Kitty Klioski & Nineta Polemi
Cyber attackers continuously show new levels of intention by performing more sophisticated attacks on networks and important infrastructures (e.g., hospitals). This is an urgent situation calling for a swift improvement for cyber defenders. Hence, a paradigm shift is necessary to ameliorate the effectiveness of current practices. Behavioural, social and psychological related information about the attackers is considered in this paper, important elements of the Cyber Threat Intelligence (CTI) that improve cyber defense practices. The aims of this paper are to firstly provide a review of relevant behavioural and social theories and models that can be used for better capturing the attackers’ characteristics and then to utilize them by giving insights on more realistic security measurements.
Klioski, K. & Polemi, N. (2020). Psychosocial approach to cyber threat intelligence. International Journal of Chaotic Computing, 7(1), 159-165.
Syed Ahmed Ali, Shahzad Memon, Lachhman Das Dhomeja, Djordje Djokic & Farhan Sahito
Internet-based cloud technology is a network of remote data centers often placed beyond the country's legal frontiers worldwide. Contrary to the benefits of cloud computing, it is also a target of cybercriminals who may affect its resources on a larger scale by a single exploit. For protecting the cloud resources and increasing the confidence of cloud users, it is necessary to make one accountable for disrupting its services based on relevant evidence that proves someone's guilt in a court of law. In the literature, various frameworks have been presented for evidence collection against the attack on the cloud service for Cloud Service providers (CSP), but there is no framework for LEAs. Unfortunately, the evidence of a security breach in the cloud resides under the control of CSP, which is the sole custodian of cloud resources. However, the CSP does not fully cooperate with the investigators due to various legal, technical, and operational reasons. Hence the entire prosecution is dependent on the provision of evidence by the CSP, which is a great challenge for law enforcement around the world. The study's objective is to design a framework that mitigates the dependency of CSP by collecting the evidence of a security incident outside the cloud by colluding the Internet Service Providers (ISPs) and law Enforcement for a particular cloud service. The framework integrates the components that can detect the attack on a cloud service earlier at ISP and store the logs of the incident in a forensic server which can be used for forensics purposes as and when required.
Ali, S. A., Memon, S., Das Dhomeja, L., Djokic, D., & Sahito, F. (2022). Cloud forensics framework for law enforcement agencies. Journal of Southwest Jiaotong University, 57(2), 83-96. https://doi.org/10.35741/issn.0258-2722.214.171.124
David Wright, Krzysztof Garstka, & Richa Kumar
Law enforcement agencies (LEAs) face serious challenges in addressing the growing wave of cybercrime across Europe. They have limited human and financial resources to push back against this wave. Their tools and technologies are often a generation behind those of cybercriminals and terrorists on the dark web, deep web and dark nets. LEAs have to operate with ethical, data protection and social constraints that are meaningless to cybercriminals. They also have to respect national borders that don’t exist in cyberspace. This article briefly refers to the economic and social impacts of cybercrime, before discussing some of the principal challenges facing LEAs in responding to those impacts. We then focus on the EU-funded CC-DRIVER project, which is helping LEAs to address those challenges. Finally, we draw some conclusions on the near-term future of responses to cybercrime
Wright, D., Garstka, K., & Kumar, R. (2021). Rising to the proliferation of cybercrime challenging law enforcement agencies across Europe. European Law Enforcement Research Bulletin, 21, 81-98.
Kirsty Phillips, Julia C. Davidson, Ruby R. Farr, Christine Burkhardt, Stefano Caneppele & Mary Aiken
Cybercrime is becoming ever more pervasive and yet the lack of consensus surrounding
what constitutes a cybercrime has a significant impact on society, legal and policy response, and
academic research. Difficulties in understanding cybercrime begin with the variability in terminology
and lack of consistency in cybercrime legislation across jurisdictions. In this review, using a structured
literature review methodology, key cybercrime definitions, typologies and taxonomies were identified
across a range of academic and non-academic (grey literature) sources. The findings of this review
were consolidated and presented in the form of a new classification framework to understand
cybercrime and cyberdeviance. Existing definitions, typologies and taxonomies were evaluated, and
key challenges were identified. Whilst conceptualizing cybercrime will likely remain a challenge, this
review provides recommendations for future work to advance towards a universal understanding of
cybercrime phenomena as well as a robust and comprehensive classification system.
Phillips, K.; Davidson, J.C.; Farr, R.R.; Burkhardt, C.; Caneppele, S.; & Aiken, M. (2022). Conceptualizing cybercrime: Definitions, typologies and taxonomies. Forensic Sciences, 2, 379–398. https://doi.org/10.3390/forensicsci2020028