Sign in to use this feature.

Years

Between: -

Subjects

remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline

Journals

Article Types

Countries / Regions

Search Results (56)

Search Parameters:
Keywords = cyber threat actors

Order results
Result details
Results per page
Select all
Export citation of selected articles as:
18 pages, 3766 KB  
Article
Living Off the Land Attacks on IEC 61850 Substations
by Robin Eriksen Birkeland and Siv Hilde Houmb
Appl. Sci. 2026, 16(13), 6693; https://doi.org/10.3390/app16136693 - 3 Jul 2026
Viewed by 126
Abstract
Power from Shore (PfS) is becoming more widespread for offshore petroleum installations, which have introduced new dependencies and the potential for a single point of failure. In addition, the cyber threat landscape is increasing, with state-sponsored actors demonstrating the capabilities and willingness to [...] Read more.
Power from Shore (PfS) is becoming more widespread for offshore petroleum installations, which have introduced new dependencies and the potential for a single point of failure. In addition, the cyber threat landscape is increasing, with state-sponsored actors demonstrating the capabilities and willingness to target Operational Technology (OT) systems. Threat actors have been seen using living off the land techniques, such as with the Industroyer malware, which utilized legitimate but malicious IEC 104 commands to open circuit breakers. To evaluate these vulnerabilities, in this study, a Design Science Research approach was applied to map a generalized substation and develop a Software-in-the-Loop simulator, which was used to test a specific attack vector against substation automation systems. The results confirm that an adversary with local network access can successfully inject valid IEC 61850 Manufacturing Message Specification (MMS) commands to trigger unauthorized circuit breaker operations. Furthermore, it is also shown that a simulated substation can be used as a tool when developing OT malware. Full article
(This article belongs to the Section Electrical, Electronics and Communications Engineering)
15 pages, 212 KB  
Article
Trends in Non-Profit Cybersecurity: Analyzing Three Years of Incident Data from the NPCIR
by Stanley J. Mierzwa, Joanna Paliszkiewicz and Edyta Skarzyńska
Information 2026, 17(6), 601; https://doi.org/10.3390/info17060601 - 17 Jun 2026
Viewed by 753
Abstract
This study analyzes cyberattack trends targeting non-profit organizations using longitudinal data collected over a three-year period within the Non-Profit Cybersecurity Incident Repository (NPCIR). Developed through a National Security Agency Center of Academic Excellence in Cyber Defense (NSA CAE-CD) designated center, the NPCIR applies [...] Read more.
This study analyzes cyberattack trends targeting non-profit organizations using longitudinal data collected over a three-year period within the Non-Profit Cybersecurity Incident Repository (NPCIR). Developed through a National Security Agency Center of Academic Excellence in Cyber Defense (NSA CAE-CD) designated center, the NPCIR applies an open-source intelligence (OSINT) methodology to systematically document cybersecurity incidents affecting the global non-profit sector. This study examines attack types, threat actor characteristics, sectoral distribution, and cybersecurity impacts using the Confidentiality–Integrity–Availability (CIA) triad framework. The results indicate that availability-related incidents, particularly ransomware and distributed denial-of-service (DDoS) attacks, constitute the most prevalent threats, while confidentiality breaches remain highly significant due to frequent data exposure incidents. Statistical analyses further demonstrate significant differences between non-profit organizations aligned with DHS CISA critical infrastructure sectors and those operating outside these sectors, especially regarding the prevalence of availability-focused attacks. In addition to its empirical contribution, the NPCIR initiative supports experiential learning opportunities for undergraduate and graduate students in cybersecurity and information technology. The resulting dataset provides actionable cyber threat intelligence for researchers, practitioners, and non-profit leaders seeking to strengthen organizational cybersecurity resilience and awareness. Full article
(This article belongs to the Special Issue Trustworthy AI and Knowledge Management for Sustainable Organizations)
17 pages, 434 KB  
Article
MACD: Multi-Agent Collaborative Approach for Cybersecurity Defense Strategy Generation
by Nanfang Li, Xiang Li, Zongrong Li, Denghui Ma, Lijun Yan, Haishan Cao, Wenqian Zhang, Xu Wang and Yu Liu
Information 2026, 17(4), 370; https://doi.org/10.3390/info17040370 - 15 Apr 2026
Viewed by 708
Abstract
Cybersecurity defense strategy generation transforms threat intelligence into actionable defense measures against sophisticated multi-stage cyberattacks. Existing approaches lack multi-dimensional coordination of technical, tactical, and threat actor expertise, with limited benchmarks for evaluating defense strategy quality. To address these gaps, we introduce MACD (Multi-Agent [...] Read more.
Cybersecurity defense strategy generation transforms threat intelligence into actionable defense measures against sophisticated multi-stage cyberattacks. Existing approaches lack multi-dimensional coordination of technical, tactical, and threat actor expertise, with limited benchmarks for evaluating defense strategy quality. To address these gaps, we introduce MACD (Multi-Agent Collaborative Defense), a novel framework that orchestrates specialized AI agents to generate ATT&CK-aligned defense strategies. MACD deploys three expert agents for technical defense, kill chain phase analysis, and APT profiling, coordinated through a synthesizing agent, while leveraging retrieval-augmented generation to mitigate hallucination risks in threat mapping. Additionally, we construct CyberDefBench, a comprehensive benchmark combining real-world APT cases and synthetic scenarios with dual-layer annotations for reactive and proactive defenses. Experimental results demonstrate that MACD achieves 84.6% technique mapping accuracy and 72.3% defense coverage, significantly outperforming baseline methods and validating the effectiveness of multi-agent collaboration for cybersecurity defense. Full article
(This article belongs to the Section Artificial Intelligence)
Show Figures

Figure 1

26 pages, 914 KB  
Article
AI-Amplification Indicator: An Actor-Level Scoring Framework for Ransomware Operations on the Dark Web
by Mostafa Moallim, Seokhee Lee, Ibrahim Alzahrani, Faisal Abdulaziz Alfouzan and Kyounggon Kim
J. Cybersecur. Priv. 2026, 6(2), 70; https://doi.org/10.3390/jcp6020070 - 8 Apr 2026
Viewed by 1181
Abstract
Ransomware operations have evolved from isolated malware incidents into organized ransomware-as-a-service (RaaS) ecosystems that employ coordinated tactics, techniques, and procedures and increasingly rely on automation and artificial intelligence to scale intrusions. However, most assessments remain artifact-centric, focusing on malware signatures or aggregate victim [...] Read more.
Ransomware operations have evolved from isolated malware incidents into organized ransomware-as-a-service (RaaS) ecosystems that employ coordinated tactics, techniques, and procedures and increasingly rely on automation and artificial intelligence to scale intrusions. However, most assessments remain artifact-centric, focusing on malware signatures or aggregate victim counts, which provide limited visibility into differences in actor-level behavior and operational capability. This study introduces the AI-Amplification Indicator (AIAI), an interpretable actor-level scoring framework that transforms publicly observable leak-site disclosures and verifiable open-source evidence into quantitative behavioral profiles. Using continuous monitoring of dark web leak portals, we construct a standardized dataset of ransomware disclosures for 2025 with temporal, geographic, and sector metadata. AIAI measures four complementary dimensions: GenAI-enabled social engineering, operational tempo and orchestration, targeting breadth and diversification, and temporal scaling dynamics. Indicators are computed for all observed actors, while comparative profiling focuses on the ten most active actors to ensure stable behavioral estimation. The analysis reveals substantial heterogeneity in posting cadence, targeting strategies, and scaling dynamics, as well as limited but measurable evidence of automated or AI-assisted deception. These differences are not captured by victim counts alone. The proposed framework provides a transparent and reproducible approach for actor-level ransomware intelligence, enabling systematic comparison of operational styles and supporting data-driven defensive prioritization. Full article
(This article belongs to the Section Security Engineering & Applications)
Show Figures

Figure 1

25 pages, 4648 KB  
Systematic Review
Deep Reinforcement Learning Algorithms for Intrusion Detection: A Bibliometric Analysis and Systematic Review
by Lekhetho Joseph Mpoporo, Pius Adewale Owolawi and Chunling Tu
Appl. Sci. 2026, 16(2), 1048; https://doi.org/10.3390/app16021048 - 20 Jan 2026
Cited by 1 | Viewed by 1630
Abstract
Intrusion detection systems (IDSs) are crucial for safeguarding modern digital infrastructure against the ever-evolving cyber threats. As cyberattacks become increasingly complex, traditional machine learning (ML) algorithms, while remaining effective in classifying known threats, face limitations such as static learning, dependency on labeled data, [...] Read more.
Intrusion detection systems (IDSs) are crucial for safeguarding modern digital infrastructure against the ever-evolving cyber threats. As cyberattacks become increasingly complex, traditional machine learning (ML) algorithms, while remaining effective in classifying known threats, face limitations such as static learning, dependency on labeled data, and susceptibility to adversarial exploits. Deep reinforcement learning (DRL) has recently surfaced as a viable substitute, providing resilience in unanticipated circumstances, dynamic adaptation, and continuous learning. This study conducts a thorough bibliometric analysis and systematic literature review (SLR) of DRL-based intrusion detection systems (DRL-based IDS). The relevant literature from 2020 to 2024 was identified and investigated using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework. Emerging research themes, influential works, and structural relationships in the research fields were identified using a bibliometric analysis. SLR was used to synthesize methodological techniques, datasets, and performance analysis. The results indicate that DRL algorithms such as deep Q-network (DQN), double DQNs (DDQN), dueling DQN (D3QN), policy gradient methods, and actor–critic models have been actively utilized for enhancing IDS performance in various applications and datasets. The results highlight the increasing significance of DRL-based solutions for developing intelligent and robust intrusion detection systems and advancing cybersecurity. Full article
(This article belongs to the Special Issue Advances in Cyber Security)
Show Figures

Figure 1

79 pages, 837 KB  
Article
Critique of Networked Election Systems: A Comprehensive Analysis of Vulnerabilities and Security Measures
by Jason M. Green, Abdolhossein Sarrafzadeh and Mohd Anwar
Information 2026, 17(1), 10; https://doi.org/10.3390/info17010010 - 22 Dec 2025
Cited by 1 | Viewed by 4144
Abstract
The security and integrity of election systems represent fundamental pillars of democratic governance in the 21st century. As electoral processes increasingly rely on networked technologies and digital infrastructures, the vulnerability of these systems to cyber threats has become a paramount concern for election [...] Read more.
The security and integrity of election systems represent fundamental pillars of democratic governance in the 21st century. As electoral processes increasingly rely on networked technologies and digital infrastructures, the vulnerability of these systems to cyber threats has become a paramount concern for election officials, cybersecurity experts, and policymakers worldwide. This paper presents the first comprehensive synthesis and systematic analysis of vulnerabilities across major U.S. election systems, integrating findings from government assessments, security research, and documented incidents into a unified analytical framework. We compile and categorize previously fragmented vulnerability data from multiple vendors, federal advisories (CISA, EAC), and security assessments to construct a holistic view of the election security landscape. Our novel contribution includes (1) the first cross-vendor vulnerability taxonomy for election systems, (2) a quantitative risk assessment framework specifically designed for election infrastructure, (3) systematic mapping of threat actor capabilities against election system components, and (4) the first proposal for honeynet deployment in election security contexts. Through analysis of over 200 authoritative sources, we identify critical security gaps in federal guidelines, quantify risks in networked election components, and reveal systemic vulnerabilities that only emerge through comprehensive cross-system analysis. Our findings demonstrate that interconnected vulnerabilities create risk-amplification factors of 2-5x compared to isolated component analysis, highlighting the urgent need for comprehensive federal cybersecurity standards, improved network segmentation, and enhanced monitoring capabilities to protect democratic processes. Full article
Show Figures

Figure 1

28 pages, 6434 KB  
Article
Mapping Cyber Bot Behaviors: Understanding Payload Patterns in Honeypot Traffic
by Shiyu Wang, Cheng Tu, Yunyi Zhang, Min Zhang and Pengfei Xue
Sensors 2026, 26(1), 11; https://doi.org/10.3390/s26010011 - 19 Dec 2025
Cited by 1 | Viewed by 2338
Abstract
Cyber bots have become prevalent across the Internet ecosystem, making behavioral understanding essential for threat intelligence. Since bot behaviors are encoded in traffic payloads that blend with normal traffic, honeypot sensors are widely adopted for capture and analysis. However, previous works face adaptation [...] Read more.
Cyber bots have become prevalent across the Internet ecosystem, making behavioral understanding essential for threat intelligence. Since bot behaviors are encoded in traffic payloads that blend with normal traffic, honeypot sensors are widely adopted for capture and analysis. However, previous works face adaptation challenges when analyzing large-scale, diverse payloads from evolving bot techniques. In this paper, we conduct an 11-month measurement study to map cyber bot behaviors through payload pattern analysis in honeypot traffic. We propose TrafficPrint, a pattern extraction framework to enable adaptable analysis of diverse honeypot payloads. TrafficPrint combines representation learning with clustering to automatically extract human-understandable payload patterns without requiring protocol-specific expertise. Our globally distributed honeypot sensors collected 21.5 M application-layer payloads. Starting from only 168 K labeled payloads (0.8% of data), TrafficPrint extracted 296 patterns that automatically labeled 83.57% of previously unknown payloads. Our pattern-based analysis reveals actionable threat intelligence: 82% of patterns employ semi-customized structures balancing automation with targeted modifications; 13% contain distinctive identity markers enabling threat actor attribution, including CENSYS’s unique signature; and bots exploit techniques like masquerading as crawlers, embedding commands in brute-force attacks, and using base64 encoding for detection evasion. Full article
(This article belongs to the Special Issue Privacy and Security in Sensor Networks)
Show Figures

Figure 1

24 pages, 3662 KB  
Article
Maritime Industry Cybersecurity Threats in 2025: Advanced Persistent Threats (APTs), Hacktivism and Vulnerabilities
by Minodora Badea, Olga Bucovețchi, Adrian V. Gheorghe, Mihaela Hnatiuc and Gabriel Raicu
Logistics 2025, 9(4), 178; https://doi.org/10.3390/logistics9040178 - 18 Dec 2025
Cited by 1 | Viewed by 4609
Abstract
Background: The maritime industry, vital for global trade, faces escalating cyber threats in 2025. Critical port infrastructures are increasingly vulnerable due to rapid digitalization and the integration of IT and operational technology (OT) systems. Methods: Using 112 incidents from the Maritime [...] Read more.
Background: The maritime industry, vital for global trade, faces escalating cyber threats in 2025. Critical port infrastructures are increasingly vulnerable due to rapid digitalization and the integration of IT and operational technology (OT) systems. Methods: Using 112 incidents from the Maritime Cyber Attack Database (MCAD, 2020–2025), we developed a novel quantitative risk assessment model based on a Threat-Vulnerability-Impact (T-V-I) framework, calibrated with MITRE ATT&CK techniques and validated against historical incidents. Results: Our analysis reveals a 150% rise in incidents, with OT compromise identified as the paramount threat (98/100 risk score). Ports in Poland and Taiwan face the highest immediate risk (95/100), while the Panama Canal is assessed as the most probable next target (90/100). State-sponsored actors from Russia, China, and Iran are responsible for most high-impact attacks. Conclusions: This research provides a validated, data-driven framework for prioritizing defensive resources. Our findings underscore the urgent need for engineering-grade solutions, including network segmentation, zero-trust architectures, and proactive threat intelligence integration to enhance maritime cyber resilience against evolving threats. Full article
Show Figures

Figure 1

31 pages, 3690 KB  
Article
A Study on Improving the Automatic Classification Performance of Cybersecurity MITRE ATT&CK Tactics Using NLP-Based ModernBERT and BERTopic Models
by Jaehwan Baek, Jeonghoon O, Seungwoo Jeong and Wooju Kim
Electronics 2025, 14(22), 4434; https://doi.org/10.3390/electronics14224434 - 13 Nov 2025
Cited by 1 | Viewed by 1928
Abstract
Cyber Threat Intelligence (CTI) reports are essential resources for identifying the Tactics, Techniques, and Procedures (TTPs) of hackers and cyber threat actors. However, these reports are often lengthy and unstructured, which limits their suitability for automatic mapping to the MITRE ATT&CK framework. This [...] Read more.
Cyber Threat Intelligence (CTI) reports are essential resources for identifying the Tactics, Techniques, and Procedures (TTPs) of hackers and cyber threat actors. However, these reports are often lengthy and unstructured, which limits their suitability for automatic mapping to the MITRE ATT&CK framework. This study designs and compares five hybrid classification models that combine statistical features (TF-IDF), transformer-based contextual embeddings (BERT and ModernBERT), and topic-level representations (BERTopic) to automatically classify CTI reports into 12 ATT&CK tactic categories. Experiments using the rcATT dataset, consisting of 1490 public threat reports, show that the model integrating TF-IDF and ModernBERT achieved a micro-precision of 72.25%, reflecting a 10.07-percentage-point improvement in detection precision compared with the baseline. The model combining TF-IDF and BERTopic achieved a micro F0.5 of 67.14% and a macro F0.5 of 63.20%, demonstrating balanced performance across both frequent and rare tactic classes. These findings indicate that integrating statistical, contextual, and semantic representations can improve the balance between precision and recall while enabling clearer interpretation of model outputs in multi-label CTI classification. Furthermore, the proposed model shows potential applicability for improving detection efficiency and reducing analyst workload in Security Operations Center (SOC) environments. Full article
Show Figures

Figure 1

44 pages, 3307 KB  
Review
Evolution Cybercrime—Key Trends, Cybersecurity Threats, and Mitigation Strategies from Historical Data
by Muhammad Abdullah, Muhammad Munib Nawaz, Bilal Saleem, Maila Zahra, Effa binte Ashfaq and Zia Muhammad
Analytics 2025, 4(3), 25; https://doi.org/10.3390/analytics4030025 - 18 Sep 2025
Cited by 9 | Viewed by 24965
Abstract
The landscape of cybercrime has undergone significant transformations over the past decade. Present-day threats include AI-generated attacks, deep fakes, 5G network vulnerabilities, cryptojacking, and supply chain attacks, among others. To remain resilient against contemporary threats, it is essential to examine historical data to [...] Read more.
The landscape of cybercrime has undergone significant transformations over the past decade. Present-day threats include AI-generated attacks, deep fakes, 5G network vulnerabilities, cryptojacking, and supply chain attacks, among others. To remain resilient against contemporary threats, it is essential to examine historical data to gain insights that can inform cybersecurity strategies, policy decisions, and public awareness campaigns. This paper presents a comprehensive analysis of the evolution of cyber trends in state-sponsored attacks over the past 20 years, based on the council on foreign relations state-sponsored cyber operations (2005–present). The study explores the key trends, patterns, and demographic shifts in cybercrime victims, the evolution of complaints and losses, and the most prevalent cyber threats over the years. It also investigates the geographical distribution, the gender disparity in victimization, the temporal peaks of specific scams, and the most frequently reported internet crimes. The findings reveal a traditional cyber landscape, with cyber threats becoming more sophisticated and monetized. Finally, the article proposes areas for further exploration through a comprehensive analysis. It provides a detailed chronicle of the trajectory of cybercrimes, offering insights into its past, present, and future. Full article
Show Figures

Figure 1

27 pages, 2590 KB  
Article
A Novel Approach for Cyber Threat Analysis Systems Using BERT Model from Cyber Threat Intelligence Data
by Doygun Demirol, Resul Das and Davut Hanbay
Symmetry 2025, 17(4), 587; https://doi.org/10.3390/sym17040587 - 11 Apr 2025
Cited by 8 | Viewed by 5463
Abstract
As today’s cybersecurity environment is becoming increasingly complex, it is crucial to analyse threats quickly and effectively. A delayed response or lack of foresight can lead to data loss, reputational damage, and operational disruptions. Therefore, developing methods that can rapidly extract valuable threat [...] Read more.
As today’s cybersecurity environment is becoming increasingly complex, it is crucial to analyse threats quickly and effectively. A delayed response or lack of foresight can lead to data loss, reputational damage, and operational disruptions. Therefore, developing methods that can rapidly extract valuable threat intelligence is a critical need to strengthen defence strategies and minimise potential damage. This paper presents an innovative approach that integrates knowledge graphs and a fine-tuned BERT-based model to analyse cyber threat intelligence (CTI) data. The proposed system extracts cyber entities such as threat actors, malware, campaigns, and targets from unstructured threat reports and establishes their relationships using an ontology-driven framework. A named entity recognition dataset was created and a BERT-based model was trained. To address the class imbalance, oversampling and a focal loss function were applied, achieving an F1 score of 96%. The extracted entities and relationships were visualised and analysed using knowledge graphs, enabling the advanced threat analysis and prediction of potential attack targets. This approach enhances cyber-attack prediction and prevention through knowledge graphs. Full article
(This article belongs to the Special Issue Advanced Studies of Symmetry/Asymmetry in Cybersecurity)
Show Figures

Figure 1

20 pages, 914 KB  
Article
Cost-Efficient Hybrid Filter-Based Parameter Selection Scheme for Intrusion Detection System in IoT
by Gabriel Chukwunonso Amaizu, Akshita Maradapu Vera Venkata Sai, Madhuri Siddula and Dong-Seong Kim
Electronics 2025, 14(4), 726; https://doi.org/10.3390/electronics14040726 - 13 Feb 2025
Viewed by 1203
Abstract
The rapid growth of Internet of Things (IoT) devices has brought about significant advancements in automation, data collection, and connectivity across various domains. However, this increased interconnectedness also poses substantial security challenges, making IoT networks attractive targets for malicious actors. Intrusion detection systems [...] Read more.
The rapid growth of Internet of Things (IoT) devices has brought about significant advancements in automation, data collection, and connectivity across various domains. However, this increased interconnectedness also poses substantial security challenges, making IoT networks attractive targets for malicious actors. Intrusion detection systems (IDSs) play a vital role in protecting IoT environments from cyber threats, necessitating the development of sophisticated and effective NIDS solutions. This paper proposes an IDS that addresses the curse of dimensionality by eliminating redundant and highly correlated features, followed by a wrapper-based feature ranking to determine their importance. Additionally, the IDS incorporates cutting-edge image processing techniques to reconstruct data into images, which are further enhanced through a filtering process. Finally, a meta classifier, consisting of three base models, is employed for efficient and accurate intrusion detection. Simulation results using industry-standard datasets demonstrate that the hybrid parameter selection approach significantly reduces computational costs while maintaining reliability. Furthermore, the combination of image transformation and ensemble learning techniques achieves higher detection accuracy, further enhancing the effectiveness of the proposed IDS. Full article
(This article belongs to the Special Issue New Challenges in Cyber Security)
Show Figures

Figure 1

23 pages, 831 KB  
Article
Security and Privacy in Physical–Digital Environments: Trends and Opportunities
by Carolina Pereira, Anabela Marto, Roberto Ribeiro, Alexandrino Gonçalves, Nuno Rodrigues, Carlos Rabadão, Rogério Luís de Carvalho Costa and Leonel Santos
Future Internet 2025, 17(2), 83; https://doi.org/10.3390/fi17020083 - 12 Feb 2025
Cited by 11 | Viewed by 4612
Abstract
Over recent decades, internet-based communication has grown exponentially, accompanied by a surge in cyber threats from malicious actors targeting users and organizations, heightening the demand for robust security and privacy measures. With the emergence of physical–digital environments based on Mixed Reality (MR) and [...] Read more.
Over recent decades, internet-based communication has grown exponentially, accompanied by a surge in cyber threats from malicious actors targeting users and organizations, heightening the demand for robust security and privacy measures. With the emergence of physical–digital environments based on Mixed Reality (MR) and the Metaverse, new cybersecurity, privacy, and confidentiality challenges have surfaced, requiring innovative approaches. This work examines the current landscape of cybersecurity concerns in MR and Metaverse environments, focusing on their unique vulnerabilities and the risks posed to users and their data. Key challenges include authentication issues, data breaches, and risks to user anonymity. The work also explores advancements in secure design frameworks, encryption techniques, and regulatory approaches to safeguard these technologies. Additionally, it identifies opportunities for further research and innovation to strengthen data protection and ensure a safe, trustworthy experience in these environments. Full article
Show Figures

Figure 1

28 pages, 4277 KB  
Article
Analysing Cyber Attacks and Cyber Security Vulnerabilities in the University Sector
by Harjinder Singh Lallie, Andrew Thompson, Elzbieta Titis and Paul Stephens
Computers 2025, 14(2), 49; https://doi.org/10.3390/computers14020049 - 4 Feb 2025
Cited by 30 | Viewed by 23045
Abstract
Universities hold and process vast amounts of financial, user, and research data, which makes them prime targets for cybercriminals. In addition to the usual external threat actors, universities face a unique insider threat from students, who—alongside staff—may lack adequate cyber security training despite [...] Read more.
Universities hold and process vast amounts of financial, user, and research data, which makes them prime targets for cybercriminals. In addition to the usual external threat actors, universities face a unique insider threat from students, who—alongside staff—may lack adequate cyber security training despite having access to various sensitive systems. This paper provides a focused assessment of the current cyber security threats facing UK universities, based on a comprehensive review of available information. A chronological timeline of notable cyber attacks against universities is produced, with incidents classified according to the CIA triad (Confidentiality, Integrity, Availability) and incident type. Several issues have been identified. Limited disclosure of attack details is a major concern, as full information is often withheld for security reasons, hindering institutions’ abilities to assess vulnerabilities thoroughly and respond effectively. Additionally, universities increasingly rely on third-party service providers for critical services, meaning that an attack on these external providers can directly impact university operations and data security. While SQL injection attacks, previously a significant issue, appear to have declined in frequency—perhaps reflecting improvements in defences—other threats continue to persist. Universities report lower levels of concern regarding DDoS attacks, potentially due to enhanced resilience and mitigation strategies; however, ransomware and phishing attacks remain prevalent. Insider threats, especially from students with varied IT skills, exacerbate these risks, as insiders may unknowingly or maliciously facilitate cyber attacks, posing ongoing challenges for university IT teams. This study recommends that universities leverage these insights, along with other available data, to refine their cyber security strategies. Developing targeted policies, strengthening training, and implementing international standards will allow universities to enhance their security posture and mitigate the complex and evolving threats they face. Full article
(This article belongs to the Special Issue Cyber Security and Privacy in IoT Era)
Show Figures

Figure 1

17 pages, 4714 KB  
Article
The Evolution of Digital Security by Design Using Temporal Network Analysis
by Lowri Williams, Hamza Khan and Pete Burnap
Informatics 2025, 12(1), 8; https://doi.org/10.3390/informatics12010008 - 17 Jan 2025
Cited by 2 | Viewed by 3489
Abstract
Digital Security by Design (DSbD) is an initiative supported by the UK government aimed at transforming digital technology to deliver necessary digital resilience and prosperity across the UK. As emerging challenges in the field of digital security evolve, it becomes essential to explore [...] Read more.
Digital Security by Design (DSbD) is an initiative supported by the UK government aimed at transforming digital technology to deliver necessary digital resilience and prosperity across the UK. As emerging challenges in the field of digital security evolve, it becomes essential to explore how entities involved in DSbD interact and change over time. Understanding these dynamic relationships can provide crucial insights for the development and improvement of security practices. This paper presents a data-driven analysis of the evolving landscape of DSbD from 2019 to 2024, gathering insights from textual documents referencing DSbD. Using a combination of text mining techniques and network analysis, a large corpus of textual documents was examined to identify key entities, including organisations, individuals, and the relationships between them. A network was then visualised to analyse the structural connections between these entities, revealing how key concepts and actors have evolved. The results and discussion demonstrate that the network analysis offers a unique advantage in tracking and visualising these evolving relationships, providing insights into shifts in focus, emerging trends, and changes in technological adoption over time. For example, a notable finding from the analysis is the substantial increase in node relationships associated with Artificial Intelligence (AI). We hypothesise that this surge reflects the growing integration of AI into digital security strategies, driven by the need for more adaptive and autonomous solutions to tackle evolving cyber threats, as well as the rapid introduction of new AI tools to the market and their swift adoption across various industries. By mapping such connections, such results are useful, helping practitioners and researchers recognise new security demands and adjust strategies to better respond to the evolving landscape of DSbD. Full article
(This article belongs to the Section Big Data Mining and Analytics)
Show Figures

Figure 1

Back to TopTop