple website (https://www.apple.com/pt/) is analyzed, which allows access to people with some type of disability.
Keywords
Web Accessibility Requirements, Usability and User Experience, Tools to support digital accessibility and usability, Web Accessibility Tips, APPLE case study of digital inclusion
References
[1] Ferati, M., & Vogel. B. (2020). Accessibility in Web Development Courses: A Case Study. https://www.mdpi.com/
[2] Instituto Nacional para a Reabilitação. (2022). Acessibilidade Digital Pereira, M., & Farina, R. (2022). ACESSIBILIDADE NA WEB. RECIMA21- Revista Científica Multidisciplinar 2675-6218, 3, 6, 6, DOI: https://doi.org/10.47820/recima21.v3i6.1622
[3] Pereira, M., & Farina, R. (2022). ACESSIBILIDADE NA WEB. RECIMA21- Revista Científica Multidisciplinar. ISSN 2675-6218, 3, 6, 6, https://doi.org/10.47820/recima21.v3i6.1622
[4] Nielsen, J. (Apr. 24, 1994; Updated Nov. 15, 2020). 10 Usability Heuristics for User Interface Design. Nielsen Norman Group. https://www.nngroup.com/articles/ten-usability-heuristics/
[5] W3C. (2008, 11 de dezembro). Wave Web Accessibility Evaluation Tools. [Sítios da web]. https://www.w3.org/Translations/WCAG20-pt-PT/
[6] Equidox. (2021). Equidox The 4 Pillars of Web Content Accessibility Guidelines (WCAG). [Bog]. https://equidox.co/blog/the-four-pillars-of-web-content-accessibility-guidelines-wcag/
[7] TutorAI. (2023, maio). Tips about Web Accessibility. [Sítios da web]. https://www.tutorai.me/
[8] Decreto-Lei n.º 83/2018 da Presidência do Conselho de Ministros (2018). Diário da República: I série, n.º 202. https://dre.pt/dre/detalhe/decreto-lei/83-2018-116734769
[9] WAVE. (2023, maio). Wave Web Accessibility Evaluation Tools. [Sítios da web]. https://wave.webaim.org
[10] AXE. (2023, Maio). Accessibility Testing Tools and Software. [Sítios da web]. https://www.deque.com/axe/
[11] WebAIM. (2023, maio). WebAim web accessibility in mind. [Sítios da web]. https://webaim.org/resources/contrastchecker/
[12] Microsoft Edge. (2022, 13 de outubro). Microsoft Edge for everyone | Making the web more accessible. [Video]. Youtube. https://www.youtube.com/watch?v=9tFYYOifHmI&ab_channel=MicrosoftEdge
The digital economy - outlines and perplexities of its evolution
Kriativ-tech Volume 1, Issue 9, January 2023, Pages: xxx Received: Jan. 22, 2023; Accepted: Jan. 27, 2023. Published: Mar. 13, 2023.
Authors
João Gonçalves, Assistant Professor at ISTEC
Media
To cite this article
João Gonçalves, The digital economy - outlines and perplexities of its evolution
DOI: 10.31112/kriativ-tech-2022-06-82
Abstract
Due to the evolution of science and knowledge, the digital economy is increasingly a reality associated with technological development and the progress of societies and States – Is Portugal moving in that direction? The objective of this article is to identify the level of evolution of the digital economy in Portugal.
Keywords
Digital economy, technology, market, digital transformation.
References
[1] Menezes, Heloísa (2021). In Digital: Economia Digital passada a limpo. Síntese e insights/Núcleo de Inovação e Empreendedorismo. Nova Lima: Fundação Dom Cabral
[2], [3],
[9] Lorenzetti, Eduardo (2002). O sistema de pagamento empresarial eletrônico na era da economia digital – Uma análise do seu custo/beneficio. Universidade Federal de Santa Catarina
[4] Comissão Europeia (2023). Available at https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/europes-digital-decade-digital-targets-2030_pt#direitos-e-princ%C3%ADpios-digitais; Accessed on 05-03-2023
[5] Programa Década Digital para 2030 (2022). In Jornal Oficial da União Europeia of 19-12-2022
[6], [7],
[11] Agência para a Sociedade do Conhecimento (2010). Fórum para a Sociedade da Informação. Economia Digital - Novas Oportunidades e Desafios para a Economia Digital. Lisboa, 12 de outubro.
[12] Cardoso, J. (2020). A economia digital e o conceito de criação de valor. Dissertação de mestrado. Faculdade de Direito – Universidade do Porto
[13] Queiróz, F. (2016). A Economia Digital: novos desafios para um regime estabelecido. Dissertação de mestrado. Faculdade de Direito – Universidade de Lisboa
Open Educational Resources in Higher Education: experimental study
Kriativ-tech Volume 1, Issue 9, January 2023, Pages: xxx Received: Jan. 22, 2023; Accepted: Jan. 27, 2023. Published: Mar. 13, 2023.
Authors
Paulo Duarte Branco, Associated Professor at ISTEC
Andreia Teles Vieira, Assistant Professor at ISTEC
Media
To cite this article
Paulo Duarte Branco, Andreia Teles Vieira Educational Resources in Higher Education: experimental study
DOI: 10.31112/kriativ-tech-2022-06-83
Abstract
Over the past few years the need for the adoption of open educational resources in higher education has been growing. The Covid 19 pandemic has shown the gap for the creation and development of technology mediated learning on Higher Education.
The curricular unit of Multimedia Technologies for eLearning of the Multimedia Engineering degree from the Instituto Superior de Tecnologias Avançadas (Lisbon, Portugal) was the chosen example for the promotion and development of this kind of content.
After defining the needs arising from the teaching-learning system of the 21st century we came to the conclusion that the video effect would be the widely adopted resource. Thinking about online video consumption to captivate the attention and motivate young students was part of this study.
In this article we have tried to give a brief approach to an experiment of a higher education institution that we hope has given, besides testimony, contributions to a design of proximity between Professors and Students.
Keywords
E-learning; Open educational resources; Education; Audio-scripto-visual.
References
[1] Branco, P. D. (2020). Video as a media in distance learning: guiding principles. Kriativ-Tech, 1(7). https://doi.org/10.31112/kriativ-tech-2020-06-36.
[2] Governo de Portugal. (2019). RJEAD - Decreto-Lei n.o 133/2019. Diário Da República, 1(168), 49–57. https://data.dre.pt/eli/dec-lei/133/2019/09/03/p/dre
[3] Eurostat. (2022). Interest in online education grows in the EU. https://ec.europa.eu/eurostat/web/products-eurostat-news/-/edn-20220124-1
[4] Hylén, J. (2020). Open Educational Resources: Opportunities and Challenges The OECD/CERI study on OER. www.oecd.org/edu/ceri
[5]
[6] OER Commons. (2022). Open Educational Resources. https://www.oercommons.org/oer-101
[7] Stracke, C. M., Downes, S., Conole, G., Burgos, D., & Nascimbeni, F. (2019). Are MOOCs Open Educational Resources? A literature review on history, definitions and typologies of OER and MOOCs. Open Praxis, 11(4), 331. https://doi.org/10.5944/openpraxis.11.4.1010
[8] Yuan, l. & Powell, S. (2014). Moocs and Open Education: implications for higher education. http://publications.cetis.ac.uk/wp-content/uploads/2013/03/moocs-and-open-education.pdf
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
Harden, N. (2013). The End of the University as We Know It, The American Interest. Retirado de http://the-american-interest.com/article.cfm?piece=1352.
Google. (2017). The Values of YouTube Study. https://www.thinkwithgoogle.com/advertising-channels/video/self-directed-learning-youtube/ accessed 14, november, 2022.
Oxford Economics. (2021). The State of The Creator Economy: Assessing the Economic, Societal, and Cultural Impact of YouTube in the US in 2021. https://www.oxfordeconomics.com/wp-content/uploads/2022/07/YT_OE_US_ImpactReport_2021.pdf
Lombard, M., & Ditton, T. (1997). At the heart of it all: The concept of presence. Journal of Computer-Mediated Communication, 3(2).
Dron, J., & Anderson, T. (2007). Collectives, networks, and groups in social software for e-learning. World Conference on E-Learning in Corporate, Government, Healthcare, and Higher Education (ELEARN) 2007, Quebec City, Quebec, Canada.
Vázquez, E. (2013). The Videoarticle: New Reporting Format in Scientific Journals and its Integration in MOOCs. Comunicar, 41, 83-91. (DOI: 10.3916/C41-2013-08).
Garrison, D. R., Anderson, T., & Archer, W. (2000). Critical inquiry in a text-based environment: Computer conferencing in higher education. Internet and Higher Education, 2(2-3), 87-105.
Application tool for information security and cybersecurity risk management in an organization
Kriativ-tech Volume 1, Issue 9, January 2023, Pages: xxx Received: Jan. 22, 2023; Accepted: Jan. 27, 2023. Published: Mar. 13, 2023.
Authors
Sérgio Pinto, Assistant Professor at ISTEC
Media
To cite this article
Sérgio Pinto, Application tool for information security and cybersecurity risk management in an organization
DOI: 10.31112/kriativ-tech-2022-06-81
Abstract
Currently organizations are increasingly exposed to information security and cybersecurity attacks. Therefore, this article intends to describe a process for analyzing/auditing potential risks to be able to assist an organization in choosing the security measures and controls to define and implement an adequate level of security. Additionally, this article also intends to be a reference for the development of an application tool to implement this process.
Keywords
Cybersecurity, Impact, Organization, Probability, Risk, Threat, Vulnerability.
References
[1] CNCS (2022), “Guia para Gestão de Riscos em matérias de Segurança da Informação e Cibersegurança”, retrieved from: https://www.cncs.gov.pt/docs/guia-de-gestao-dos-riscos.pdf
[2] CNCS (2019), “QNRCS: Quadro Nacional de Referência para a Cibersegurança”, retrieved from:
[3] Artigo 10º Decreto Lei nº 65/2021, 30 de julho, “Regime Jurídico da Segurança do Ciberespaço“, retrieved from:
[4] CNCS (2020), “Quadro de Avaliação de Capacidades de Cibersegurança”, retrieved from: https://www.cncs.gov.pt/docs/cncs-quadrodeavaliacao.pdf
[5] ISO/IEC 27005:2018, “Information technology -- Security techniques -- Information security risk management”, retrieved from: https://www.standards-pdf-download.com/iso-iec-27005-2018-download-free.html
[6] NIST (2022), “Risk Management Framework: Security and Privacy Controls for Information Systems and Organizations, Revision 5”, SP 800-53, retrieved from: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
[7] NP ISO/IEC 31000, “Gestão do Risco – Linhas de orientação”, retrieved from: http://qualitividade.pt/wp-content/uploads/2016/04/NPISO031000_2012.pdf
[8] ISO/IEC 27001:2022, “Information security, cybersecurity and privacy protection — Information security management systems — Requirements”
Enhancing Caesar’s Cipher
Kriativ-tech Volume 1, Issue 9, January 2023, Pages: xxx Received: Jan. 22, 2023; Accepted: Jan. 27, 2023. Published: Mar. 13, 2023.
Authors
António Santos, Assistant Professor at ISTEC
Media
To cite this article
António Santos, Enhancing Caesar’s Cipher
DOI: 10.31112/kriativ-tech-2022-06-80
Abstract
Before the invention of computers all methods were calculated manually, and as such the cryptographic methods developed during that period took this limitation into account. The Caesar Cipher method was one of the first to be used and disseminated in several countries. This method is very simple, which means that with current means you can break your security quickly and easily. However, it has a characteristic that, given its nature, any change to the method increases its safety, and like other authors in this article, it will be shown that a small change will imply some improvement in the method's safety; transforming the monoalphabetic substitution Caesar cipher into a polyalphabetic substitution cipher with a key created from the displacement element (key) supplied by the user.
Keywords
Encryption, Substitution cipher, Monoalphabetic, polyalphabetic, Caesar cipher, Vigenère cipher.
References
[1] Katz J, Lindell Y. (2015). Introduction to Modern Cryptography. 2nd ed. Florida: Taylor & Francis Group, LLC, CRC Press.
[2] Stinson DR, Paterson MB. (2018). Cryptography: Theory and Practice. 4th ed. Textbooks in Mathemátics. Florida: CRC Press.
[3] Holden J. (2017). The Mathematics of Secrets: Cryptography from Caesar Ciphers to Digital Encryption. New Jersey: Princeton University Press.
[4] Kahate A. (2003). Cryptography and Network Security. New Delhi: Tata McGraw-Hill.
[5] Kipper G. (2004). Investigator´s Guide to Steganography. Florida: Auerbach Publications.
[6] Paar C, Pelzl J. (2010). Understanding Cryptography: A Textbook for Students and Practitioners. Berlin: Springer-Verlag.
[7] Delfs H, Knebl H. (2007). Introduction to Cryptography: Principles and Applications. 2nd ed. Berlin: Springer-Verlag.
[8] Aggarwal S. (2016). A Review on Enhancing Caesar Cipher. International Journal of Research Science & Management. 3 (6): 14-20.
[9] Shrivastava M, Jain S, Singh P. (2016). Content Based Symmetric Key Algorithm, International Conference on Computational Modeling and Security, Procedia Computer Science. 85: 222-227.
[10] Stallings W. (2011). Cryptography and network security: Principles and Practice. 5th ed. New York: Prentice Hall.
[11] Singh S. (1999). The Code Book, Anchor Books: The Science of Secrecy from Ancient Egypt to Quantum Cryptography. New York: Anchor Boks.
[12] Stamp M, Low RM. (2007). Applied Cryptanalysis - Breaking Ciphers in the Real World, San Jose: Wiley-Interscience, John Wiley & Sons, Inc..
[13] Cobb C. (2004). Cryptography for Dummies, New Jersey: Wiley Publishing.
[14] Kumari S. (2017). A research Paper on Cryptography Encryption and Compression Techniques. International Journal Of Engineering And Computer Science. 6(4): 20915-20919.
[15] Katz J, Lindell Y. (2008). Introduction to Modern Cryptography. Florida: Taylor & Francis Group, LLC, CRC Press.
[16] Trappe W, Washington L. (2006). Introduction to Cryptography with Coding Theory. 2nd ed. New Jersey: Pearson Education Inc., Pearson-Prentice Hall.
[17] Churchhouse R. (2004). Codes and ciphers: Julius Caesar, the Enigma and the Internet. Cambridge: Cambridge University Press.
[18] Easttom W. (2021). Modern Cryptography Applied Mathematics for Encryption and Information Security. Cham: Springer Nature Switzerland AG, Springer.
[19] Sinkov A. (1966). Elementary Cryptanalysis - A Mathematical Approach. 5th Printing. Washington The Mathematical Association of America.
[20] Baldoni M.W, Ciliberto C. and Cattaneo G.M.P. (2009). Elementary Number Theory, Cryptography and Code. Roma: Springer-Verlag.
[21] Bauer C. (2013). Secret History: The Story of Cryptology. Filadelfia: Chapman and Hall/CRC.
[22] Schneier B. (1996). Applied Cryptography, 2nd ed. Illinois: John Wiley & Sons.
[23] Musa S.M. (2018). Network Security and Cryptography: A Self-teaching Introduction. Virgínia: Mercury Learning & Information.
[24] Mathur A. (2012). A Research paper: An ASCII value based dataencryption algorithm and its comparison with other symmetric data encryption algorithms. International Journal on Computer Science and Engineering (IJCSE). 4(9): 1650-1657..
[25] Singh P, Sen P. (2017). Enhancing Security of Caesar Cipher Using Divide and Conquer Approach. International Journal of Advance Research in Science and Enginheering. 6 (02): 144-150.
[26] Jain A, Dedhia R, Patil (2015). A. Enhancing the Security of Caesar Cipher Substitution Method using a Randomized Approach for more Secure Communication. International Journal of Computer Applications. 129(13): 6-11.
[27] Singh A, Nandal A, Malik S. (2012). Implementation of Caesar Cipher with Rail Fence for Enhancing Data Security. International Journal of Advanced Research in Computer Science and Software Engineering. (12): 78-82.
[28] Senthil K, Prasanthi K, Rajaram R. (2013). A Modern Avatar Of Julius Caesar and Vigenere Cipher. Proceedings of IEEE International Conference on Computational Intelligence and Computing Research.
[29] Bowne S. (2018). Hands-On Cryptography with Python. Birmingham: Packt Publishing.
Machine Learning and APTs
Kriativ-tech Volume 1, Issue 9, April 2018, Pages: xxx Received: Dec. 28, 2019; Accepted: Feb. 25, 2020. Published: Oct. 11, 2022.
Authors
Pedro Ramos Brandão, Full Professor – ISTEC Lisbon
Gabriel Pereira Matos, Computer Science MSc Student
Media
To cite this article
Pedro Ramos Brandão, Gabriel Pereira Matos Machine Learning and APTs
DOI: 10.31112/kriativ-tech-2022-06-79
Abstract
APTs, also known as Advanced Persistent Threats, are a type of cyberattack characterized by slow and stealthy methods of attack. As one of the most worrying attack methods today, it's important to understand what they are and how they work. At the moment, there are already some techniques for detecting APTs through the training and learning method known as Machine Learning. This article introduces the definitions of APTs and machine learning clarifies the operation of APTs, and introduces and discusses some techniques for APTs detection.
Keywords
Advanced Persistent Threats, Cybersecurity, Machine Learning
References
[1]A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, “A survey on Advanced persistent threats: Techniques, solutions, challenges, and research opportunities,” IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1851–1877, Jan. 2019.
[2]R. S. Ross, “Managing information security risk: Organization, mission, and information system view,” Special Publication (NIST SP)- 800-39, 2011.
[3]P. Chen, L. Desmet, and C. Huygens, “A study on advanced persistent threats,” in IFIP International Conference on Communications and Multimedia Security. Springer, 2014, pp. 63–72.
[4] E. M. Hutchins, M. J. Cloppert, R. M. Amin, and others, “Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains,” Leading Issues in Information Warfare & Security Research, vol. 1, no. 1, p. 80, 2011.
[5] A. K. Sood and R. J. Enbody, “Targeted cyberattacks: a superset of advanced persistent threats,” IEEE security & privacy, vol. 11, no. 1, pp. 54–61, 2013.
[6] O. S. V. D. (OSVDB), “Open source vulnerability database (osvdb),” 2012.
[7] P. Mell, K. Scarfone, and S. Romanosky, “Common vulnerability scoring system,” IEEE Security & Privacy, vol. 4, no. 6, 2006.
[8] M. Motoyama, D. McCoy, K. Levchenko, S. Savage, and G. M. Voelker, “An analysis of underground forums,” in Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference. ACM, 2011, pp. 71–80.
[9] M. Ussath, D. Jaeger, F. Cheng, and C. Meinel, “Advanced persistent threats: Behind the scenes,” in Information Science and Systems (CISS), 2016 Annual Conference on. IEEE, 2016, pp. 181–186.
[10]A. TrendLabsSM, “Spear-Phishing Email: Most Favored APT Attack Bait”, 2012.
[11]G. O’Gorman and G. McDonald, “The elderwood project”. Symantec Corporation, 2012.
[12]W. Gragido, “Lions at the watering hole: The voho affair,” RSA blog, vol. 20, 2012.
[13]D. Kindlund, D. Caselden, X. Chen, N. Moran, and M. Scott, “Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website,” FireEye, 13-Feb-2014. [Online]. Available: https://www.fireeye.com/blog/threat-research/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html. [Accessed: 13-Jul-2022].
[14]S. McClure et al., “Protecting your critical assets-lessons learned from operation aurora,” Tech. Rep., 2010.
[15]RSA FraudAction Research Labs, “The anatomy of the RSA attack,” RSA blog, 01-Apr-2011. [Online]. Available: http://blogs.rsa.com/anatomy-of-an-attack/. [Accessed: 13-Jul-2022].
[16]X. Wang, K. Zheng, X. Niu, B. Wu, and C. Wu, “Detection of command and control in advanced persistent threat based on independent access,” in Communications (ICC), 2016 IEEE International Conference on. IEEE, 2016, pp. 1–6.
[17]B. Harris, “Shadows in the cloud: An investigation of cyber espionage 2.0,” GovTech, 02-Aug-2010. [Online]. Available: https://www.govtech.com/dc/articles/shadows-in-the-cloud-an-investigation.html. [Accessed: 13-Jul-2022].
[18]M. Z. Rafique, P. Chen, C. Huygens, and W. Joosen, “Evolutionary algorithms for classification of malware families through different network behaviors,” in Proceedings of the 2014 Annual Conference on Genetic and Evolutionary Computation, 2014, pp. 1167–1174.
[19]E. Rajalakshmi, N. Asik Ibrahim, and V. Subramaniyaswamy, “A survey of machine learning techniques used to combat against the advanced persistent threat,” Applications and Techniques in Information Security, pp. 159–172, Nov. 2019.
[20]I. Ghafir, M. Hammoudeh, V. Prenosil, L. Han, R. Hegarty, K. Rabie, and F. J. Aparicio-Navarro, “Detection of advanced persistent threat using machine-learning correlation analysis,” Future Generation Computer Systems, vol. 89, pp. 349–359, Jul. 2018.
[21]H. HaddadPajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “A deep recurrent neural network based approach for internet of things malware threat hunting,” Future Generation Computer Systems, vol. 85, pp. 88–96, Mar. 2018.
[22]F. J. Aparicio-Navarro, K. G. Kyriakopoulos, Y. Gong, D. J. Parish, and J. A. Chambers, “Using Pattern-of-Life as Contextual Information for Anomaly-Based Intrusion Detection Systems,” IEEE Access, vol. 5, pp. 22177–22193, 2017, doi: 10.1109/ACCESS.2017.2762162.
[23]S.-T. Liu, Y.-M. Chen, and S.-J. Lin, “A novel search engine to uncover potential victims for apt investigations,” in IFIP International Conference on Network and Parallel Computing, 2013, pp. 405–416.
[24]G. E. Hinton, “Deep belief networks,” Scholarpedia, vol. 4, no. 5, p. 5947, 2009.
[25]M. Moradi and M. Zulkernine, “A neural network based system for intrusion detection and classification of attacks,” in Proceedings of the IEEE international conference on advances in intelligent systems-theory and applications, 2004, pp. 15–18.
[26]M. Balduzzi, V. Ciangaglini, and R. McArdle, “Targeted attacks detection with spunge,” in 2013 Eleventh Annual Conference on Privacy, Security and Trust, 2013, pp. 185–194.
[27]A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, “Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning,” IEEE transactions on sustainable computing, vol. 4, no. 1, pp. 88–95, 2018.