Pub Date : 2023-03-02DOI: 10.5604/01.3001.0053.8029
Bartosz Słupczewski
The purpose of this article is to present the highlights of cell phone attacks, along with adiscussion of how the actors and software operate. For many people, mobile devices are anintegral part of daily life, which is used for contacting, searching for information or managingfinances. Storing sensitive information in the memory of phones increases the interest ofcybercriminals in this sphere, thus the use of spyware. The paper first presents highlights from thetimeline of the use of malware to attack cell phones. Then the history of the Hacking Teamcompany was introduced, along with the spyware tool developed. The Dark Caracal campaign andthe use of Pegasus software in the EU were also presented. With the increase in the amount ofsensitive data processed via cell phones, there is a need to verify the security level of devices andthe effectiveness of security features.
{"title":"HISTORY AND OVERVIEW OF ATTACKS AGAINST CELL PHONES","authors":"Bartosz Słupczewski","doi":"10.5604/01.3001.0053.8029","DOIUrl":"https://doi.org/10.5604/01.3001.0053.8029","url":null,"abstract":"The purpose of this article is to present the highlights of cell phone attacks, along with adiscussion of how the actors and software operate. For many people, mobile devices are anintegral part of daily life, which is used for contacting, searching for information or managingfinances. Storing sensitive information in the memory of phones increases the interest ofcybercriminals in this sphere, thus the use of spyware. The paper first presents highlights from thetimeline of the use of malware to attack cell phones. Then the history of the Hacking Teamcompany was introduced, along with the spyware tool developed. The Dark Caracal campaign andthe use of Pegasus software in the EU were also presented. With the increase in the amount ofsensitive data processed via cell phones, there is a need to verify the security level of devices andthe effectiveness of security features.","PeriodicalId":269616,"journal":{"name":"Cybersecurity & Cybercrime","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125100719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-02DOI: 10.5604/01.3001.0053.8028
P. Kata
W artykule przedstawiono przegląd metod przyjętych przez Międzynarodową OrganizacjęHydrograficzną w schemacie ochrony danych mających na celu zapewnić autentyczność iintegralność plików obszarów map nawigacyjnych wykorzystywanych przez nawigatorówjednostek pływających obsługujących system ECDIS. Przedstawiono sposób tworzeniacertyfikatów dystrybutorów map elektronicznych potwierdzających autentyczność ich podpisówcyfrowych oraz sposób zapewnienia integralności dostarczanych plików map. Opisano metodęasynchronicznego szyfrowania danych przy użyciu pary kluczy: prywatnego i publicznego,wykorzystywaną w schemacie ochrony danych Międzynarodowej Organizacji Hydrograficznej.Przedstawiona została procedura weryfikacji autentyczności i integralności plików mapelektronicznych przez użytkownika końcowego.
{"title":"AUTENTYCZNOŚĆ I INTEGRALNOŚĆ ELEKTRONICZNYCHMAP NAWIGACYJNYCH W SYSTEMIE ECDIS","authors":"P. Kata","doi":"10.5604/01.3001.0053.8028","DOIUrl":"https://doi.org/10.5604/01.3001.0053.8028","url":null,"abstract":"W artykule przedstawiono przegląd metod przyjętych przez Międzynarodową OrganizacjęHydrograficzną w schemacie ochrony danych mających na celu zapewnić autentyczność iintegralność plików obszarów map nawigacyjnych wykorzystywanych przez nawigatorówjednostek pływających obsługujących system ECDIS. Przedstawiono sposób tworzeniacertyfikatów dystrybutorów map elektronicznych potwierdzających autentyczność ich podpisówcyfrowych oraz sposób zapewnienia integralności dostarczanych plików map. Opisano metodęasynchronicznego szyfrowania danych przy użyciu pary kluczy: prywatnego i publicznego,wykorzystywaną w schemacie ochrony danych Międzynarodowej Organizacji Hydrograficznej.Przedstawiona została procedura weryfikacji autentyczności i integralności plików mapelektronicznych przez użytkownika końcowego.","PeriodicalId":269616,"journal":{"name":"Cybersecurity & Cybercrime","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126058555","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-02DOI: 10.5604/01.3001.0053.8026
Arkadiusz Gałecki
The article below discusses the broadly understood approach to modern service managementbased on the best market practices. The basis for the preparation of the study were, among others,such practices as: ITILv4, Lean, Agile, Scrum, Theory of Constraints, DevOps, DevSecOps,Rugged DevOps, SRE and many years of design and training experience of the author in theabove areas. The article addresses an approach to service management that can be widely used invarious areas, from the defense sector or the armed forces, through the public sector, to businessorganizations, in order to provide high-quality, safe products and services that meet customerexpectations.
{"title":"MANAGING IT SERVICES WITH MODERN METHODOLOGIES","authors":"Arkadiusz Gałecki","doi":"10.5604/01.3001.0053.8026","DOIUrl":"https://doi.org/10.5604/01.3001.0053.8026","url":null,"abstract":"The article below discusses the broadly understood approach to modern service managementbased on the best market practices. The basis for the preparation of the study were, among others,such practices as: ITILv4, Lean, Agile, Scrum, Theory of Constraints, DevOps, DevSecOps,Rugged DevOps, SRE and many years of design and training experience of the author in theabove areas. The article addresses an approach to service management that can be widely used invarious areas, from the defense sector or the armed forces, through the public sector, to businessorganizations, in order to provide high-quality, safe products and services that meet customerexpectations.","PeriodicalId":269616,"journal":{"name":"Cybersecurity & Cybercrime","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124517899","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-02DOI: 10.5604/01.3001.0053.8030
Bartosz Smutek
The purpose of the article is to show the most important attacks from North Korea and theiroffensive and defensive capabilities. The structure of cyber organizations and their operations arepresented. Nowadays North Korea is seen head on as a military threat, the work aims to presenttheir potential cyber capabilities and the attacks they have made. The beginning of the workdescribes issues related to the organization of the structures, their structure, role and purpose. Thenext section presents the most interesting attacks related to spying and information extraction,cyber-terrorism operations and financial extraction, which are most often used to strengthenmilitary capabilities. This was followed by a closer look at the Lazarus group's activities, theirtactics, tasks and the attacks they have committed. The subject of Poland, which has also been thetarget of attacks, was also touched upon. Finally, the topic of the future strategy of cyber forceswas discussed.
{"title":"NORTH KOREA’S CYBER CAPABILITIES","authors":"Bartosz Smutek","doi":"10.5604/01.3001.0053.8030","DOIUrl":"https://doi.org/10.5604/01.3001.0053.8030","url":null,"abstract":"The purpose of the article is to show the most important attacks from North Korea and theiroffensive and defensive capabilities. The structure of cyber organizations and their operations arepresented. Nowadays North Korea is seen head on as a military threat, the work aims to presenttheir potential cyber capabilities and the attacks they have made. The beginning of the workdescribes issues related to the organization of the structures, their structure, role and purpose. Thenext section presents the most interesting attacks related to spying and information extraction,cyber-terrorism operations and financial extraction, which are most often used to strengthenmilitary capabilities. This was followed by a closer look at the Lazarus group's activities, theirtactics, tasks and the attacks they have committed. The subject of Poland, which has also been thetarget of attacks, was also touched upon. Finally, the topic of the future strategy of cyber forceswas discussed.","PeriodicalId":269616,"journal":{"name":"Cybersecurity & Cybercrime","volume":"129 16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130870497","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-02DOI: 10.5604/01.3001.0053.8018
Jerzy Kosinski
The article introduces the concept of artificial intelligence and identifies its main applications inthe field of cybersecurity. The main problems of scale, context, precision, accuracy, and speed aredescribed. The types of problems solved by machine learning are identified. Attention was paid tothe risks and limitations of using artificial intelligence in cybersecurity and the problems ofimplementing it in an organisation.
{"title":"ARTIFICIAL INTELLIGENCE AND CYBERSECURITY","authors":"Jerzy Kosinski","doi":"10.5604/01.3001.0053.8018","DOIUrl":"https://doi.org/10.5604/01.3001.0053.8018","url":null,"abstract":"The article introduces the concept of artificial intelligence and identifies its main applications inthe field of cybersecurity. The main problems of scale, context, precision, accuracy, and speed aredescribed. The types of problems solved by machine learning are identified. Attention was paid tothe risks and limitations of using artificial intelligence in cybersecurity and the problems ofimplementing it in an organisation.","PeriodicalId":269616,"journal":{"name":"Cybersecurity & Cybercrime","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116795420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-02DOI: 10.5604/01.3001.0053.8027
Rafał Bogiel
In 1995, George Marsaglia published a collection of randomness tests , "DIE HARD". One of thetests included there was the ,,Parking Lot Test", which was designed around the problem ofrandomly placing hyperspheres in d-dimensional space. Designed in this way, the randomness testworked very well for small amounts of data and was able to detect randomness where other testshad failed. However, due to its statistical properties, it could not cope with longer bit strings.The main objective of the present study was to parameterise the test under investigation so that itcould be used to test longer pseudorandom strings. The statistical properties of the test withalready different parameters were established empirically by performing a series of tests onstrings generated by pseudorandom generators constructed from Trivium and LFSR ciphersencrypted with the AES-128-ECB algorithm.The work also included an analysis of the possibility of optimizing the computational andmemory performance of the test. As a result of the research, the parameters of the test wereselected to allow an increase in the amount of analyzed data, while maintaining the computationaland memory complexity that allows its practical application.This article is an abstract of a Master's thesis of the same title9, which received a distinction in the2nd edition of the competition for the Marian Rejewski Award for the best Master's thesis in thefield of cyber security and cryptology.
{"title":"ANALYSIS OF THE GENERALISABILITY OF THE PARKING TEST","authors":"Rafał Bogiel","doi":"10.5604/01.3001.0053.8027","DOIUrl":"https://doi.org/10.5604/01.3001.0053.8027","url":null,"abstract":"In 1995, George Marsaglia published a collection of randomness tests , \"DIE HARD\". One of thetests included there was the ,,Parking Lot Test\", which was designed around the problem ofrandomly placing hyperspheres in d-dimensional space. Designed in this way, the randomness testworked very well for small amounts of data and was able to detect randomness where other testshad failed. However, due to its statistical properties, it could not cope with longer bit strings.The main objective of the present study was to parameterise the test under investigation so that itcould be used to test longer pseudorandom strings. The statistical properties of the test withalready different parameters were established empirically by performing a series of tests onstrings generated by pseudorandom generators constructed from Trivium and LFSR ciphersencrypted with the AES-128-ECB algorithm.The work also included an analysis of the possibility of optimizing the computational andmemory performance of the test. As a result of the research, the parameters of the test wereselected to allow an increase in the amount of analyzed data, while maintaining the computationaland memory complexity that allows its practical application.This article is an abstract of a Master's thesis of the same title9, which received a distinction in the2nd edition of the competition for the Marian Rejewski Award for the best Master's thesis in thefield of cyber security and cryptology.","PeriodicalId":269616,"journal":{"name":"Cybersecurity & Cybercrime","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131404802","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-02DOI: 10.5604/01.3001.0053.8021
Andrzej Tałuć
Niniejsze opracowanie przedstawia problematykę związaną z zagadnieniami dotyczącymibezpieczeństwa informacyjnego, krytycznej infrastruktury informacyjnej, obiektów krytycznejinfrastruktury informacyjnej, kategoryzacji obiektów krytycznej infrastruktury informacyjnej.Przytaczane są także informacje z rosyjskich źródeł otwartych na temat powstałych zagrożeń w2022 roku, szczególnie po 24 lutego tj. rozpoczęcia przez Federację Rosyjską wojny napastniczejna Ukrainę, w obszarze szeroko rozumianego cyberbezpieczeństwa. Z przedstawionych opiniirosyjskich ekspertów w dziedzinie cyberbezpieczeństwa przedstawia się obraz wzmożonychataków ukraińskich (innych czynników zewnętrznych) w trakcie trwającego konfliktu, a takżeniewystarczających własnych możliwości przeciwdziałania cyberzagrożeniom.
{"title":"KRYTYCZNA INFRASTRUKTURA INFORMACYJNA FEDERACJI ROSYJSKIEJ","authors":"Andrzej Tałuć","doi":"10.5604/01.3001.0053.8021","DOIUrl":"https://doi.org/10.5604/01.3001.0053.8021","url":null,"abstract":"Niniejsze opracowanie przedstawia problematykę związaną z zagadnieniami dotyczącymibezpieczeństwa informacyjnego, krytycznej infrastruktury informacyjnej, obiektów krytycznejinfrastruktury informacyjnej, kategoryzacji obiektów krytycznej infrastruktury informacyjnej.Przytaczane są także informacje z rosyjskich źródeł otwartych na temat powstałych zagrożeń w2022 roku, szczególnie po 24 lutego tj. rozpoczęcia przez Federację Rosyjską wojny napastniczejna Ukrainę, w obszarze szeroko rozumianego cyberbezpieczeństwa. Z przedstawionych opiniirosyjskich ekspertów w dziedzinie cyberbezpieczeństwa przedstawia się obraz wzmożonychataków ukraińskich (innych czynników zewnętrznych) w trakcie trwającego konfliktu, a takżeniewystarczających własnych możliwości przeciwdziałania cyberzagrożeniom.","PeriodicalId":269616,"journal":{"name":"Cybersecurity & Cybercrime","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126258804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-02DOI: 10.5604/01.3001.0053.8023
Jacek Bil
The subject of this article is devoted to the actions taken by personnel of organizations that havebecome the target of a ransomware attack. It should be noted here that within the framework ofthe considerations undertaken, reference was made not to technical - IT undertakings aimed atunlocking the attacked system, but to the harmfulness of ransomware behavior, both in the area ofactivities of public entities and in the business environment. The methodology for thedevelopment of the article was based on the analysis of information on the phenomenon ofransomware, as well as on the ranking and analysis of the legislation governing the issue ofliability in the event of ransomware placement. The research problem of the manuscript wascontained in the question: what are the consequences for those who decide to transferransomware, as well as those who seek a way to finance the ransomware attack? At the same time,it was assumed that this is the responsibility of both those who decide to pay the ransom and thepersonnel who supervise the activities of the entities. It was also attempted to depict that theresponsibility for the ransomware decision arises both in the area of public entities and withingthe scope of companies prospering in the private economic sector.
{"title":"CONSEQUENCES OF PAYING A RANSOM WHILE RANSOMWARE ATTACK","authors":"Jacek Bil","doi":"10.5604/01.3001.0053.8023","DOIUrl":"https://doi.org/10.5604/01.3001.0053.8023","url":null,"abstract":"The subject of this article is devoted to the actions taken by personnel of organizations that havebecome the target of a ransomware attack. It should be noted here that within the framework ofthe considerations undertaken, reference was made not to technical - IT undertakings aimed atunlocking the attacked system, but to the harmfulness of ransomware behavior, both in the area ofactivities of public entities and in the business environment. The methodology for thedevelopment of the article was based on the analysis of information on the phenomenon ofransomware, as well as on the ranking and analysis of the legislation governing the issue ofliability in the event of ransomware placement. The research problem of the manuscript wascontained in the question: what are the consequences for those who decide to transferransomware, as well as those who seek a way to finance the ransomware attack? At the same time,it was assumed that this is the responsibility of both those who decide to pay the ransom and thepersonnel who supervise the activities of the entities. It was also attempted to depict that theresponsibility for the ransomware decision arises both in the area of public entities and withingthe scope of companies prospering in the private economic sector.","PeriodicalId":269616,"journal":{"name":"Cybersecurity & Cybercrime","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126225225","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-02DOI: 10.5604/01.3001.0053.8020
Adam Stojałowski
The aim of this article is to present the characteristics of advanced malware in terms of the recentcyber-attacks. The subject of the considerations is to approximate and analyze the techniques usedby malicious software in order to bypass security and protection functions, which in turn may leadto taking control over the attacked computer. The aim of the article is also to introduce theconcept of secure access to the public network.
{"title":"THE IMPACT OF MALWARE ON THE INTERNET","authors":"Adam Stojałowski","doi":"10.5604/01.3001.0053.8020","DOIUrl":"https://doi.org/10.5604/01.3001.0053.8020","url":null,"abstract":"The aim of this article is to present the characteristics of advanced malware in terms of the recentcyber-attacks. The subject of the considerations is to approximate and analyze the techniques usedby malicious software in order to bypass security and protection functions, which in turn may leadto taking control over the attacked computer. The aim of the article is also to introduce theconcept of secure access to the public network.","PeriodicalId":269616,"journal":{"name":"Cybersecurity & Cybercrime","volume":"234 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114262115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-02DOI: 10.5604/01.3001.0053.8025
Sebastian Burgemejster
The purpose of this article is to present the concept of antifragility as developed within TheAntifragility Institute and its application in a dynamic and changing environment. This is the firstarticle in a series describing an indication of the fragility and inadequacy of the solutions usedtoday to the challenges faced by organisations, particularly in the area of security management.The article is intended to be an introduction and to build a foundation of knowledge onantifragility for further consideration by the author and its application
{"title":"ANTIFRAGILITY IN SECURITY MANAGEMENT IN AN ERA OFTURBULENCE","authors":"Sebastian Burgemejster","doi":"10.5604/01.3001.0053.8025","DOIUrl":"https://doi.org/10.5604/01.3001.0053.8025","url":null,"abstract":"The purpose of this article is to present the concept of antifragility as developed within TheAntifragility Institute and its application in a dynamic and changing environment. This is the firstarticle in a series describing an indication of the fragility and inadequacy of the solutions usedtoday to the challenges faced by organisations, particularly in the area of security management.The article is intended to be an introduction and to build a foundation of knowledge onantifragility for further consideration by the author and its application","PeriodicalId":269616,"journal":{"name":"Cybersecurity & Cybercrime","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128967326","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: