The Definitive Fraud Encyclopedia

This unique guide provides step-by-step instructions on how to commit fraud. From buying the correct hardware and software, to spoofing the personal details of your victims, to actually using stolen cards effectively. Originally published by an anonymous individual “Yegate”, this guide was bought by Brett Johnson, a former cyber criminal turned good, and released for free online for the public to read.     Read full paper    ...
Businesses can ensure they’re not affected by the next WannaCry

Businesses can ensure they’re not affected by the next WannaCry

WannaCry hit UK organisations hard. By equipping their people to defend against cyber crime, the same organisations can make WannaCry the last big attack they suffer. As I write this, on the afternoon of the 15th of May, 2017, several things are happening in response to the cyber attack WannaCry. First, Information Security Officers and IT personnel all over the world are rolling out updates and security patches, in an effort to prevent a WannaCry infection, fuelled no doubt by several more high-strength coffees than they’d otherwise drink in any given period. Second, affected businesses are...

Unwinding Ariadne’s Identity Thread: Privacy Risks with Fitness Trackers and Online Social Networks

The recent expansion of Internet of Things (IoT) and the growing trends towards a healthier lifestyle, have been followed by a proliferation in the use of fitness-trackers in our daily life. These wearable IoT devices combined with the extensive use by individuals of Online Social Networks (OSNs) have raised many security and privacy concerns. Individuals enrich the content of their online posts with their physical performance and attendance at sporting events, without considering the plausible risks that this may result in. This paper aims to examine the potential exposure of users’...
Confusing cyber security terminology helps cyber criminals attack

Confusing cyber security terminology helps cyber criminals attack

Today’s cyber security terminology is cryptic and confusing. Which is exactly what criminals want. On Friday, 21st of October 2016, a group of cyber-criminals sent out a warning. They flooded some of the world’s largest websites with unprecedented volumes of traffic, rendering platforms such as Twitter, Spotify and SoundCloud temporarily unusable. You’d think, given the ever-increasing risks cyber-criminals now pose, businesses would be taking steps to stay ahead of the game. But in 2015, 90% of the UK’s large businesses (and 74% of their smaller counterparts) experienced some form of...
3 common causes of cyber attacks that show we’re making things too easy for today’s cyber criminals

3 common causes of cyber attacks that show we’re making things too easy for today’s cyber criminals

While causes of cyber attacks vary, some are remarkably widespread. These 3 causes show how easy some criminals have it. Do you lock your front door when leaving the house unattended? There are criminals out there hoping you don’t. These people make a living out of lax security measures. They study their targets. They learn their routines. They break into houses without the use of force. Such people are the reason ordinary people lock their front doors when leaving their homes. So let’s talk about what happens when those same ordinary people boot up a laptop. Causes of cyber attacks You...

More Harm Than Good? How Messages That Interrupt Can Make Us Vulnerable

Paper highlighting how constant interrupting messages and updates from computers and phones can impair cognitive functioning due to an effect called dual-task interference (DTI). DTI suggests that 2 tasks can only be performed in unison if there is a loss in overall performance. Constant messages, updates and alerts mean humans are constantly performing numerous tasks, thus performing poorly.     Read full paper     Authors: Jeffrey L. Jenkins, Bonnie Brinton Anderson, Anthony Vance, C. Brock Kirwan, David...

How Do Vulnerabilities Get Into Software?

This paper, by application security platform Veracode, addresses the four main causes of vulnerabilities in software today. The authors investigate: insecure coding practises; the ever-shifting threat landscape; the reuse of vulnerable components and code; and idiosyncrasies of programming languages.     Read full paper    ...

The Effect of Social Influence on Security Sensitivity

Even though there has been an increased effort to increase security sensitivity amongst the population, most individuals ignore security advice. This paper found a few social influence processes – processes that influence the behaviours of individuals with words and actions – play a major role in many security-related behaviour changes, most likely due to the fact that these processes were effective at raising security sensitivity.     Read full paper     Authors: Sauvik Das, Tiffany Hyun-Jin Kim, Laura A. Dabbish, Jason I....

Comprehensive Study on Cybercrime

An in-depth and thorough study into the world of global cybercrime which highlights lessons learned from current and past cyber efforts. The study explores the global state of cybercrime, the challenges we face as we move into a digitally connected society and legislation aimed at reducing cybercrime.     Read full paper     Authors: United Nations Office on Drugs and Crime...

Teaching Johnny Not to Fall for Phish

Research focusing on educating users about phishing and identifying phishing emails, as opposed to using technology for prevention and detection. The research identified multiple problems, namely: that people were not motivated to learn about security; that security is seen as a secondary task; and that it’s difficult to teach people to identify threats without them also misidentifying non-threats. The authors conclude that education should be used in conjunction with automated detection systems to best stop losses.     Read full paper     Authors: Ponnurangam Kumaraguru,...

School of Phish: A Real-World Evaluation of Anti-Phishing Training

PhishGuru is a training system that helps users stop falling for phishing emails by sending them a training message when they click the URL of a simulated phishing email. The authors of this paper analysed PhishGuru training and found trained users retained knowledge for 28 days. Authors also found incorporating a second training message into training reduced the likelihood of a user giving away sensitive information, and that, perhaps surprisingly, training did not reduce the likelihood of a user clicking the link in a legitimate email.     Read full paper    ...

A taxonomy of behavior change techniques used in interventions.

Objective: Without standardized definitions of the techniques included in behavior change interventions, it is difficult to faithfully replicate effective interventions and challenging to identify techniques contributing to effectiveness across interventions. This research aimed to develop and test a theory-linked taxonomy of generally applicable behavior change techniques (BCTs). Design: Twenty-six BCTs were defined. Two psychologists used a 5-page coding manual to independently judge the presence or absence of each technique in published intervention descriptions and in intervention...

Analysis of end user security behaviors

From writing down a password on a sticky note to undertaking a Denial of Service attack using company computers, the research in this paper helps to categorise and differentiate between the different security-related behaviours of end users.     Read full paper     Authors: Jeffrey M. Stanton, Kathryn R. Stam, Paul Mastrangelo, Jeffrey...

The Economics of Information Security Investment

An article exploring the optimal amount of money to invest to protect information. This model looks at the extent to which a piece of information is vulnerable and the potential loss that would occur if it was breached, and notes that companies should spend a small fraction of the expected loss due to a security breach in order to protect the information.     Read full paper     Authors: Lawrence A. Gordon, Martin P....