Design of architecture principles for a logistics focused, multi-sided data marketplace architecture

In today’s increasingly interconnected and digitized world, the logistics industry plays a critical role in global trade, enabling the seamless movement of goods across essential supply chains (Reinsel et al., 2020). The rapid evolution of digital technologies has led to an unprecedented proliferation of data generated from various aspects of...

Uncovering the vulnerable: Exploring the issue of TCP reflective amplification in the network of an ISP

The rapid growth of internet-connected devices has led to a significant increase in the number of cyber attacks, resulting in security challenges related to IoT. Researchers have discovered a new attack technique that can be used for launching large DDoS attacks, which involves TCP reflective amplification by abusing middleboxes and IoT devices....

Assessing the threat landscape of sectors as they adopt cloud-based email services

Email communication is a crucial part of the daily processes of enterprises. Organizations can opt for traditional infrastructure on-premise or use cloud-based email services provided by (foreign) cloud service providers. In Europe in particular, organizations from crucial sectors have been adopting cloudbasedemail services. The level of cloud...

Network intrusion prediction model using external data

Nowadays does the internet presence of companies increase, and with it, their attack surface and the probability of breaches: every information system in the company's network may be an entry point for an outsider. Therefore, companies need to secure their information systems. However, current risk assessment frameworks fail to connect the...

NURSE: eNd-UseR IoT malware detection tool for Smart homEs

IoT devices keep entering our homes with the promise of delivering more services and enhancing user experience; however, these new devices also carry along an alarming number of vulnerabilities and security issues. In most cases, the users of these devices are completely unaware of the security risks that connecting these devices entail. Current...

Dear customer, critters are crawling through your precious files: Understanding real-world evidence of QSnatch clean-up results and user experiences after warnings from the ISP

As the IoT is widely deployed in people’s homes, adversaries are busy exploiting the vulnerabilities of these devices. One kind of such device is the NAS device made by the company QNAP. Unfortunately, these devices are prone to the QSnatch malware. Unlike previous malware such as Mirai has this nasty habit, it settles deeper into the machine....

Centralised DNS-based Malware Mitigation: Examining the adoption and efficacy of centralised DNS-based malware mitigation services

Malware presents a growing problem in a world that is increasingly connected to, and reliant on, the internet. The growing, devastating potential of cyber attacks such as DDoS attacks on society and economy is largely the result of a new class of devices, the Internet of Things (IoT), whose characteristic vulnerabilities make them easy targets...

Privacy issues of mobile phone companies’ usage of Ultra-Wideband (UWB) technology: Analysing the use of UWB in mobile phones from a multi-actor perspective, magnifying privacy concerns and formulating guidelines

Ultra-Wideband (UWB) technology became unregulated within the EU in 2007. Most recently, it was integrated into mobile phones in 2019, notably Apply and Samsung adding it to all their newer models. While UWB is characterised as a radio technology with any signal above 500 MHz, it operates within the 6-9 GHz<br/>range in mobile phones. This...

The Root Cause of Data Breaches: Investigating security misconfigurations as the root cause of data breaches

In the past decade, the world has experienced numerous severe and impactful data breaches, without indications of this development slowing down. Even worse, research has shown data breaches are still waiting to happen. The occurrence of a data breach has consequences for several involved parties and for society in general. It is therefore only...

Where do all the idIoTs come from?: Identification of Insecurely Developed IoT devices and a corresponding analysis of Dutch digital markets that sell them

Clustering Malware's Network Behavior using Simple Sequential Features

Developing malware variants is extremely cheap for attackers because of the availability of various obfuscation tools. These variants can be grouped in malware families, based on information retrieved from their static and dynamic analysis. Dynamic, network-level analysis of malware shows its core behavior since it captures the interaction with...

Development of Injected Code Attacks in Online Banking Fraud Incidents: An exploratory study for understanding the evolution of code used by cyber criminals in financial malware

The frequency of online banking fraud incidents has increased over the last years. A method used by different cybercriminals is the injection of malicious code into the targeted web pages. For example, attackers might inject an additional piece code into the webpage of a targeted bank asking users to enter extra personal information (e.g., the...